BsidesDelhi Security Automation for Red and Blue Teams

1. Security Automation for Red
and Blue Teams
BSidesDelhi 2017

2. #WHOAMI
● Suraj Pratap
● Sr SecOps Engineer in Zeotap GmbH
● Bounty Hunter
● Speaker at cocon, EuropeanSec
● Write code in free time to automate

3. Security Automation for Red and Blue Teams

4. Outline
● LifeCycle of servers and application
● What are the Areas in lifecycle which we automate
● Maximum use of open source technology

5. Servers
Lifecycle
Image source: jumpcloud.com

6. Application
lifecycle
Image:checkmarx.com

7. Why I automate
Single Human Resource
600+ servers
10+ application
Cloud Infra (AWS +GCP)
Compliance

8. Challenges
● Human capacity
● Tool selection and fitment
● Time
● Cost

9. What I automated
● Infrastructure security automation
● Security Audit Automation
● Offensive security automation
● Vulnerability Management Automation
● SIEM

10. Infrastructure security automation
● Hardening automation based on CIS benchmarks
○ server hardening based on cis benchmarks.
○ container hardening based on cis benchmarks.
○ firewall hardening.
● Tool used
○ Ansible
○ cloudformation

11. Infrastructure security automation
● Log management automation using open source tools
○ integration with logserver using open source tools
○ cloudtrails log management and integration with syslog server
● Tools
○ Rsyslog
○ s3sync
○ Ansible
○ ELK

12. Infrastructure security automation
● Agent management using open source tools
○ agents management automation
○ agents/ app armor/ automation
● Tools
○ Ansible
○ Apprmor

13. Security Audit Automation
● Security audit automations using open source tools
● Report fetching automation
● Host based intrusion detection automation
● Cloud Security (AWS) audit automation
● Tools
○ Scout2
○ Prowler
○ OSSEC
○ Ansible

14. Offensive security automation
● Network scanning automation
○ vulnerability scanning and network discovery
● Application security scanning automation
○ vulnerability scanning
● Tools
○ OpenVas
○ Jenkins
○ Zap

15. Offensive security automation
● Source code review automation
○ static code analysis using open source tools
● Tools
○ Sonarqube
○ jenkins

17. Vulnerability Management Automation
● Vulnerability management using open source tools
○ Dashboard for vulnerability management
○ Network and application security
● Integration with ticketing tools
○ integration with ticketing tools like jira and manage engine
● Tools
○ Dradis
○ Vulnreport.io

20. Security event monitoring
● Setting up SIEM tool
○ setup siem tools for cloud and on prim
○ integration with syslogs server and cloudtrails
● Automation of alert system
○ setting up basic rules for siem
○ setting security dashboard
○ setting alert system for security events/alarms

24. Security event monitoring
● Tools
○ Alienvault
○ ELK

25. QA
Sent your questions
Email: surajraghuvanshi@gmail.com
Twitter: @surajraghuvansh
Github: https://github.com/surajraghuvanshi/