Ansiblefest 2018: Red Hat previews new security automation and launches certification for Ansible plugins

Red Hat previewed new security automation integrations coming to its Ansible Automation platform early next year and launched the Red Hat Ansible Automation Certification Program for thorough vetting of internally and partner-developed modules and plugins for the platform at the Red Hat Ansiblefest 2018 in Austin this week.

According to the company, the new security enhancements will improve automation of enterprise firewalls, intrusion detection systems and security information and event management, all of which will help systems stand up to cyberattacks and conglomerate disparate functions into one utility.

“Since Red Hat acquired Ansible in 2015, we have been working to make the automated enterprise a reality by driving Ansible into new domains and expanding automation use cases, Joe Fitzgerald, vice president and general manager of management at Red Hat said in the announcement of the new integrations. “With the new Ansible security automation capabilities, we’re making it easier to manage one of enterprise IT’s most complex tasks: systems security. These new modules can help users take an automation-centric approach to IT security, integrating solutions that otherwise would not work together and helping to manage and orchestrate entire security operations with a single, familiar tool.”

In addition to support for Check Point Next Generation Firewall, Splunk Enterprise Security and Snort, the company lists the following capabilities of the upcoming release:

• “Detection and triage of suspicious activities – Ansible can automatically configure logging across enterprise firewalls and IDS to enrich the alerts received by a SIEM solution for easier event triage; for example, enabling logging or increasing log verbosity.
• Threat hunting – Ansible can automatically create new IDS rules to investigate the origin of a firewall rule violation and whitelist those IP addresses recognized as non-threats.
• Incident response – Ansible can automatically validate a threat by verifying an IDS rule, trigger a remediation from the SIEM solution and create new enterprise firewall rules to blacklist the source of an attack.”

The partners already on-board with the Red Hat Ansible Automation Certification Program include Cisco, specifically the ACI, NSO, NX-OS, and UCS product families; CyberArk; F5 Networks; Infoblox; NetApp and Nokia, Red Hat explained.

“Ansible Modules and Plugins that are developed through Red Hat and partners can be submitted to the program, where they are scanned against known vulnerabilities, checked for compatibility and validated to work in production,” the company wrote in the announcement. “This provides assurances to end users that a certified module will perform as expected in mission-critical environments.”

The initiative will make it easier for users of Red Hat Ansible Automation and Red Hat Ansible Tower to access first and third-party modules that have been tested for “security, reliability and consistency of content,” the company says

“Together, these ecosystem partners are expected to offer more than 275 Ansible Certified modules in addition to what Red Hat currently supports, helping expand the breadth of enterprise automation,” the company wrote in the program’s announcement.