How can we integrate IT security teams and the security solutions they use in a fast paced environment?
The need to respond to security attacks manually is daunting. With Red Hat® Ansible® Automation Platform you can automate and integrate different security solutions that can investigate and respond to threats across the enterprise in a coordinated, unified way using a curated collection of modules, roles and playbooks.
Collect logs across firewalls, intrusion detection systems (IDS) and other security systems programmatically, enabling on-demand enrichment of triage activities performed through security information and event management systems (SIEMs).
Automatically tune the level of logging, create new intrusion detection system (IDS) rules and new firewall policies facilitating the detection of more threats in less time.
Remediate faster-automating actions like blacklisting attacking IP addresses or domains, whitelisting non-threatening traffic or isolating suspicious workloads for further investigation.
Security encompasses a broad variety of products and services designed to protect individuals and organizations from the loss or damage to their data, applications, IT systems, networks and devices from malicious or unintended activities.
Firewalls control what traffic is allowed to traverse from one network to another, protecting line-of-business applications that are exposed to the internet or intranet. Ansible Automation can manipulate policies and log configuration, which speeds up investigation and remediation processes.
Intrusion detection & prevention systems (IDPS) monitor network traffic for suspicious activity and issue alerts and block attacks when a known attack pattern is discovered. Ansible Automation can simplify rule and log management, making security operations more efficient.
Security information and event management (SIEM) systems collect and analyze security events to help detect and respond to threats. Ansible Automation gives users programmatic access to a wide variety of data sources so security analysts can use as much data as possible to assess situations.
Privileged Access Management (PAM) tools monitor and manage privileged accounts and access, provide single sign-on (SSO) and supersede hardcoded password for service and applications. Ansible Automation streamlines the rotation and management of privileged credentials to automate the prevention and remediation of high-risk activities.
Endpoint Protection Platforms (EPP) detect, investigate and remediate malicious activities on endpoint devices, the most numerous and vulnerable elements of an IT infrastructure. Ansible Automation enables the integration of EPP tools into larger security processes providing event driven detection, quarantining and remediation.
Ansible Automation helps larger enterprises manage the automated aspects of security systems. With access to hundreds of modules that enable users to automate all aspects of IT environments and processes, Ansible can integrate many teams to more completely protect complex security perimeters—helping security teams work more collaboratively.
Chain workflows and playbooks for modular reusability
Security teams can configure a sequence of jobs that share inventory, playbooks, or permissions to fully automate investigations or remediations.
Support local directory services and access controls
Pairing user directory services with infrastructure allows security teams to centralize job access and execution, assign operation subsets to specific roles, and share tasks with other groups.
Consolidate and centralize logs
Integration with third-party external log aggregation services helps security teams identify trends, analyze infrastructure events, monitor anomalies, and correlate disparate events.
Integrate external apps using RESTful APIs
Security teams can use Red Hat Ansible Automation Platform to manage other enterprise applications—like security orchestration and automated response (SOAR) solutions.