Automation & Orchestration
Automation & Orchestration
I am following Udemy Jason Dion’s course for Security +
Automation
Automatic execution of task without manual involvement
- Individual tasks
Orchestration
Coordination of automates tasks for a specific outcome or workflow
- Multiple automated tasks
SOAR
Security Orchestration, Automation and Response SOAR’s automation is primarily use to handle incident response. SOAR integrate with SIEM and creates a next-generation SIEM.
Playbook
Checklist of actions for specific incident responses
Runbook
Automated version of the Playbook
with human interacting points
Discussions
- When to Automate & Orchestrate
- Complexity
- Cost
- Amount of single points of failures involved
- Technical debt
- Ongoing supportability
- Benefits of Automation & Orchestrate
- Efficient
- Saving time by enforcing Baselines
- Standardizing your infrastructure configuration
- Scaling in more secure manner
- Better employee retention
- Faster reaction time
- Workforce Multiplier
- Automating support tickets
- Create tickets
- Perform minor actions
- Escalate the tickets when required
- Automate onboarding process
- Provisioning user’s account
- Provisioning new resources for the user
- Automating Security
- Setup guardrails : Automated safety controls to protect against insecure infrastructure configurations
- Revoke permissions
- Reconfigure components
- Isolate infected workstation
- Security groups : Act as a cloud-based server that control incoming and outgoing network traffic
- Enable / Disable services and access
- Role-Based Access Control (RBAC)
- Modify user permissions
- Setup guardrails : Automated safety controls to protect against insecure infrastructure configurations
- Automating Application development
- CI/CD
- Integration and APIs
To get in touch with me or for general discussion please visit ZeroDayMindset Discussion
This post is licensed under CC BY 4.0 by the author.