Skip to content

Page373

Security Orchestration, Automation, and Response

Security Orchestration, Automation, and Response (SOAR) is an agile methodology used to centralize the management of security operations, including incident handling and response, vulnerability scanning, Security Information and Event Management (SIEM), and other operational activities. The goal is to automate tasks that were formerly performed manually. It uses orchestration to coordinate the management of SIEM, IDSs/IPSs, firewalls, and threat intelligence feeds via the use of application programming interfaces (APIs). This orchestration of security devices is known as software-defined security (SDSec), which is analogous to software-defined networking (discussed in Chapter 5, Domain 4: Communication and Network Security).

Automation includes steps such as patching a system after an automated vulnerability scan determined it was vulnerable. It uses artificial intelligence to identify security incidents and executes incident response playbooks to take specific actions, such as removing a malicious email from a user’s inbox or isolating an infected system.

Software Configuration Management

Software Configuration Management (SCM) is an agile method that automates system administration tasks, including server deployment and configuration management. SCM enables infrastructure as code, which allows building and configuring systems via a scripting language such as PowerShell, Python, and others. Ansible, Chef, Puppet, and Salt Stack are popular SCM tools.

SDLC

The Systems Development Life Cycle (SDLC), also called the Software Development Life Cycle or simply the System Life Cycle is a system development model. SDLC is used across the IT industry, but SDLC focuses on security when used in the context of the exam. Think of “our” SDLC as the Secure Systems Development Life Cycle: the security is implied.

On the exam, SDLC focuses on security in every phase. This model is broader than many application development models, focusing on the entire system, from selection/development, through operational requirements, to secure disposal. There are many variants of the SDLC, but most follow (or are based on) the National Institute of Standards and Technology (NIST) SDLC process.