Post

Automation & Orchestration

Automation & Orchestration

I am following Udemy Jason Dion’s course for Security +

Automation

Automatic execution of task without manual involvement

  • Individual tasks

Orchestration

Coordination of automates tasks for a specific outcome or workflow

  • Multiple automated tasks

SOAR

Security Orchestration, Automation and Response SOAR’s automation is primarily use to handle incident response. SOAR integrate with SIEM and creates a next-generation SIEM.

Playbook

Checklist of actions for specific incident responses

Runbook

Automated version of the Playbook with human interacting points

Discussions

  1. When to Automate & Orchestrate
    • Complexity
    • Cost
    • Amount of single points of failures involved
    • Technical debt
    • Ongoing supportability
  2. Benefits of Automation & Orchestrate
    • Efficient
    • Saving time by enforcing Baselines
    • Standardizing your infrastructure configuration
    • Scaling in more secure manner
    • Better employee retention
    • Faster reaction time
    • Workforce Multiplier
  3. Automating support tickets
    • Create tickets
    • Perform minor actions
    • Escalate the tickets when required
  4. Automate onboarding process
    • Provisioning user’s account
    • Provisioning new resources for the user
  5. Automating Security
    • Setup guardrails : Automated safety controls to protect against insecure infrastructure configurations
      • Revoke permissions
      • Reconfigure components
      • Isolate infected workstation
    • Security groups : Act as a cloud-based server that control incoming and outgoing network traffic
    • Enable / Disable services and access
      • Role-Based Access Control (RBAC)
    • Modify user permissions
  6. Automating Application development
    • CI/CD
  7. Integration and APIs

To get in touch with me or for general discussion please visit ZeroDayMindset Discussion

This post is licensed under CC BY 4.0 by the author.