WEBVTT 1 00:00:00.120 --> 00:00:01.830 In this section of the course, 2 00:00:01.830 --> 00:00:05.610 we are going to discuss automated security operations. 3 00:00:05.610 --> 00:00:08.400 The automated security operations section of the course 4 00:00:08.400 --> 00:00:11.670 focuses on domain three, security engineering, 5 00:00:11.670 --> 00:00:14.520 specifically, objective 3.6, 6 00:00:14.520 --> 00:00:16.770 which states that given a scenario, 7 00:00:16.770 --> 00:00:18.750 you must be able to use automation 8 00:00:18.750 --> 00:00:20.430 to secure the enterprise. 9 00:00:20.430 --> 00:00:23.640 Automated security operations streamline the process 10 00:00:23.640 --> 00:00:26.460 of identifying and addressing potential threats, 11 00:00:26.460 --> 00:00:29.610 making it easier to maintain a secure environment. 12 00:00:29.610 --> 00:00:31.830 By leveraging tools and scripts, 13 00:00:31.830 --> 00:00:35.370 organizations can efficiently conduct vulnerability scanning 14 00:00:35.370 --> 00:00:36.300 and reporting, 15 00:00:36.300 --> 00:00:39.240 ensuring that security gaps are quickly identified 16 00:00:39.240 --> 00:00:40.200 and addressed. 17 00:00:40.200 --> 00:00:42.870 Scripting languages like Bash, PowerShell, 18 00:00:42.870 --> 00:00:47.490 and Python play a crucial role in automating routine tasks, 19 00:00:47.490 --> 00:00:51.210 while scheduling tools like Cron ensure these tasks 20 00:00:51.210 --> 00:00:54.300 run consistently without manual intervention. 21 00:00:54.300 --> 00:00:57.090 Workflow automation ties these elements together, 22 00:00:57.090 --> 00:00:58.920 allowing for a more proactive 23 00:00:58.920 --> 00:01:01.950 and responsive approach to security management. 24 00:01:01.950 --> 00:01:03.750 As we go through this section, 25 00:01:03.750 --> 00:01:05.250 we will cover many topics 26 00:01:05.250 --> 00:01:07.860 related to automated security operations, 27 00:01:07.860 --> 00:01:11.310 including vulnerability scanning and reporting, 28 00:01:11.310 --> 00:01:15.390 scripting, Bash, PowerShell, Python, 29 00:01:15.390 --> 00:01:19.920 Cron and scheduled tasks, as well as workflow automation. 30 00:01:19.920 --> 00:01:22.770 First, we will look at vulnerability scanning 31 00:01:22.770 --> 00:01:23.850 and reporting. 32 00:01:23.850 --> 00:01:27.060 Vulnerability scanning systematically identifies 33 00:01:27.060 --> 00:01:30.630 and documents security weaknesses in systems and networks. 34 00:01:30.630 --> 00:01:34.170 This allows for timely remediation of any vulnerabilities 35 00:01:34.170 --> 00:01:36.060 or weaknesses that are discovered. 36 00:01:36.060 --> 00:01:39.180 Vulnerability scanning uses automated tools 37 00:01:39.180 --> 00:01:42.270 such as Tenable.io and QualysGuard, 38 00:01:42.270 --> 00:01:45.180 to probe systems for known security flaws. 39 00:01:45.180 --> 00:01:47.010 Enterprise vulnerability scanners 40 00:01:47.010 --> 00:01:49.500 can identify outdated software, 41 00:01:49.500 --> 00:01:52.830 misconfigurations or exposed services. 42 00:01:52.830 --> 00:01:54.930 Following the vulnerability scan, 43 00:01:54.930 --> 00:01:58.560 scanning applications can generate a report that categorizes 44 00:01:58.560 --> 00:02:01.290 and prioritizes discovered vulnerabilities 45 00:02:01.290 --> 00:02:02.760 based on severity. 46 00:02:02.760 --> 00:02:06.030 This reporting process organizes the scan results 47 00:02:06.030 --> 00:02:10.050 into actionable insights, often including recommendations 48 00:02:10.050 --> 00:02:13.380 for remediating the identified vulnerabilities. 