Analyst & Research Reports

O'Reilly Modern Defense in Depth

Issue link:

Contents of this Issue


Page 42 of 53

Security Products Support Management APIs Nearly every security technology on the market today supports application programming interfaces (APIs). In this case, these APIs are not designed to be used like ecommerce or social media APIs. Instead, they support the gathering of information from the secu‐ rity technologies deployed in the form of logs, events, alerts, and even traps. The other usage for the APIs is automating security technology configurations with the ability to make changes "on the fly," often using automation. This is where the tremendous value of scripting and APIs comes in to play. The Importance of Synergy The synergy of automation, scripting, and APIs is one of the most vital talents required for SOC teams today. When people hear the term "APIs," they immediately think of application programmers because they are commonly involved with utilizing today's APIs. However, in this case, APIs are an extremely powerful tool for secu‐ rity experts who have mastered scripting techniques. When organi‐ zations are searching for security experts to be added to their SOC teams, finding those who have extremely high levels of understand‐ ing in relation to automation, scripting, and APIs is highly recom‐ mended. Let's take a look how automation, scripting, and APIs operate within the context of a SOC. When a log (an alert or event, among other things) is generated by one of the lines of defense, this log is received at a centralized log‐ ging system located somewhere in the SOC. At that point, there are two approaches that can be taken. One is to have humans acknowl‐ edge the log, figure out what the log means, and then determine whether the log can be acted upon with regard to the other lines of defense. However, a more modern approach would be to receive the log and then automate the calling of a preconfigured script that takes some sort of action on one or more lines of defense, by way of making automated changes through the technologies' APIs. Common Example In the case of latter lines of defense, if one of these lines generates a log or alert pertaining to a repeat offender, a script can be called to How Integration Is Achieved Today | 33

Articles in this issue

view archives of Analyst & Research Reports - O'Reilly Modern Defense in Depth