Security In Automation

Transcript

1. Security in Automation

2. So Before We Begin….

3. Not a Evil Person Who Says No

4. Not a person who fights issue by issue.

5. Person Jamesha Fisher • Security Operations Engineer at GitHub •

   Love Automation, Ops and Security • Aspires to be Garnet, a badass character from Steven Universe (though I fail with my version of future vision)

6. Jamesha Fisher • Security Operations Engineer at GitHub • Love

   Automation, Ops and Security • Aspires to be Garnet, a badass character from Steven Universe (though I fail with my version of future vision)

7. Person What we’re gonna talk about: • Why Security Automation?

   • What is Security Automation? • Starting Small • What is Security Automation? Part II • Starting from Scratch

8. Why Security in Automation?

9. Roll Back a Few Years...

10. None
11. None
12. None

13. What is Security Automation?

14. Automation: “the technique of making an apparatus, a process, or

    a system operate automatically”

15. My definition of Security Automation: “the technique of making a

    security apparatus, process, or system operate automatically”

16. But How?

17. Starting Small

18. Go with manual processes that we have in place.

19. None
20. None

21. Story Time: Starting Small

22. None
23. None
24. None
25. None
26. None

27. What Boardboat Does • Listens for Command to Onboard or

    Offboard • After some checks, Duo Authentication Request is made (which must be confirmed on caller’s phone) before command execution continues. • For Offboarding, command disables/removes access for a set of users leaving the company. • Results of this are written to a log that’s linked, and the link is returned to the slack channel when the command is finished.
28. None
29. None

30. What Aegis Does • Listens for Command to Change Secret

    (if prod, requires Duo flag for Auth) • After perm checks, Duo Authentication Request is made (which must be confirmed on caller’s phone) before command execution continues. • Certificate is renewed via calls to Certificate Vendor’s API, and committed to a data repo with a pull request. • Pull request link is returned to slack channel for review.

31. Mocked Chat of Changing Secrets with Aegis bot

32. What is Security Automation? Part II

33. What about Security Automation from Scratch?

34. Cause you said: “Security automation is the technique of making

    a security apparatus, process, or system operate automatically”
35. None
36. None

37. Starting from Scratch

38. None

39. Now we could go off of security standards, and reinvent

    the wheel.

40. I also don’t think going Dev way all the way

    is going to be helpful either.
41. None

42. Security Automation: “the technique of making security from a known

    apparatus, process, or system operate automatically”

43. Story Time: Starting From Scratch

44. None

45. Patch Management

46. Phase 1: Think about the process Security Uses

47. Phase 2: Think about your Devs

48. None
49. None

50. What Bino Does • Listens for Commands to Scan IP

    • Does Checks & Duo Auth (same as the others) • Post checks, Bino makes an API call to scan the specified IP, then an API call for the results if the scan succeeds • Bino then calls to generate report and returns the url for review and triage.
51. None
52. None
53. None

54. In Conclusion..

55. • Security Automation is the technique of making security from

    known apparatus, process, or system operate automatically. • Start Small with what exists: ◦ User Management ◦ Quickly Changing (or Rolling) Secrets • Security from Scratch requires: ◦ A Collaboration of Security and Company ◦ Input, Iteration (aka Change) Things to Keep in Mind This is the slide to photograph….

56. Thank You! Jamesha Fisher Twitter/LinkedIn: jamfish728 Mail: [email protected]