Suraj Pratap, profile picture
Uploaded bySuraj Pratap
PDF, PPTX1,016 views

Bsides Delhi Security Automation for Red and Blue Teams

Suraj Pratap discusses security automation for red and blue teams. He outlines how he automates the server and application lifecycles using open source tools to address challenges around human capacity, tool selection, time, and cost when managing 600+ servers and 10+ applications across cloud infrastructures. Some areas he has automated include infrastructure security using Ansible and CloudFormation, security auditing using Scout2 and Prowler, offensive security tests using OpenVAS and Jenkins, vulnerability management with Dradis and Vulnreport.io, and security information and event monitoring with Alienvault and ELK.

Embed presentation

Download as PDF, PPTX
Security Automation for Red and Blue Teams BSidesDelhi 2017
#WHOAMI ● Suraj Pratap ● Sr SecOps Engineer in Zeotap GmbH ● Bounty Hunter ● Speaker at cocon, EuropeanSec ● Write code in free time to automate
Security Automation for Red and Blue Teams
Outline ● LifeCycle of servers and application ● What are the Areas in lifecycle which we automate ● Maximum use of open source technology
Servers Lifecycle Image source: jumpcloud.com
Application lifecycle Image:checkmarx.com
Why I automate Single Human Resource 600+ servers 10+ application Cloud Infra (AWS +GCP) Compliance
Challenges ● Human capacity ● Tool selection and fitment ● Time ● Cost
What I automated ● Infrastructure security automation ● Security Audit Automation ● Offensive security automation ● Vulnerability Management Automation ● SIEM
Infrastructure security automation ● Hardening automation based on CIS benchmarks ○ server hardening based on cis benchmarks. ○ container hardening based on cis benchmarks. ○ firewall hardening. ● Tool used ○ Ansible ○ cloudformation
Infrastructure security automation ● Log management automation using open source tools ○ integration with logserver using open source tools ○ cloudtrails log management and integration with syslog server ● Tools ○ Rsyslog ○ s3sync ○ Ansible ○ ELK
Infrastructure security automation ● Agent management using open source tools ○ agents management automation ○ agents/ app armor/ automation ● Tools ○ Ansible ○ Apprmor
Security Audit Automation ● Security audit automations using open source tools ● Report fetching automation ● Host based intrusion detection automation ● Cloud Security (AWS) audit automation ● Tools ○ Scout2 ○ Prowler ○ OSSEC ○ Ansible
Offensive security automation ● Network scanning automation ○ vulnerability scanning and network discovery ● Application security scanning automation ○ vulnerability scanning ● Tools ○ OpenVas ○ Jenkins ○ Zap
Offensive security automation ● Source code review automation ○ static code analysis using open source tools ● Tools ○ Sonarqube ○ jenkins
Vulnerability Management Automation ● Vulnerability management using open source tools ○ Dashboard for vulnerability management ○ Network and application security ● Integration with ticketing tools ○ integration with ticketing tools like jira and manage engine ● Tools ○ Dradis ○ Vulnreport.io
Security event monitoring ● Setting up SIEM tool ○ setup siem tools for cloud and on prim ○ integration with syslogs server and cloudtrails ● Automation of alert system ○ setting up basic rules for siem ○ setting security dashboard ○ setting alert system for security events/alarms
Security event monitoring ● Tools ○ Alienvault ○ ELK
QA Sent your questions Email: surajraghuvanshi@gmail.com Twitter: @surajraghuvansh Github: https://github.com/surajraghuvanshi/

More Related Content

PDF
OSMC 2018 | Integrating Check_MK agent into Thruk – Windows monitoring made e...
byNETWAYS
 
PDF
DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
byColin Estep
 
PDF
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
byTom Paseka
 
PPTX
NodeTime Tool Review
bygs289509
 
PPTX
Reduce IT Spend with Software Load Balancing
byNGINX, Inc.
 
PDF
OSMC 2018 | SLA Monitoring mit Icinga & Prometheus by Moritz Tanzer
byNETWAYS
 
PPTX
Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...
byNagios
 
ODP
Nagios Conference 2013 - Nick Scott - Nagios Network Analyzer
byNagios
 
OSMC 2018 | Integrating Check_MK agent into Thruk – Windows monitoring made e...
byNETWAYS
 
DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
byColin Estep
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
byTom Paseka
 
NodeTime Tool Review
bygs289509
 
Reduce IT Spend with Software Load Balancing
byNGINX, Inc.
 
