Security Automation and Orchestration with Check Point and Ansible

Targeted advanced persistent threats place high demands on security staff who have to remediate the effects of those threats. While researching this piece I watched Massimo Ferrari’s recorded presentation on the Red Hat EMEA YouTube channel. It was an eye opener. Imagine the number of events that are missed when the average security team typically examines less than 5% of the alerts flowing into them every day.

It’s a tremendous task and one where automated toolsets can surely help. Security Automation and Orchestration (also known as SOAR) integrates tools, systems and applications, replacing manual incident response workflows with automation. When an incident occurs, automated tools can collect data about security threats from multiple sources without human assistance. Examples include checking an IP, URL or domain name against threat intelligence and reputation services to determine if the indicators appear to be malicious.

Integrating through application programming interfaces (APIs) in Check Point, Ansible provides a framework for automating security response to threats. With Check Point, modules for Ansible processes can be codified into an automated workflow, performing data enrichment when an alert is first received, freeing SOC staff to concentrate on more critical tasks.

Automating response to security incidents is one example use case that will be demonstrated at AnsibleFest Atlanta, September 24-26. In a second session attendees will learn how new Check Point Ansible network modules can be used to automate the deployment and maintenance of both physical and virtualized next-generation firewalls. Read on to learn more.

Drive Security Orchestration and Automation with New Ansible Capabilities

At AnsibleFest 2018 Red Hat announced the automation of security capabilities like enterprise firewalls, intrusion detection systems (IDS) and security information and event management (SIEM) to enable organizations to better unify responses to cyberattacks.

As IT environments become more complex, so do the security events facing enterprise IT teams. To help organizations better assess risks, remediate issues and develop compliance workflows, Ansible security automation offered new modules to integrate and orchestrate security tasks and processes.

This year at AnsibleFest Atlanta, September 24-26 attend a workshop by Adam Miller, Roland Wolters and Daniel Melado of Red Hat to see this in action. The workshop will show, step by step, how you can use Ansible to orchestrate three investigation and response activities involving multiple security tools.

  • Check Point Next Generation Firewall
  • Snort IDS
  • Splunk Enterprise Security (SIEM)

The workshop will tie the 3 technologies together to show 3 use cases.

  • Use case 1: Detection and triage of suspicious activities
  • Use case 2: Threat hunting
  • Use case 3: Incident response

Cybersecurity Automation and Prevention with Check Point and Ansible

Also at AnsibleFest Atlanta please join Amiad Stern from Check Point. Amiad has been with Check Point for over 9 years and currently is Team Leader of the Management APIs group in Check Point Research and Development. Amiad will present a set of security automation use cases using new Check Point Ansible security modules that will be available for Ansible 2.9.

The Check Point Ansible integration will enable customers to embrace the DevOps model to accelerate application deployment and achieve high service uptimes with operational efficiency. Amiad will show how customers will be able to download Check Point Ansible network modules to start automating common infrastructure security tasks.

The Check Point Ansible network modules fit tightly into the DevOps lifecycle Continuous Integration/Continuous Deployment lifecycle. These are just a couple of use cases.

Use Case 1

Automate the process of installing software updates using Ansible and Management APIs.

Use Case 2

Provision and configure cloud IaaS using Ansible; create a Virtual Private Cloud, install a Web Server and configure the Check Point gateway policy in 1 playbook.

Red Hat and Ansible, are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries.