Bsides Delhi Security Automation for Red and Blue Teams

Information about Bsides Delhi Security Automation for Red and Blue Teams

Published on October 29, 2017

Author: surajraghuvanshi

Source: slideshare.net

Content

1. Security Automation for Red and Blue Teams BSidesDelhi 2017

2. #WHOAMI ● Suraj Pratap ● Sr SecOps Engineer in Zeotap GmbH ● Bounty Hunter ● Speaker at cocon, EuropeanSec ● Write code in free time to automate

3. Security Automation for Red and Blue Teams

4. Outline ● LifeCycle of servers and application ● What are the Areas in lifecycle which we automate ● Maximum use of open source technology

5. Servers Lifecycle Image source: jumpcloud.com

6. Application lifecycle Image:checkmarx.com

7. Why I automate Single Human Resource 600+ servers 10+ application Cloud Infra (AWS +GCP) Compliance

8. Challenges ● Human capacity ● Tool selection and fitment ● Time ● Cost

9. What I automated ● Infrastructure security automation ● Security Audit Automation ● Offensive security automation ● Vulnerability Management Automation ● SIEM

10. Infrastructure security automation ● Hardening automation based on CIS benchmarks ○ server hardening based on cis benchmarks. ○ container hardening based on cis benchmarks. ○ firewall hardening. ● Tool used ○ Ansible ○ cloudformation

11. Infrastructure security automation ● Log management automation using open source tools ○ integration with logserver using open source tools ○ cloudtrails log management and integration with syslog server ● Tools ○ Rsyslog ○ s3sync ○ Ansible ○ ELK

12. Infrastructure security automation ● Agent management using open source tools ○ agents management automation ○ agents/ app armor/ automation ● Tools ○ Ansible ○ Apprmor

13. Security Audit Automation ● Security audit automations using open source tools ● Report fetching automation ● Host based intrusion detection automation ● Cloud Security (AWS) audit automation ● Tools ○ Scout2 ○ Prowler ○ OSSEC ○ Ansible

14. Offensive security automation ● Network scanning automation ○ vulnerability scanning and network discovery ● Application security scanning automation ○ vulnerability scanning ● Tools ○ OpenVas ○ Jenkins ○ Zap

15. Offensive security automation ● Source code review automation ○ static code analysis using open source tools ● Tools ○ Sonarqube ○ jenkins

16. Vulnerability Management Automation ● Vulnerability management using open source tools ○ Dashboard for vulnerability management ○ Network and application security ● Integration with ticketing tools ○ integration with ticketing tools like jira and manage engine ● Tools ○ Dradis ○ Vulnreport.io

17. Security event monitoring ● Setting up SIEM tool ○ setup siem tools for cloud and on prim ○ integration with syslogs server and cloudtrails ● Automation of alert system ○ setting up basic rules for siem ○ setting security dashboard ○ setting alert system for security events/alarms

18. Security event monitoring ● Tools ○ Alienvault ○ ELK

19. QA Sent your questions Email: [email protected] Twitter: @surajraghuvansh Github: https://github.com/surajraghuvanshi/

#whoami presentations

Zer 0 no zer(0 day)   dragon jar
25. 09. 2020
0 views

Zer 0 no zer(0 day) dragon jar

Related presentations


Other presentations created by surajraghuvanshi