The dramatic increase in cyberattacks like ransomware, zero day, and supply chain are fundamentally changing how we should be approaching cybersecurity. Targeted advanced persistent threats place high demands on security staff who have to remediate the effects of those threats. Imagine the number of events that are missed when the average security team typically examines less than 5% of the alerts they are receiving each day. It’s a tremendous task and one where automated toolsets can surely help. Driving automated threat prevention and security policy orchestration will be the key to protecting your organization from the expanding threat landscape.
Security Automation Decreases Risk and Increases efficiency
Security Automation and Orchestration (also known as SOAR) integrates tools, systems and applications, replacing manual incident response workflows with automation. When an incident occurs, automated tools can collect data about security threats from multiple sources without human assistance. Examples include checking an IP, URL or domain name against threat intelligence and reputation services to determine if the indicators appear to be malicious.
How Check Point and Ansible Automate Security Operations
Integrating through application programming interfaces (APIs) in Check Point, Ansible provides a framework for automating security response to threats. With Check Point, modules for Ansible processes can be codified into an automated workflow, performing data enrichment when an alert is first received, freeing SOC staff to concentrate on more critical tasks.
Check Point has a certified Ansible Content Collection of modules to help enable organizations to automate their response and remediation practices. Check Point Ansible security management modules have been downloaded over 100,000 times (see the Check Point Security Management Collection | https://galaxy.ansible.com/check_point/mgmt) and can be easily adopted to automate simple repetitive tasks that would normally take hours to complete when done manually by a user who is using a management UI.
There are two Ansible collections; one for managing the GAiA operating system used in Check Point firewalls and the other (more popular security management collection) for managing Check Point security. Creating hosts and network objects, managing security policy rules, viewing firewall security events and updating your security gateways from one version to another are just a few examples of what you can automate using the security management collection.