OSMC 2018 | SLA Monitoring mit Icinga & Prometheus by Moritz Tanzer
byNETWAYS
 
Nagios Conference 2014 - Paloma Galan - Monitoring Financial Protocols With N...
byNagios
 
Nagios Conference 2013 - Nick Scott - Nagios Network Analyzer
byNagios
 

What's hot

PPTX
Monitor all the cloud things - security monitoring for everyone
byDuncan Godfrey
 
PDF
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
byNGINX, Inc.
 
PPTX
3 Ways to Automate App Deployments with NGINX
byNGINX, Inc.
 
PPTX
Secure Your Apps with NGINX Plus and the ModSecurity WAF
byNGINX, Inc.
 
PDF
The New Edge of the Network
byTom Paseka
 
PDF
Introducing TiDB @ SF DevOps Meetup
byKevin Xu
 
PDF
Grafana introduction
byRico Chen
 
PDF
Fall in Love with Graphs and Metrics using Grafana
bytorkelo
 
PPTX
re:Invent re:Peat
bySteve Houël
 
PDF
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
byNGINX, Inc.
 
PDF
OSMC 2017 | Current State of Icinga by Erk Bernd
byNETWAYS
 
PPTX
Monitor your Client-Side with AWS, Containers, and New Relic
byNew Relic
 
PDF
Scaling Infrastructure at Picnic
bybusrakoken
 
PPTX
ChronoLogic ERC20 Transfers 4/17/18
byChronoLogic
 
PDF
Kafka practical experience
byRico Chen
 
Monitor all the cloud things - security monitoring for everyone
byDuncan Godfrey
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
byNGINX, Inc.
 
3 Ways to Automate App Deployments with NGINX
byNGINX, Inc.
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
byNGINX, Inc.
 
The New Edge of the Network
byTom Paseka
 
Introducing TiDB @ SF DevOps Meetup
byKevin Xu
 
Grafana introduction
byRico Chen
 
Fall in Love with Graphs and Metrics using Grafana
bytorkelo
 
re:Invent re:Peat
bySteve Houël
 
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
byNGINX, Inc.
 
OSMC 2017 | Current State of Icinga by Erk Bernd
byNETWAYS
 
Monitor your Client-Side with AWS, Containers, and New Relic
byNew Relic
 
Scaling Infrastructure at Picnic
bybusrakoken
 
ChronoLogic ERC20 Transfers 4/17/18
byChronoLogic
 
Kafka practical experience
byRico Chen
 

Viewers also liked

PDF
Aws security with HIDS using Ossec
byGaurav Harsola
 
PDF
Powerupcloud - Corporate Deck
byJonathyan Maas ☁
 
PPTX
Microsoft Microservices
byChase Aucoin
 
PPTX
Lessons Learned from Migration of a Large-analytics Platform from MPP Databas...
byDataWorks Summit
 
PPTX
One Click Deploys using Rundeck
bySai Kothapalle
 
PDF
Powerupcloud - Customer Case Studies
byJonathyan Maas ☁
 
PDF
Elegant Ways of Handling PHP Errors and Exceptions
byZendCon
 
PDF
Book of Fauna and Flora
bymoisesrodriguezmateo
 
PPTX
Tic’s y enfermería
byValentina Arboleda
 
PPTX
Santo Rosario Completo
byalejisslideshare
 
PDF
How to Keep Students Motivated During Winter
byRobert Peters, Ed.D
 
PDF
Amazon Military Talent Program
bybrianraymonddolan
 
PDF
Fluentd at HKOScon
byN Masahiro
 
PPT
Wapenrusting
bylukaonline
 
PDF
Comparison: VNS3 and Openswan
byCohesive Networks
 
PDF
Smart Factory Technology Road Mapping Initiative_The Intent of Things and Ana...
byPaul Fechtelkotter
 
PDF
vodQA Pune - Innovations in Testing - Agenda
byvodQA
 
PPT
Database2011 MySQL Sharding
byMoshe Kaplan
 
KEY
Zero to Hero: Getting started with DVCS
byAtlassian
 
PDF
Say no to var_dump
bybenwaine
 
Aws security with HIDS using Ossec
byGaurav Harsola
 
Powerupcloud - Corporate Deck
byJonathyan Maas ☁
 
Microsoft Microservices
byChase Aucoin
 
Lessons Learned from Migration of a Large-analytics Platform from MPP Databas...
byDataWorks Summit
 
