Automating IT Security: Letting Security Analysts Be Analysts

The tools and appliances available within the IT landscape have expanded the analysis and monitoring capabilities available to IT security personnel. However, these tools (FireEye, Nessus, Rapid7, Bro/Zeek and Kibana) rarely integrate with each other. We'll share how the Virginia Tech IT Security Office has developed several web applications that leverage the APIs of these security appliances, Google Drive, and ServiceNow to provide connective tissue and eliminate data entry and tedium whenever possible. Audience participation will be encouraged so that IT automation strategies, tips, and lessons can be shared and brainstormed.

Outcomes: Learn about the benefits of IT automation and integration between security appliances and incident response and notification systems * Hear from other universities and discuss strategies for automation and management buy-in * Deep dive into key API code examples, followed by a demonstration of how to integrate tools