49 00:02:13.380 --> 00:02:17.160 For example, an organization might use Tenable.io 50 00:02:17.160 --> 00:02:19.950 to automatically scan its web servers weekly, 51 00:02:19.950 --> 00:02:23.010 identifying vulnerabilities like outdated software 52 00:02:23.010 --> 00:02:24.600 or misconfigurations. 53 00:02:24.600 --> 00:02:25.920 After each scan, 54 00:02:25.920 --> 00:02:29.820 Tenable.io may even generate a detailed report 55 00:02:29.820 --> 00:02:33.750 that prioritizes identified vulnerabilities by severity. 56 00:02:33.750 --> 00:02:35.970 The report might, for example, 57 00:02:35.970 --> 00:02:37.530 highlight a critical issue 58 00:02:37.530 --> 00:02:41.100 in the web server's transport layer security configuration 59 00:02:41.100 --> 00:02:43.470 that requires immediate attention. 60 00:02:43.470 --> 00:02:47.730 The IT team could then promptly apply the necessary updates 61 00:02:47.730 --> 00:02:49.260 to secure the servers 62 00:02:49.260 --> 00:02:52.590 before attackers could exploit the vulnerability. 63 00:02:52.590 --> 00:02:55.140 Next, we will explore scripting. 64 00:02:55.140 --> 00:02:57.690 Scripting in automated security operations 65 00:02:57.690 --> 00:03:01.530 refers to writing code that automates repetitive tasks 66 00:03:01.530 --> 00:03:02.730 and processes, 67 00:03:02.730 --> 00:03:06.540 enhancing efficiency and consistency in security management. 68 00:03:06.540 --> 00:03:10.890 Scripting concepts include pseudocode, data structures 69 00:03:10.890 --> 00:03:12.750 and control structures. 70 00:03:12.750 --> 00:03:16.860 Pseudocode is a simplified, high-level version of a script 71 00:03:16.860 --> 00:03:19.560 that outlines the logic and steps needed 72 00:03:19.560 --> 00:03:23.160 to perform a task without focusing on syntax. 73 00:03:23.160 --> 00:03:25.800 This helps to plan and communicate the structure 74 00:03:25.800 --> 00:03:27.300 of the actual script. 75 00:03:27.300 --> 00:03:30.450 Data structures such as arrays, lists, 76 00:03:30.450 --> 00:03:33.960 and dictionaries are used within scripts to organize 77 00:03:33.960 --> 00:03:37.890 and manage data efficiently, allowing the script to process 78 00:03:37.890 --> 00:03:40.020 and store information effectively. 79 00:03:40.020 --> 00:03:41.970 Control structures like loops 80 00:03:41.970 --> 00:03:45.390 and conditional statements direct the flow of the script, 81 00:03:45.390 --> 00:03:47.160 enabling it to make decisions 82 00:03:47.160 --> 00:03:50.490 and repeat actions based on specific conditions. 83 00:03:50.490 --> 00:03:53.970 For example, a security script might use pseudo code 84 00:03:53.970 --> 00:03:57.510 to outline the process of scanning logs for anomalies, 85 00:03:57.510 --> 00:04:00.180 utilize data structures to store log entries, 86 00:04:00.180 --> 00:04:02.910 and implement control structures to filter 87 00:04:02.910 --> 00:04:04.440 and analyze the data. 88 00:04:04.440 --> 00:04:08.250 All of these steps ultimately automate the detection 89 00:04:08.250 --> 00:04:10.080 of suspicious activity. 90 00:04:10.080 --> 00:04:12.450 After that, we will look at Bash. 91 00:04:12.450 --> 00:04:15.810 Bash, which stands for the Born Again Shell, 92 00:04:15.810 --> 00:04:19.650 is a Unix shell and command language used to write scripts 93 00:04:19.650 --> 00:04:21.300 that automate system tasks, 94 00:04:21.300 --> 00:04:24.210 including security checks and maintenance. 95 00:04:24.210 --> 00:04:27.480 Bash scripting concepts include both data structures 96 00:04:27.480 --> 00:04:29.370 and control structures. 