DGS CyLABs: A&O

To manage the ongoing change in IT processes and meet the modern needs of securing our clients’ IT infrastructures, we experiment with innovative solutions and technologies, proposing automation and orchestration of IT security management processes.

On average, in any company that employs traditional defense tools, IT security management requires qualified IT staff to spend many hours on repetitive manual tasks. This takes away valuable time and mental energy that could instead be devoted to achieving business objectives. The good news is that repetitive manual tasks can be reduced through automation, and more. Should we need it, technological innovation today allows us to automate even an entire sequence of repetitive tasks by having multiple operations “integrated.” This is, in short, process automation, or, to put it in one word, “orchestration.” 

Automation is essential today to manage, change, and adjust the security of IT infrastructures. With automation, and thus with the simplification of processes, comes more time and resources to devote to innovation: an automated company can work faster; this allows IT staff to devote themselves to critical problems and solve them, making them repetitive at a later time and thus suitable again for automation and orchestration. 

The world of Cyber Security – which sees the number of attacks on IT infrastructures (data, users, applications, devices, networks, etc.) growing every day, and which, as if that were not enough, is constantly struggling with staff shortages and the need to search for new skills all the time –  can only benefit from the adoption of solutions that can automate the detection of potential flaws and new vulnerabilities in exposed services, as well as orchestrate the implementation of remediation actions. 

The process encompasses the entire IT infrastructure, network, digital identities, applications and security services involved in fulfilling the detection and, therefore, deployment of an application/service and its security policy.  

And this is where standardization-the basis of automation, solution discovery and integration-or orchestration come in. To automate a task, i.e., the single part of a process, we must standardize to reduce the burden of operational integration. 

In our Authomation & Orchestration (A&O) CyLAB labs, for example, we test Web Application Scanning (WAS) technologies, with which we can perform repeated/scheduled scans looking for vulnerabilities to which web applications are prone. In this way, we are devolving to a technology the ability to have capabilities that we should be looking for in application security specialists; with these tools we can have web applications scanned in seconds, leveraging workflows and vulnerability management in a standardized way. 

In addition, we use the results of the scans performed by the solution presented above, “feeding” them to Web Application Firewall (WAF) technologies; WAFs that we configure directly on the technologies we use by our customers to expose/publish their applications: in this way, the apps are always exposed/protected from the vulnerabilities previously detected. 

We then arrive at secure application deployment-[Sec]Ops-thanks to the integration of two technologies: Web Application Scanning and Web Application Firewall. 

We then configure what we describe through an Orchestration and Automation technology, thus achieving the desired goal of protecting applications from newly detected application vulnerabilities automatically, without the need for a person’s intervention; we thus enable our customers to have securely exposed apps, without them having to dedicate personnel with specific expertise on Web App Scanning and Web App FW technologies. 

The most interesting aspect is that we can accomplish this by integrating security at every stage of the software development life cycle-Software Development Life Cycle (SDCL): from design, development, testing, and all the way to production, going so far as to propose DevSecOps methodologies. 

  

To date, thanks to the results of our laboratory (A&O CyLAB), we have created several templates with definitions of scanning profiles from the outside for different types of web services (http/s, authenticated and non-authenticated); we have created workflows for the definition of basic WAF security policies, implemented for the same different types of web services; we have prepared the definition of playbooks that automate the import into the WAF environment of the output produced by WAS scanning of web services. All this is available to our customers and in production on many of them. 

Find out more about all our other CyLABs here.