Ciberseguridad y

Automatización

Antonio Hurtado
Cibersecurity Architect
Today!
 • ¿Qué es la automatización?

Agenda • ¿Cuál es el valor de la

automatización en Ciberseguridad?
• ¿Cómo podemos traer la
automatización a las compañías?
 ¿Qué es la automatización?

Automation Orchestration
¿Qué automatizó
esto?

The “Peoples” Ice

Ayudó a
reemplazar

El Switchboard
Lo que sí puede ser la automatización

• Aumenta la productividad
• Mejor balance vida personal/trabajo
• Control de costos operativos
 Lo que NO es la automatización

ü La bala de plata de TI
ü Lo que nos va a quitar el trabajo

ü Una manera de sentarse y no hacer nada

Lo que sucede cuando está mal implementada

Knight Capital –
$465 millones
Delta Airlines–
$150 millones
Código mal escrito
Valor en la ciberseguridad
 Why? How?

Has it
Is it bad? affected
us?

Threat Internal
Intelligence SecOps Monitoring

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 Threat Internal
Intelligence SecOps Monitoring

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 Internal
SecOps Monitoring

Threat
Intelligence
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 SecOps

Threat Internal
Intelligence Monitoring
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 Policy and Enforcement

SecOps

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 Policy and Enforcement

SecOps

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 EPP NGIPS DNS Etc
Security
File
Analysis

Domain
reputation
Cisco
Threat
Response
IP
reputation

SecOps
Etc
EPP logs NGIPS DNS Etc
logs logs

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 EPP NGIPS DNS Etc
Security
File
Analysis

Domain
reputation

IP
reputation

SecOps
Etc
EPP logs NGIPS DNS Etc
logs logs

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Casos de uso de la
automatización
Casos de uso reflejan requerimientos de las empresas
Enriquecimiento Response
Contextualiza investigaciones, elimina pivotes Responder automáticamente ante alguna
manuales, Inteligencia, veredictos. amenaza.

“You really want [incidents/alerts] to be enriched with as much “Users report phishing; automation might remove such email
context as possible, so analysts don’t have to pivot to a bunch of from everyone’s inbox, remove file from endpoint, create a ticket
different systems.” SOC Director, Insurance for the desktop team.” SOC Engineer, Health

Threat Hunting Cyber Hygiene

Cazar amenazas no tiene que ser complicado Manejo de Vulnerabilidades, postura,
agregando automatización a sus procesos. hardening, compliance.

“People acting like APT crew is where managed threat hunting “Hygiene is a huge pain point: hang up on any professional who
would tell you it is not important!” VP InfoSec, Retail
becomes a necessity!” SOC Director, Legal
 Revisemos un ejemplo

When
Service desk
ServiceNow
Actions are uses single
incident is
(AMP) Security Parsing taken for AMP, platform
SecureX and closed, it
events occur happens per (ServiceNow) to
automatically
and trigger first tenant, per ServiceNow handle events.
(and easily add triggers
workflow. event. Threat hunting
response
more modules). happens in
actions in
SecureX.
SecureX.
 Revisemos un ejemplo

Acciones:
Crear una
Agregar
nueva
Obtener alertas Parsing de las observables a
investigación y
del CSIRT alertas AMP, Umbrella,
preguntar al
Stealthwatch
jefe del SOC
Cloud
Cisco Live NOC
Scale Switch Deployment Single Pane of Glass

P
TFT
Helper VM
Cisco Prime Cisco Action f pin
g
Service Catalog Orchestrator
SSH
SNM
P

SSH

I ASR1009
AP
EST Internet
R SSH & REST AP 2x10 GB
&
H
SS SSH
I
AP

SS SSH & REST

PI

H
ST

SSH CON
TA

RE
& & F AP
RE

RE RE & RES I

ST
ST
RES

ST AP T AP

AP
AP I I
I

I
I

Catalyst
9800
Meraki
Cisco Prime Cisco Prime InfluxDB
CMX
Infrastructure Network Registrar Grafana
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
¿Qué herramientas
requiero para aprender
sobre automatización?
NEW Security Dev Center
developer.cisco.com/security

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
DevNet Learning Labs (and tracks)
developer.cisco.com/learning/labs/tags/Security

50+
security
related
learning
labs!
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
NEW Learning Labs and Modules
Released Training Coming Soon
• Application First Security Track • CDO API Module
• Threat Hunting using Security APIs Mission • Cloudlock Module
• SecureX orchestration Module (part of SecureX track)
• CES Module
• Duo Module
• Threat Grid Module
• Stealthwatch Track
• Cisco Secure Workload Module
• Firepower Modules: FTD, FMC
• Umbrella (with sandbox soon!)
• SecureX 3rd party integrations

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Cisco DevNet certifications
• Building skills for Automation and Digital Transformation
• developer.cisco.com/certification
DevNet Specialist DevNet Specialist
Enterprise Collaboration
DevNet Automation Automation
Associate
DevNet Specialist
DevNet Specialist
Data Center
IoT
Automation

DevNet Specialist DevNet Specialist

Service Provider WebEx
Automation
DevNet
Professional
DevNet Specialist DevNet Specialist
Security Automation DevOps

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
DevNet Exchange – Code Exchange
developer.cisco.com/codeexchange

Over 500
Projects!
(100 Security)

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Security Developer Community cs.co/devsec-community

Join here and share with customers and partners!

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28