Red Hat previewed new Ansible Automation integrations to help customers automate and orchestrate enterprise security solutions.
By automating security capabilities like enterprise firewalls, intrusion detection systems (IDS) and security information and event management (SIEM), organizations can unify responses to cyberattacks through the coordination of multiple, disparate security solutions, helping these technologies to act as one in the face of an IT security event.
Automation is an important component of digital transformation, helping to drive efficiency, deliver value faster, and solve IT and business workflow challenges.
Starting with networks, Red Hat has been driving Ansible Automation into IT domains beyond operations, enabling users to automate more tasks in more ways, including security tasks.
Beyond the intent to enable security solution automation, Red Hat also announced certified content to help improve the reliability, consistency and veracity of content.
As IT environments become more complex, so do the security events facing enterprise IT teams. To help organizations better assess risks, remediate issues and develop compliance workflows, Ansible security automation will offer new modules to integrate and orchestrate security tasks and processes.
These capabilities are designed to enable IT security teams to innovate and implement better controls that can encompass security technologies that enterprises are using with Red Hat Ansible Automation.
According to Gartner, “Security teams are suffering from staff shortages, an increase in the volume of alerts and threats, and the ever-present need to do more with less. Existing tools, such as firewalls, endpoint protection platforms (EPPs), security information and event management (SIEM), secure web gateways (SWGs) and identity proofing services (IDPSs), have not been improving the breadth and depth of their APIs. This hinders security teams from getting their tools working in concert with each other to solve problems. The “tool silo” problem is still the norm for most security teams. Threat intelligence (TI) has matured significantly and is now a front-and-center requirement to improve the context security practitioners need. It is also making many tools and processes smarter and more efficient.”
Through Ansible security automation, security teams can better address multiple use cases, including:
- Detection and triage of suspicious activities – Ansible can configure logging across enterprise firewalls and IDS to enrich the alerts received by a SIEM solution for event triage; for example, enabling logging or increasing log verbosity.
- Threat hunting – Ansible can create new IDS rules to investigate the origin of a firewall rule violation and whitelist those IP addresses recognized as non-threats.
- Incident response – Ansible can validate a threat by verifying an IDS rule, trigger a remediation from the SIEM solution and create new enterprise firewall rules to blacklist the source of an attack.
As part of this preview, Red Hat’s Ansible security automation platform provides support for:
- Check Point – Next Generation Firewall (NGFW);
- Splunk – Splunk Enterprise Security (ES);
Support for automating enterprise security solutions in Ansible is currently in tech preview and is slated to be generally available via Ansible Galaxy in early 2019.
“Since Red Hat acquired Ansible in 2015, we have been working to make the automated enterprise a reality by driving Ansible into new domains and expanding automation use cases. With the new Ansible security automation capabilities, we’re making it easier to manage one of enterprise IT’s most complex tasks: systems security. These new modules can help users take an automation-centric approach to IT security, integrating solutions that otherwise would not work together and helping to manage and orchestrate entire security operations with a single, familiar tool.”, said Joe Fitzgerald, vice president, Management, Red Hat.