97 00:04:29.370 --> 00:04:33.060 In Bash, data structures such as variables, arrays, 98 00:04:33.060 --> 00:04:35.700 and strings are essential for organizing 99 00:04:35.700 --> 00:04:37.950 and storing data within the scripts. 100 00:04:37.950 --> 00:04:40.830 These structures enable scripts to efficiently manage 101 00:04:40.830 --> 00:04:43.020 and manipulate collections of data, 102 00:04:43.020 --> 00:04:46.320 whether the data is a single value, a list of items 103 00:04:46.320 --> 00:04:47.910 or key value pairs. 104 00:04:47.910 --> 00:04:49.890 By using these data structures, 105 00:04:49.890 --> 00:04:53.550 Bash scripts can handle complex tasks by processing 106 00:04:53.550 --> 00:04:55.830 and organizing multiple elements, 107 00:04:55.830 --> 00:04:58.980 such as a series of commands, configurations, 108 00:04:58.980 --> 00:05:01.590 or input data in a structured way. 109 00:05:01.590 --> 00:05:05.970 Control structures in Bash such as loops like for and while, 110 00:05:05.970 --> 00:05:08.970 and conditional statements like if and else, 111 00:05:08.970 --> 00:05:11.760 dictate the flow of script execution. 112 00:05:11.760 --> 00:05:14.970 In this manner, control structures enable the script 113 00:05:14.970 --> 00:05:16.830 to perform repeated action 114 00:05:16.830 --> 00:05:19.950 and make decisions based on specific conditions. 115 00:05:19.950 --> 00:05:21.330 Unlike PowerShell, 116 00:05:21.330 --> 00:05:23.550 which is designed for Windows environments 117 00:05:23.550 --> 00:05:24.780 and integrates closely 118 00:05:24.780 --> 00:05:27.480 with Windows system administrative tasks, 119 00:05:27.480 --> 00:05:28.740 or Python, 120 00:05:28.740 --> 00:05:31.410 which is a more general purpose programming language, 121 00:05:31.410 --> 00:05:34.890 with extensive libraries for various applications. 122 00:05:34.890 --> 00:05:37.080 Bash is particularly suited 123 00:05:37.080 --> 00:05:40.140 for automating tasks in Unix-based systems, 124 00:05:40.140 --> 00:05:44.070 making it ideal for managing Linux security operations. 125 00:05:44.070 --> 00:05:47.790 For example, a Bash script on a Linux machine 126 00:05:47.790 --> 00:05:50.910 might automate the process of scanning log files 127 00:05:50.910 --> 00:05:53.160 using arrays to store results, 128 00:05:53.160 --> 00:05:55.230 and using loops to iterate 129 00:05:55.230 --> 00:05:57.540 through each log entry for assessment. 130 00:05:57.540 --> 00:05:59.760 Next, we will explore PowerShell. 131 00:05:59.760 --> 00:06:02.310 PowerShell is a powerful scripting language 132 00:06:02.310 --> 00:06:06.000 and command-line shell designed for automating tasks 133 00:06:06.000 --> 00:06:09.570 and managing configurations in a Windows environment. 134 00:06:09.570 --> 00:06:13.770 In PowerShell, data structures such as variables, arrays, 135 00:06:13.770 --> 00:06:17.880 hash tables, strings and objects are used to store 136 00:06:17.880 --> 00:06:20.040 and manipulate complex data, 137 00:06:20.040 --> 00:06:22.680 making it easy to handle system information 138 00:06:22.680 --> 00:06:24.930 and configuration details. 139 00:06:24.930 --> 00:06:29.160 Script control structures, including loops like for, 140 00:06:29.160 --> 00:06:31.110 foreach and while, 141 00:06:31.110 --> 00:06:34.350 and conditional statements like if and switch, 142 00:06:34.350 --> 00:06:37.290 allows scripts to execute repetitive tasks 143 00:06:37.290 --> 00:06:40.380 and make decisions based on specific conditions. 