Automation is a cybersecurity force multiplier for today’s complex networks
August 5, 2019 4:02 pm
4 min read
This content is provided by Red Hat
Hackers are getting ever more sophisticated with their attacks, while on the other side of the fence, the networks themselves are becoming even more expansive. Cloud computing, mobile devices and the Internet of Things all add countless endpoints and greater complexity. Today, breaches can start at nearly any point in the chain of communications, and they are becoming more common and more destructive. The biggest breaches of recent years, such as those of Yahoo, Equifax, Marriott, eBay and Adult Friend Finder, affected hundreds of millions of users.
Security strategies are shifting too. Industry and government organizations are now focusing on identity as the key to security, and moving their emphasis from perimeter firewalls toward zero trust models of authenticating devices and users on a regular, ongoing basis.
But because old school attacks don’t go away either, IT security teams also need to keep up with traditional cyber protections, such as the boring and often-overlooked patching of software vulnerabilities. In May, Baltimore’s city systems were crippled by a ransomware attack that forced servers offline for more than a month. The attack may have come as a surprise to city officials, but the ransomware, called RobbinHood, exploited a vulnerability for which Microsoft had issued a patch in March 2017, more than two years before the city’s data and applications were taken hostage.
Meanwhile, IT security budgets aren’t growing at the same rate, leaving security teams scrambling to cover the cyber waterfront by playing some version of whack-a-mole, or perhaps looking like Lucille Ball trying to wrap chocolates coming off an assembly line. The job has become too big for human teams to handle.
The answer for a lot of organizations is automation, which can take the load off of staff members while efficiently performing necessary, if sometimes monotonous, cybersecurity tasks. Open source software provider Red Hat offers Red Hat® Ansible® Automation, powerful automation technology for uniting an enterprise’s IT processes, including security, with minimal fuss.
Red Hat Ansible Engine coordinates an enterprise environment by automating tasks such as configuration management, provisioning, workflow orchestration, application deployment, and life-cycle management. Red Hat Ansible Tower, an IT automation engine, centralizes an Ansible infrastructure and provides control through features such as a visual dashboard, role-based access control, job scheduling, and graphical inventory management.
The technology is agentless, meaning it requires no changes to an organization’s servers or network in order to work; once installed, it’s ready to go. It’s also lightweight and highly scalable, said Christopher Grimm, a solutions architect for Red Hat. It can cover a range from one node to 15,000 nodes and more. It allows organizations to scale securely, adding efficiency and effectiveness without having to hire additional staff or purchase high-priced appliances.
Ansible Engine and Ansible Tower automates configuration management, for instance, centralizing control in a consistent, secure and easy-to-use process that gives administrators and other a low learning curve. It even uses simple data descriptions for configurations, so users can begin working without having to learn new terminology.
The inventory management feature works with all cloud and virtualization providers—including Amazon Web Services, Rackspace, OpenStack®, Google Compute Engine, Microsoft Azure and VMware—to ensure a comprehensive view of everything in an organization’s environment.
Among its other features, the dashboard provides automated displays of all the activity in the environment, while role-based access control allows organizations to clearly define permissions, so users or teams work only on the systems for which they’re authorized. It also automates workflows, including recovery from failures, and tracks systems to confirm that machines are in compliance and properly configured.
By centralizing its controls, Ansible Tower allows one person to manage multiple environments—whether separated geographically or by other criteria—from a central location, which also gives dispersed teams a central location to work together.
In addition to providing the tools, Red Hat, which was recently acquired by IBM for $34 billion, and Red Hat Services can also help organizations with the best techniques for adopting the technology.
Maintenance tasks and other routine procedures consume a lot of time, with IT teams often spending 80 percent of their days dealing with repetitive problems, Grimm said. Automation can take over those pedestrian jobs, freeing staff members to focus on new problems or solutions.
And not incidentally, automation can help them save a lot of money by shoring up their security postures, Grimm noted. Equifax, victim of the 2017 hack that exposed the personal data on 148 million people (more than half of all adult Americans), at last count had spent more than $1.4 billion on cleanup costs from the breach. By comparison, a ransomware attack like the one on Baltimore might seem like small potatoes, but even though the city refused to pay a ransom after it was attacked, it still spent $18 million recovering from it.
Automation isn’t a silver bullet that can neutralize the cybersecurity threat for every organization. But in the face of a shifting and increasingly menacing threat landscape, it can help ensure that their defenses are as strong as they can be.