S19-Orchestration and Automation Flashcards
(39 cards)
Infrastructure as Code (IaC)
Enables managing and provisioning of infrastructure through code instead of through man processes
Scripting
Lets the user perform a series of action in a particular order or sequence
Security Templates and Policies
Series of config files that are applied to the different devices being deployed
Orchestration
Process of arranging or coordinating the installation and configuration of multiple systems
Snowflake System
Any system that deviates from the standard config template used within the Organization’s IaC structure
What things should you consider when implementing an Automation & orchestration system?
- Complexity
- Cost
- Single points of failure
- Technical debt
- Ongoing supportability
Complexity
Assessing the complexity and resource commitment needed for a Process
Technical Debt
a trade-off between rapid delivery and long-term maintainability and quality.
How can you reduce/prevent technical debt?
Regularly review and update automation and orchestrations systems
When should you implement automation & Orchestration?
For repeatable, consistent and frequently used tasks
What are some of the main benefits of using automation & Orchestration?
- Increasing Efficiency and time savings
- Enforcing baselines
- Secure Scaling
- Increase Employee retention
- increase reaction times
- Workforce Multiplier
Playbook
A Checklist of actions to be performed to detect and respond to a specific type of incident
Security Orchestration, Automation, and Response (SOAR)
Security tools that facilitates incident response, threat hunting, and security configs without any human assistance
Runbook
An automated version of a playbook which leaves clearly defined interaction points for human analysis
Ransomware Playbook
Describes the people. processes and tools to be employed during a ransomware event
Data Exfiltration Playbook
Describes the specific and necessary tasks needed to stop or mitigate an ongoing data exfiltration
Phishing Playbook
Describes the Necessary responses to identify the phishing emails, the infected user accounts, and extent of the exploitation
What actions can Automation perform for updates and compliance?
- Regular Network Scans
- Verify software versions
- Auto update any outdated device software
- Testing
- System Monitoring
- Policy Enforcement
What are some Device monitoring tools?
- Chef
- Puppet
- DNA Center
- Ansible
Nmap (Network Mapper)
Conducts IP scans and port scans across the network, identifying the devices present
Integration
Process of combining different subsystems or components into one comprehensive system to ensure proper functioning together
Application Programming Interface (API)
set of rules and protocols used to build and integrate application software
Representational State Transfer (REST)
an architectural style for designing APIs that enable communication between different systems over the internet in a stateless manner. uses HTTP methods, Status codes, Uniform resource IDs, and MIME types.
- Straight forward usage
Simple Object Access Protocol (SOAP)
messaging protocol used for exchanging information between applications, especially in web services. used XML messages, typically communicated via HTTP, to send requests and responses.
- Higher security