144 00:06:40.380 --> 00:06:43.860 Unlike Bash, which is tailored for Unix-based systems, 145 00:06:43.860 --> 00:06:47.550 and Python, which is a versatile general purpose language, 146 00:06:47.550 --> 00:06:49.770 PowerShell is specifically optimized 147 00:06:49.770 --> 00:06:51.570 for Windows administration, 148 00:06:51.570 --> 00:06:53.190 offering seamless integration 149 00:06:53.190 --> 00:06:56.640 with the Windows operating system and its components. 150 00:06:56.640 --> 00:07:00.720 For example, a PowerShell script might automate the task 151 00:07:00.720 --> 00:07:03.600 of auditing user accounts in active directory, 152 00:07:03.600 --> 00:07:05.940 using arrays to store user data, 153 00:07:05.940 --> 00:07:08.370 loops to iterate through the list of users, 154 00:07:08.370 --> 00:07:10.500 and conditional statements to flag accounts 155 00:07:10.500 --> 00:07:12.120 that require attention. 156 00:07:12.120 --> 00:07:14.580 Following that, we will look at Python. 157 00:07:14.580 --> 00:07:17.220 Python is a versatile programming language 158 00:07:17.220 --> 00:07:18.807 widely used for scripting 159 00:07:18.807 --> 00:07:21.240 and automating complex tasks 160 00:07:21.240 --> 00:07:24.180 across various platforms and operating systems. 161 00:07:24.180 --> 00:07:27.960 Python script implementations include security assessments 162 00:07:27.960 --> 00:07:29.670 and threat analysis. 163 00:07:29.670 --> 00:07:32.490 Python supports a wide range of data structures 164 00:07:32.490 --> 00:07:36.900 such as lists, tuples, dictionaries, sets, strings 165 00:07:36.900 --> 00:07:40.770 and arrays, allowing scripts to efficiently organize, store, 166 00:07:40.770 --> 00:07:42.450 and manipulate data. 167 00:07:42.450 --> 00:07:46.170 Python's wide compatibility with data structures is crucial 168 00:07:46.170 --> 00:07:48.390 for processing large data sets. 169 00:07:48.390 --> 00:07:50.370 Control structures in Python, 170 00:07:50.370 --> 00:07:53.310 including loops like for and while 171 00:07:53.310 --> 00:07:56.820 and conditionals, like if, elif and else, 172 00:07:56.820 --> 00:07:59.910 enable scripts to perform repetitive actions 173 00:07:59.910 --> 00:08:03.150 and make decisions based on specific criteria. 174 00:08:03.150 --> 00:08:05.880 Python control structures make it effective 175 00:08:05.880 --> 00:08:08.790 for tasks like automated log analysis 176 00:08:08.790 --> 00:08:10.710 or vulnerability scanning, 177 00:08:10.710 --> 00:08:12.060 compared to PowerShell, 178 00:08:12.060 --> 00:08:14.550 which is optimized for Windows environments, 179 00:08:14.550 --> 00:08:17.970 and Bash, which is tailored for Unix based systems, 180 00:08:17.970 --> 00:08:21.570 Python offers cross-platform compatibility 181 00:08:21.570 --> 00:08:23.970 and an extensive library ecosystem, 182 00:08:23.970 --> 00:08:26.340 making it ideal for more complex 183 00:08:26.340 --> 00:08:29.070 or diverse security automation tasks. 184 00:08:29.070 --> 00:08:32.910 For example, a Python script can automate the extraction 185 00:08:32.910 --> 00:08:35.190 and analysis of network traffic logs 186 00:08:35.190 --> 00:08:37.740 using lists to store log entries, 187 00:08:37.740 --> 00:08:40.050 loops to process each entry, 188 00:08:40.050 --> 00:08:43.650 and conditionals to identify potential security threats. 189 00:08:43.650 --> 00:08:48.030 Then we will explore Cron and scheduled tasks. 190 00:08:48.030 --> 00:08:50.670 Cron and scheduled tasks are used 191 00:08:50.670 --> 00:08:52.980 to automate the execution of scripts 192 00:08:52.980 --> 00:08:55.590 and commands at predefined times in Linux 193 00:08:55.590 --> 00:08:58.770 and Windows operating systems respectively. 