Action! Start putting automation into practice.

2021-06-07T19:46:24
ID RAPID7BLOG:552E9A6592F2AA3E98F9430884D7EA98
Type rapid7blog
Reporter Aaron Wells
Modified 2021-06-07T19:46:24

Description

Augmented reality

Action! Start putting automation into practice.

No, not that augmented reality. In our new blog series, we’ll talk about the challenges of leveraging automation and actually putting it into practice for your organization and business. We’ll discuss how it can augment a security organization’s workflow in so many ways when done properly. But for it to be done, it has to start. And that’s often the hardest part.

Because let’s be real: automation is a great conversation topic. Whether it’s casually discussing it around the conference table after a laborious meeting, over coffee, or excitedly extolling its benefits and virtues at an end-of-week happy hour, the concept of automation makes people happy. Why?

The many bennies

A multitude of benefits are available to an organization that implements automation in the way that works best for the business. These include, but are not limited to:

Discovery-time remediation|Procedural consistency|Always-on cloud compliance|Time savings

Imagine what can be gained by ensuring repeatable actions continuously run the same workflows; or if compliance audits could ultimately become obsolete. With these processes improving an organization’s overall security posture, teams can begin to shift focus to bigger-picture goals and projects.

A solid starting place

One of the simpler-to-understand notions in an automated remediation solution is notifications. With notifications, you’ll be, well, automatically notified of remediated events. A testing phase is important here, as you’ll want to ensure the system is alerting you about the types of resources or events you define.

Ask yourself which overall issues you’re looking to remediate. What would trigger an automated notification in that instance? Then go through some practice events, ensuring the results align with your team’s expectations. If everything checks out, go ahead and keep that notification type active so the system is logging any issues that may arise later. It’s also helpful to know when there might be a trend of something continuously going awry. Even though it’s being fixed autonomously and might not require your intervention, it’s still good to know when there’s a potentially troubling pattern that could point to a larger issue.

Within a DevSecOps organization, there might be a scenario where a Dynamic Application Security Testing (DAST) scan is performed on an application. A code vulnerability is found and automatically remediated. A security team member then receives an automated Slack notification that a change has been made. The security team is notified because that resource was defined in the planning phase. In that shift-left scenario, security is notified of the fact that changes are made, and from there can decide whether to inspect further.

Generally, the change wouldn’t be inspected at a granular level if it’s within the defined parameters of the project. But this can also turn into a tricky situation of too many automated alerts that become “noise.” Planning then becomes extremely important, so that alerts only go out for priority items that need security oversight during build.

Remember, automation is supposed to make things easier and save time for your team to do other important work. Or maybe go home—or log off—early every once in a while. With that, we’re ready for a deep-dive into the first of 4 Levels of Automated Remediation.

Level 1: Lock down fundamentals

Read now