Security Automation for Red and Blue Teams

BSidesDelhi 2017

#WHOAMI● Suraj Pratap● Sr SecOps Engineer in Zeotap GmbH● Bounty Hunter● Speaker at cocon, EuropeanSec● Write code in free time to automate

Security Automation for Red and Blue Teams

Outline

● LifeCycle of servers and application● What are the Areas in lifecycle which we automate● Maximum use of open source technology

ServersLifecycle

Image source: jumpcloud.com

Applicationlifecycle

Image:checkmarx.com

Why I automateSingle Human Resource

600+ servers

10+ application

Cloud Infra (AWS +GCP)

Compliance

Challenges

● Human capacity● Tool selection and fitment● Time ● Cost

What I automated

● Infrastructure security automation● Security Audit Automation ● Offensive security automation● Vulnerability Management Automation● SIEM

Infrastructure security automation

● Hardening automation based on CIS benchmarks

○ server hardening based on cis benchmarks.

○ container hardening based on cis benchmarks.

○ firewall hardening.

● Tool used ○ Ansible

○ cloudformation

Infrastructure security automation● Log management automation using open source tools

○ integration with logserver using open source tools

○ cloudtrails log management and integration with syslog server

● Tools

○ Rsyslog

○ s3sync

○ Ansible

○ ELK

Infrastructure security automation

● Agent management using open source tools

○ agents management automation

○ agents/ app armor/ automation

● Tools○ Ansible

○ Apprmor

Security Audit Automation ● Security audit automations using open source tools

● Report fetching automation

● Host based intrusion detection automation

● Cloud Security (AWS) audit automation

● Tools

○ Scout2

○ Prowler

○ OSSEC

○ Ansible

Offensive security automation

● Network scanning automation

○ vulnerability scanning and network discovery

● Application security scanning automation

○ vulnerability scanning

● Tools

○ OpenVas

○ Jenkins

○ Zap

Offensive security automation

● Source code review automation

○ static code analysis using open source tools

● Tools

○ Sonarqube

○ jenkins

Vulnerability Management Automation● Vulnerability management using open source tools

○ Dashboard for vulnerability management

○ Network and application security

● Integration with ticketing tools

○ integration with ticketing tools like jira and manage engine

● Tools

○ Dradis

○ Vulnreport.io

Security event monitoring

● Setting up SIEM tool

○ setup siem tools for cloud and on prim

○ integration with syslogs server and cloudtrails

● Automation of alert system

○ setting up basic rules for siem

○ setting security dashboard

○ setting alert system for security events/alarms

Security event monitoring

● Tools

○ Alienvault

○ ELK

QASent your questions

Email: surajraghuvanshi@gmail.com

Twitter: @surajraghuvansh

Github: https://github.com/surajraghuvanshi/