One Click Deploys using Rundeck
bySai Kothapalle
 
Powerupcloud - Customer Case Studies
byJonathyan Maas ☁
 
Elegant Ways of Handling PHP Errors and Exceptions
byZendCon
 
Book of Fauna and Flora
bymoisesrodriguezmateo
 
Tic’s y enfermería
byValentina Arboleda
 
Santo Rosario Completo
byalejisslideshare
 
How to Keep Students Motivated During Winter
byRobert Peters, Ed.D
 
Amazon Military Talent Program
bybrianraymonddolan
 
Fluentd at HKOScon
byN Masahiro
 
Wapenrusting
bylukaonline
 
Comparison: VNS3 and Openswan
byCohesive Networks
 
Smart Factory Technology Road Mapping Initiative_The Intent of Things and Ana...
byPaul Fechtelkotter
 
vodQA Pune - Innovations in Testing - Agenda
byvodQA
 
Database2011 MySQL Sharding
byMoshe Kaplan
 
Zero to Hero: Getting started with DVCS
byAtlassian
 
Say no to var_dump
bybenwaine
 

Similar to Bsides Delhi Security Automation for Red and Blue Teams

PPTX
Cloud Application Security: Lessons Learned
byJason Chan
 
PDF
we45 DEFCON Workshop - Building AppSec Automation with Python
byAbhay Bhargav
 
PDF
Security Automation - Python - Introduction
bySanthosh Baswa
 
PPTX
Slides zum Impulsreferat: HCL BigFix - DNUG Stammtisch Karlsruhe
byDNUG e.V.
 
PDF
HCL BigFix - DNUG Stammtisch Salzburg
byDNUG e.V.
 
PPTX
5 Clear Signs You Need Security Policy Automation
byTufin
 
PDF
Servers compliance: audit, remediation, proof
byRUDDER
 
PDF
HCL BigFix - The Endpoint Management Platform - DNUG Stammtisch Hamburg.pdf
byDNUG e.V.
 
PPTX
Security Risk Advisors - BSides PGH 2018 - Red Team SIEM
byDouglas Webster
 
PDF
SplunkLive! Frankfurt 2018 - Customer Presentation: Bosch Cyber Defense Center
bySplunk
 
PDF
Security Analytics with OpenSearch
byArnold Van Wijnbergen
 
PPTX
Jimbob's Towing and Wrecker Services Presentation
byTony DeGonia (LION)
 
PDF
Security Automation Simplified - BSides Austin 2019
byMoses Schwartz
 
PDF
Security automation simplified: an intro to DIY security automation
byMoses Schwartz
 
PDF
Automating Security in Cloud Workloads with DevSecOps
byKristana Kane
 
PDF
IANS information security forum 2019 summary
byKarun Chennuri
 
PPTX
Overcoming Security Challenges in DevOps
byAlert Logic
 
PDF
Automated Security Hardening with OpenStack-Ansible
byMajor Hayden
 
PPTX
Sept 2019 - DSO-LG Tooling Examples
byMichael Man
 
PPTX
JWTS Presentation
byTony DeGonia
 
Cloud Application Security: Lessons Learned
byJason Chan
 
we45 DEFCON Workshop - Building AppSec Automation with Python
byAbhay Bhargav
 
Security Automation - Python - Introduction
bySanthosh Baswa
 
Slides zum Impulsreferat: HCL BigFix - DNUG Stammtisch Karlsruhe
byDNUG e.V.
 
HCL BigFix - DNUG Stammtisch Salzburg
byDNUG e.V.
 
5 Clear Signs You Need Security Policy Automation
byTufin
 
Servers compliance: audit, remediation, proof
byRUDDER
 
HCL BigFix - The Endpoint Management Platform - DNUG Stammtisch Hamburg.pdf
byDNUG e.V.
 
Security Risk Advisors - BSides PGH 2018 - Red Team SIEM
byDouglas Webster
 
SplunkLive! Frankfurt 2018 - Customer Presentation: Bosch Cyber Defense Center
bySplunk
 
Security Analytics with OpenSearch
byArnold Van Wijnbergen
 
Jimbob's Towing and Wrecker Services Presentation
byTony DeGonia (LION)
 
Security Automation Simplified - BSides Austin 2019
byMoses Schwartz
 
Security automation simplified: an intro to DIY security automation
byMoses Schwartz
 
Automating Security in Cloud Workloads with DevSecOps
byKristana Kane
 
IANS information security forum 2019 summary
byKarun Chennuri
 
Overcoming Security Challenges in DevOps
byAlert Logic
 
Automated Security Hardening with OpenStack-Ansible
byMajor Hayden
 
Sept 2019 - DSO-LG Tooling Examples
byMichael Man
 
JWTS Presentation
byTony DeGonia
 

Recently uploaded

PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PDF
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
PDF
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
PPTX
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PDF
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
PDF
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
PDF
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
PPTX
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
PDF
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PDF
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
In this document
Powered by AI

Introduction to security automation for Red and Blue teams by Suraj Pratap. Overview of topics includes lifecycle automation and usage of open-source technology.

