Professional Documents
Culture Documents
Cómo Empezar en La Ciberseguridad - Automation&Security
Cómo Empezar en La Ciberseguridad - Automation&Security
Cómo Empezar en La Ciberseguridad - Automation&Security
Automatización
Antonio Hurtado
Cibersecurity Architect
Today!
• ¿Qué es la automatización?
Automation Orchestration
¿Qué automatizó
esto?
Ayudó a
reemplazar
El Switchboard
Lo que sí puede ser la automatización
• Aumenta la productividad
• Mejor balance vida personal/trabajo
• Control de costos operativos
Lo que NO es la automatización
ü La bala de plata de TI
ü Lo que nos va a quitar el trabajo
Knight Capital –
$465 millones
Delta Airlines–
$150 millones
Código mal escrito
Valor en la ciberseguridad
Why? How?
Has it
Is it bad? affected
us?
Threat Internal
Intelligence SecOps Monitoring
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Threat Internal
Intelligence SecOps Monitoring
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Internal
SecOps Monitoring
Threat
Intelligence
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SecOps
Threat Internal
Intelligence Monitoring
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Policy and Enforcement
SecOps
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Policy and Enforcement
SecOps
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EPP NGIPS DNS Etc
Security
File
Analysis
Domain
reputation
Cisco
Threat
Response
IP
reputation
SecOps
Etc
EPP logs NGIPS DNS Etc
logs logs
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EPP NGIPS DNS Etc
Security
File
Analysis
Domain
reputation
IP
reputation
SecOps
Etc
EPP logs NGIPS DNS Etc
logs logs
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Casos de uso de la
automatización
Casos de uso reflejan requerimientos de las empresas
Enriquecimiento Response
Contextualiza investigaciones, elimina pivotes Responder automáticamente ante alguna
manuales, Inteligencia, veredictos. amenaza.
“You really want [incidents/alerts] to be enriched with as much “Users report phishing; automation might remove such email
context as possible, so analysts don’t have to pivot to a bunch of from everyone’s inbox, remove file from endpoint, create a ticket
different systems.” SOC Director, Insurance for the desktop team.” SOC Engineer, Health
“People acting like APT crew is where managed threat hunting “Hygiene is a huge pain point: hang up on any professional who
would tell you it is not important!” VP InfoSec, Retail
becomes a necessity!” SOC Director, Legal
Revisemos un ejemplo
When
Service desk
ServiceNow
Actions are uses single
incident is
(AMP) Security Parsing taken for AMP, platform
SecureX and closed, it
events occur happens per (ServiceNow) to
automatically
and trigger first tenant, per ServiceNow handle events.
(and easily add triggers
workflow. event. Threat hunting
response
more modules). happens in
actions in
SecureX.
SecureX.
Revisemos un ejemplo
Acciones:
Crear una
Agregar
nueva
Obtener alertas Parsing de las observables a
investigación y
del CSIRT alertas AMP, Umbrella,
preguntar al
Stealthwatch
jefe del SOC
Cloud
Cisco Live NOC
Scale Switch Deployment Single Pane of Glass
P
TFT
Helper VM
Cisco Prime Cisco Action f pin
g
Service Catalog Orchestrator
SSH
SNM
P
SSH
I ASR1009
AP
EST Internet
R SSH & REST AP 2x10 GB
&
H
SS SSH
I
AP
H
ST
SSH CON
TA
RE
& & F AP
RE
RE RE & RES I
ST
ST
RES
ST AP T AP
AP
AP I I
I
I
I
Catalyst
9800
Meraki
Cisco Prime Cisco Prime InfluxDB
CMX
Infrastructure Network Registrar Grafana
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
¿Qué herramientas
requiero para aprender
sobre automatización?
NEW Security Dev Center
developer.cisco.com/security
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
DevNet Learning Labs (and tracks)
developer.cisco.com/learning/labs/tags/Security
50+
security
related
learning
labs!
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
NEW Learning Labs and Modules
Released Training Coming Soon
• Application First Security Track • CDO API Module
• Threat Hunting using Security APIs Mission • Cloudlock Module
• SecureX orchestration Module (part of SecureX track)
• CES Module
• Duo Module
• Threat Grid Module
• Stealthwatch Track
• Cisco Secure Workload Module
• Firepower Modules: FTD, FMC
• Umbrella (with sandbox soon!)
• SecureX 3rd party integrations
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Cisco DevNet certifications
• Building skills for Automation and Digital Transformation
• developer.cisco.com/certification
DevNet Specialist DevNet Specialist
Enterprise Collaboration
DevNet Automation Automation
Associate
DevNet Specialist
DevNet Specialist
Data Center
IoT
Automation
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
DevNet Exchange – Code Exchange
developer.cisco.com/codeexchange
Over 500
Projects!
(100 Security)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Security Developer Community cs.co/devsec-community
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28