Red Hat, Inc., a provider of open source solutions, has previewed new Ansible Automation integrations to help customers automate and orchestrate enterprise security solutions, further extending Red Hat’s leadership across the IT security landscape.
By automating security capabilities like enterprise firewalls, intrusion detection systems (IDS) and security information and event management (SIEM), organizations can better unify responses to cyberattacks through the coordination of multiple, disparate security solutions, helping these technologies to act as one in the face of an IT security event.
Automation is an important component of digital transformation, helping to drive efficiency, deliver value faster, and solve IT and business workflow challenges. Starting with networks, Red Hat has been driving Ansible Automation into IT domains beyond operations, enabling users to more easily automate more tasks in more ways, including security tasks. Beyond the intent to enable security solution automation, Red Hat also announced certified content to help improve the reliability, consistency and veracity of content.
As IT environments become more complex, so do the security events facing enterprise IT teams. To help organizations better assess risks, remediate issues and develop compliance workflows, Ansible security automation will offer new modules to integrate and orchestrate security tasks and processes. These capabilities are designed to enable IT security teams to innovate and implement better controls that can encompass security technologies that enterprises are using with Red Hat Ansible Automation.
Joe Fitzgerald, vice president, Management, Red Hat, said, “Since Red Hat acquired Ansible in 2015, we have been working to make the automated enterprise a reality by driving Ansible into new domains and expanding automation use cases. With the new Ansible security automation capabilities, we’re making it easier to manage one of enterprise IT’s most complex tasks: systems security. These new modules can help users take an automation-centric approach to IT security, integrating solutions that otherwise would not work together and helping to manage and orchestrate entire security operations with a single, familiar tool.”
Through Ansible security automation, security teams can better address multiple use cases, including:
Detection and triage of suspicious activities – Ansible can automatically configure logging across enterprise firewalls and IDS to enrich the alerts received by a SIEM solution for easier event triage; for example, enabling logging or increasing log verbosity.
Threat hunting – Ansible can automatically create new IDS rules to investigate the origin of a firewall rule violation and whitelist those IP addresses recognized as non-threats.
Incident response – Ansible can automatically validate a threat by verifying an IDS rule, trigger a remediation from the SIEM solution and create new enterprise firewall rules to blacklist the source of an attack.
As part of this preview, Red Hat’s Ansible security automation platform provides support for:
Availability
Support for automating enterprise security solutions in Ansible is currently in tech preview and is slated to be generally available via Ansible Galaxy in early 2019.
