bsides delhi security automation for red and blue teams
TRANSCRIPT
Security Automation for Red and Blue Teams
BSidesDelhi 2017
#WHOAMI● Suraj Pratap● Sr SecOps Engineer in Zeotap GmbH● Bounty Hunter● Speaker at cocon, EuropeanSec● Write code in free time to automate
Security Automation for Red and Blue Teams
Outline
● LifeCycle of servers and application● What are the Areas in lifecycle which we automate● Maximum use of open source technology
ServersLifecycle
Image source: jumpcloud.com
Applicationlifecycle
Image:checkmarx.com
Why I automateSingle Human Resource
600+ servers
10+ application
Cloud Infra (AWS +GCP)
Compliance
Challenges
● Human capacity● Tool selection and fitment● Time ● Cost
What I automated
● Infrastructure security automation● Security Audit Automation ● Offensive security automation● Vulnerability Management Automation● SIEM
Infrastructure security automation
● Hardening automation based on CIS benchmarks
○ server hardening based on cis benchmarks.
○ container hardening based on cis benchmarks.
○ firewall hardening.
● Tool used ○ Ansible
○ cloudformation
Infrastructure security automation● Log management automation using open source tools
○ integration with logserver using open source tools
○ cloudtrails log management and integration with syslog server
● Tools
○ Rsyslog
○ s3sync
○ Ansible
○ ELK
Infrastructure security automation
● Agent management using open source tools
○ agents management automation
○ agents/ app armor/ automation
● Tools○ Ansible
○ Apprmor
Security Audit Automation ● Security audit automations using open source tools
● Report fetching automation
● Host based intrusion detection automation
● Cloud Security (AWS) audit automation
● Tools
○ Scout2
○ Prowler
○ OSSEC
○ Ansible
Offensive security automation
● Network scanning automation
○ vulnerability scanning and network discovery
● Application security scanning automation
○ vulnerability scanning
● Tools
○ OpenVas
○ Jenkins
○ Zap
Offensive security automation
● Source code review automation
○ static code analysis using open source tools
● Tools
○ Sonarqube
○ jenkins
Vulnerability Management Automation● Vulnerability management using open source tools
○ Dashboard for vulnerability management
○ Network and application security
● Integration with ticketing tools
○ integration with ticketing tools like jira and manage engine
● Tools
○ Dradis
○ Vulnreport.io
Security event monitoring
● Setting up SIEM tool
○ setup siem tools for cloud and on prim
○ integration with syslogs server and cloudtrails
● Automation of alert system
○ setting up basic rules for siem
○ setting security dashboard
○ setting alert system for security events/alarms
Security event monitoring
● Tools
○ Alienvault
○ ELK
QASent your questions
Email: [email protected]
Twitter: @surajraghuvansh
Github: https://github.com/surajraghuvanshi/