The dramatic increase in cyberattacks like ransomware, zero day, and supply chain are fundamentally changing how we should be approaching cybersecurity. Targeted advanced persistent threats place high demands on security staff who have to remediate the effects of those threats. Imagine the number of events that are missed when the average security team typically examines less than 5% of the alerts they are receiving each day. It’s a tremendous task and one where automated toolsets can surely help. Driving automated threat prevention and security policy orchestration will be the key to protecting your organization from the expanding threat landscape.
Security Automation Decreases Risk and Increases efficiency
Security Automation and Orchestration (also known as SOAR) integrates tools, systems and applications, replacing manual incident response workflows with automation. When an incident occurs, automated tools can collect data about security threats from multiple sources without human assistance. Examples include checking an IP, URL or domain name against threat intelligence and reputation services to determine if the indicators appear to be malicious.
How Check Point and Ansible Automate Security Operations
Integrating through application programming interfaces (APIs) in Check Point, Ansible provides a framework for automating security response to threats. With Check Point, modules for Ansible processes can be codified into an automated workflow, performing data enrichment when an alert is first received, freeing SOC staff to concentrate on more critical tasks.
Check Point has a certified Ansible Content Collection of modules to help enable organizations to automate their response and remediation practices. Check Point Ansible security management modules have been downloaded over 100,000 times (see the Check Point Security Management Collection | https://galaxy.ansible.com/check_point/mgmt) and can be easily adopted to automate simple repetitive tasks that would normally take hours to complete when done manually by a user who is using a management UI.
There are two Ansible collections; one for managing the GAiA operating system used in Check Point firewalls and the other (more popular security management collection) for managing Check Point security. Creating hosts and network objects, managing security policy rules, viewing firewall security events and updating your security gateways from one version to another are just a few examples of what you can automate using the security management collection.
Join Check Point and Ansible at AnsibleFest 2021
Join us at AnsibleFest 2021 free virtual event through our session and virtual booth. We’d love to have some great discussions with you around some of the topics that will be shared throughout the conference sessions including the Check Point session:
- How Automated Security and AI Drive Digital Transformation – Maya Levine, Technical Marketing Engineer – Cloud Security, Check Point Software Technologies
Check Point @ Red Hat AnsibleFest 2021
While you’re browsing our sponsor page you can watch demo videos, download content and enter our raffle prize draw for a chance to win exciting prizes! Be sure not to miss our speaking session “How Automated Security and AI Drive Digital Transformation. Our booth staff are available to chat with you during the event so please reach out and chat with us, we’d love to hear from you!
Check out this year’s agenda for AnsibleFest 2021! AnsibleFest content will be available on-demand across time zones throughout the event, so whether you’re located in the US, EMEA or APJ you are welcome to visit our sponsor page and view our session on-demand.
While you wait for AnsibleFest 2021 to start, here are a few resources that we’ve handpicked for you to check out:
Ansible Blog: Getting started with Ansible and Check Point | https://www.ansible.com/blog/getting-started-with-ansible-and-check-point
CheckMates Community Ansible Page | https://community.checkpoint.com/t5/Ansible/bd-p/ansible
R80.40 Automation and Orchestration (Ansible and more) | https://community.checkpoint.com/t5/How-To-Videos/R80-40-Automation-and-Orchestration-Ansible-Terraform-and-more/td-p/75855
AnsibleFest 2020 On-demand Sessions and Content
If you’re a developer or are already using Ansible, but new to Check Point check out the AnsibleFest 2020 demo use cases on Github and watch the 2020 on-demand presentation by Jim Oqvist. The video is available on-demand until October 2021 on the AsibleFest platform after registering.