Ayehu extends IT automation into security automation
- 19 July, 2014 00:56
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
There's hardly a person in IT that doesn't have too much to do and too little time to do it. Since few IT departments are on a hiring binge, it's probably safe to say there are too few people handling the routine tasks to keep systems up and running along with the never ending firefighting. In short, most IT professionals are overworked and some might even be overwhelmed.
In the "work smarter, not harder" category of tools are those that provide for IT process automation. Such tools create a script of some sort that automatically executes every time certain conditions are met. The script contains a workflow of very specific tasks that a person would normally have to do, but in this case they can be automated to be completed with or without input from a human.
A good example of activities ripe for automation are resetting a user's Active Directory password and restarting an application or service when it stops running. Short workflows of specific tasks can be setup to execute when some trigger event happens--like a user sending a request to the help desk for password reset.
Taking small activities like this off the plate of overworked IT professionals can free them up to work on more important assignments. However, many companies are finding they can automate more complex activities and even IT security processes to save considerable manhours and to provide better network protection.
Long-time IT automation vendor Ayehu is moving into the security automation space by providing integration between its eyeShare automation software with security systems like SIEM, NAC, anti-virus and more. Security teams can use eyeShare to collect alerts directly from the security devices, verify the severity of the threat, communicate that severity with a security analyst who can make an informed decision on what action to take, and then execute remediation commands throughout the network. This can speed up the process of taking action when it's needed rather than waiting until a human can complete all of these tasks manually.
For example, intrusion detection software detects that a particular computer on the network has become infected with malware and sends an alert that eyeShare picks up. Using an automated workflow created by the security operations team, eyeShare can execute a sequence of commands to immediately disconnect that computer from the network to prevent spread of the malware. Going further, the user's Active Directory credentials can be disabled to prevent unintended escalation of access privileges. A help desk ticket can be generated to request remediation of the infected machine. Decision points can be built into the workflow to inject human intervention, such as to prioritize remediation based on the end user's role in the organization.
Ayehu has the ability to automate specific activities in a number of different systems, including Cisco routers, VMware, Active Directory, ServiceNow, SolarWinds Orion and many others. EyeShare's light-weight toolbox makes it possible to automate workflows across systems regardless of their locations--on public clouds, on private clouds, and within a local data center. Rather than requiring an agent on the devices it wants to speak with, eyeShare uses standard Internet protocols to communicate and automate the workflows.
EyeShare comes with more than 500 prebuilt activities out-of-the-box, and there are about 150 prebuilt templates for the most common uses of the tool. Ayehu's customers have built these templates to suit their own needs and then provided them back to Ayehu to share with other users who would be automating the same kinds of activities. Setting up workflows does not require any coding or programming skills. EyeShare uses a drag-and-drop interface that can be used by any level technician to create workflows to perform even sophisticated tasks.
Alex Yaney is a senior solutions architect with a division of LexisNexis that provides data center hosting services for law firms. Yaney's team uses eyeShare's VMware integration to automate virtual provisioning for customers. LexisNexis has agreements with customers to resize their drives when they hit certain capacity thresholds. Yaney says they do this across virtual and physical servers and they have plans to do it across storage heads too.
The automation replaces the manual process that required a person to validate and resize the drive and then validate it again and update the service ticket. "We are changing the configuration of the server and that has been very useful to us," says Yaney. He is currently conducting a proof of concept to resize virtual images and add CPUs and memory dynamically. He expects this will aid the team in being more responsive to customers' needs.
Yaney calls Ayehu's agent-less approach brilliant. "We like using the inherent communication protocols that are already provided in most operating systems. Agent-less makes you more flexible, and it's a big plus to us to be flexible and able to move really quickly with as little impact to the customer's environment as possible," says Yaney.
A big benefit LexisNexis derives from using eyeShare is that the company can continue to run a lean organization and not have to hire additional people to manually perform the tasks that have been automated. "Buying this tool has reduced our need for additional headcount," says Yaney. "It has saved us weeks of time just communicating and centralizing what we are doing between our internal systems and our ITSM, ServiceNow. It has been a good out-of-the-box experience where we can easily configure it and have it cutting instances within a few hours. This is a huge amount of time savings for us."
LexisNexis is considering how it might be able to use eyeShare for security automation. "If anything, it would be a focal point for managing the logic of what we want to do once something is detected. No matter how big you grow, having a focal point makes your network easier to control and manage," according to Yaney.