194 00:08:58.770 --> 00:09:02.760 Cron is short for Chronos, the Greek word for time. 195 00:09:02.760 --> 00:09:05.460 The Cron application is a time-based job scheduler 196 00:09:05.460 --> 00:09:06.690 in Linux systems. 197 00:09:06.690 --> 00:09:09.720 Cron allows users to automate repetitive tasks 198 00:09:09.720 --> 00:09:11.520 like running security scans 199 00:09:11.520 --> 00:09:15.360 or updating system logs by specifying the exact time 200 00:09:15.360 --> 00:09:17.400 and frequency of execution. 201 00:09:17.400 --> 00:09:21.420 Scheduled tasks in Windows serve a similar purpose, 202 00:09:21.420 --> 00:09:23.340 enabling the automation of tasks 203 00:09:23.340 --> 00:09:25.470 such as running PowerShell scripts, 204 00:09:25.470 --> 00:09:28.590 or performing system maintenance at scheduled intervals, 205 00:09:28.590 --> 00:09:32.040 both of these tools are integral to maintaining consistent 206 00:09:32.040 --> 00:09:34.380 and timely security operations. 207 00:09:34.380 --> 00:09:37.770 They ensure that critical processes run automatically 208 00:09:37.770 --> 00:09:39.780 without manual intervention. 209 00:09:39.780 --> 00:09:42.900 For example, an organization might use Cron 210 00:09:42.900 --> 00:09:46.260 to schedule nightly vulnerability scans on a Linux server, 211 00:09:46.260 --> 00:09:49.230 and schedule tasks to automate the deployment 212 00:09:49.230 --> 00:09:51.900 of security patches on Windows servers. 213 00:09:51.900 --> 00:09:55.020 Finally, we will look at workflow automation. 214 00:09:55.020 --> 00:09:56.910 Workflow automation streamlines 215 00:09:56.910 --> 00:10:01.260 and automates multi-step processes to improve efficiency 216 00:10:01.260 --> 00:10:05.040 and consistency in responding to security events. 217 00:10:05.040 --> 00:10:07.860 By integrating various tools and scripts, 218 00:10:07.860 --> 00:10:11.550 workflow automation allows for the automatic execution 219 00:10:11.550 --> 00:10:14.640 of security tasks such as threat detection, 220 00:10:14.640 --> 00:10:17.040 incident response, and reporting, 221 00:10:17.040 --> 00:10:19.110 without manual intervention. 222 00:10:19.110 --> 00:10:22.290 Workflow automation ensures that security processes 223 00:10:22.290 --> 00:10:24.870 are carried out promptly and accurately, 224 00:10:24.870 --> 00:10:26.940 reducing the risk of human error 225 00:10:26.940 --> 00:10:29.940 and speeding up the response time to threats. 226 00:10:29.940 --> 00:10:33.000 For example, a workflow automation tool 227 00:10:33.000 --> 00:10:36.750 might be used to automatically trigger a series of actions 228 00:10:36.750 --> 00:10:39.960 in response to a detected security incident. 229 00:10:39.960 --> 00:10:42.900 The actions that workflow automation can take 230 00:10:42.900 --> 00:10:45.390 include isolating the affected system, 231 00:10:45.390 --> 00:10:47.430 generating a detailed report, 232 00:10:47.430 --> 00:10:49.860 and alerting the security team. 233 00:10:49.860 --> 00:10:51.150 To finish things off, 234 00:10:51.150 --> 00:10:53.370 we'll take a short quiz to see what you learned 235 00:10:53.370 --> 00:10:55.230 during this section of the course, 236 00:10:55.230 --> 00:10:58.920 and we will review each of those quiz questions fully 237 00:10:58.920 --> 00:11:01.800 to ensure you can explain why the right answers were right 238 00:11:01.800 --> 00:11:03.720 and the wrong answers were wrong. 239 00:11:03.720 --> 00:11:05.430 So, let's get ready 240 00:11:05.430 --> 00:11:08.160 to dive into automated security operations 241 00:11:08.160 --> 00:11:10.323 in this section of the course.