Automation & Orchestration

I am following Udemy Jason Dion’s course for Security +

Automation

Automatic execution of task without manual involvement

• Individual tasks

Orchestration

Coordination of automates tasks for a specific outcome or workflow

• Multiple automated tasks

SOAR

Security Orchestration, Automation and Response SOAR’s automation is primarily use to handle incident response. SOAR integrate with SIEM and creates a next-generation SIEM.

Playbook

Checklist of actions for specific incident responses

Runbook

Automated version of the Playbook with human interacting points

Discussions

1. When to Automate & Orchestrate
   • Complexity
   • Cost
   • Amount of single points of failures involved
   • Technical debt
   • Ongoing supportability
2. Benefits of Automation & Orchestrate
   • Efficient
   • Saving time by enforcing Baselines
   • Standardizing your infrastructure configuration
   • Scaling in more secure manner
   • Better employee retention
   • Faster reaction time
   • Workforce Multiplier
3. Automating support tickets
   • Create tickets
   • Perform minor actions
   • Escalate the tickets when required
4. Automate onboarding process
   • Provisioning user’s account
   • Provisioning new resources for the user
5. Automating Security
   • Setup guardrails : Automated safety controls to protect against insecure infrastructure configurations
     • Revoke permissions
     • Reconfigure components
     • Isolate infected workstation
   • Security groups : Act as a cloud-based server that control incoming and outgoing network traffic
   • Enable / Disable services and access
     • Role-Based Access Control (RBAC)
   • Modify user permissions
6. Automating Application development
   • CI/CD
7. Integration and APIs

To get in touch with me or for general discussion please visit ZeroDayMindset Discussion