Focus on servers and application lifecycle management. Emphasizes the need for automation due to workforce limitations managing over 600 servers and multiple applications.

Discussion of challenges in automation including human capacity, tool selection, time, and cost factors impacting security processes.

Overview of various areas automated in security including infrastructure security, audits, offensive tasks, and vulnerability management.

Automation tools used for infrastructure security include Ansible, CloudFormation, and log management solutions for server and container hardening.

Description of security audit automation tools such as Scout2, Prowler, and OSSEC to enhance compliance and security monitoring.

Automation tools for offensive security including vulnerability scanning and static code analysis with tools like OpenVas and Sonarqube.

Automation in vulnerability management using tools like Dradis and Vulnreport.io, integrating with ticketing systems to streamline processes.

Implementation of Security Information and Event Management (SIEM) tools, alert systems, and integration methods for security monitoring.

Implementation of Security Information and Event Management (SIEM) tools, alert systems, and integration methods for security monitoring.

Invitation for questions with provided contact information for further communication and engagement.

Bsides Delhi Security Automation for Red and Blue Teams

  • 1.
    Security Automation forRed and Blue Teams BSidesDelhi 2017
  • 2.
    #WHOAMI ● Suraj Pratap ●Sr SecOps Engineer in Zeotap GmbH ● Bounty Hunter ● Speaker at cocon, EuropeanSec ● Write code in free time to automate
  • 3.
    Security Automation forRed and Blue Teams
  • 4.
    Outline ● LifeCycle ofservers and application ● What are the Areas in lifecycle which we automate ● Maximum use of open source technology
  • 5.
  • 6.
  • 7.
    Why I automate SingleHuman Resource 600+ servers 10+ application Cloud Infra (AWS +GCP) Compliance
  • 8.
    Challenges ● Human capacity ●Tool selection and fitment ● Time ● Cost
  • 9.
    What I automated ●Infrastructure security automation ● Security Audit Automation ● Offensive security automation ● Vulnerability Management Automation ● SIEM
  • 10.
    Infrastructure security automation ●Hardening automation based on CIS benchmarks ○ server hardening based on cis benchmarks. ○ container hardening based on cis benchmarks. ○ firewall hardening. ● Tool used ○ Ansible ○ cloudformation
  • 11.
    Infrastructure security automation ●Log management automation using open source tools ○ integration with logserver using open source tools ○ cloudtrails log management and integration with syslog server ● Tools ○ Rsyslog ○ s3sync ○ Ansible ○ ELK
  • 12.
    Infrastructure security automation ●Agent management using open source tools ○ agents management automation ○ agents/ app armor/ automation ● Tools ○ Ansible ○ Apprmor
  • 13.
    Security Audit Automation ●Security audit automations using open source tools ● Report fetching automation ● Host based intrusion detection automation ● Cloud Security (AWS) audit automation ● Tools ○ Scout2 ○ Prowler ○ OSSEC ○ Ansible
  • 14.
    Offensive security automation ●Network scanning automation ○ vulnerability scanning and network discovery ● Application security scanning automation ○ vulnerability scanning ● Tools ○ OpenVas ○ Jenkins ○ Zap
  • 15.
    Offensive security automation ●Source code review automation ○ static code analysis using open source tools ● Tools ○ Sonarqube ○ jenkins
  • 17.
    Vulnerability Management Automation ●Vulnerability management using open source tools ○ Dashboard for vulnerability management ○ Network and application security ● Integration with ticketing tools ○ integration with ticketing tools like jira and manage engine ● Tools ○ Dradis ○ Vulnreport.io
  • 20.
    Security event monitoring ●Setting up SIEM tool ○ setup siem tools for cloud and on prim ○ integration with syslogs server and cloudtrails ● Automation of alert system ○ setting up basic rules for siem ○ setting security dashboard ○ setting alert system for security events/alarms
  • 24.
    Security event monitoring ●Tools ○ Alienvault ○ ELK
  • 25.
    QA Sent your questions Email:surajraghuvanshi@gmail.com Twitter: @surajraghuvansh Github: https://github.com/surajraghuvanshi/