The Next Big Thing in Automated Large-scale Vulnerability Scanning

By Douglas Bernardini

As infrastructure and networks grow in size and complexity, it becomes increasingly difficult to manually manage security and compliance. Manual operations can result in slower detection and remediation of issues, errors in resource configuration, and inconsistent policy application, leaving your systems vulnerable to compliance issues and attack.

Why automate security processes?

This can lead to unplanned and expensive downtime and overall reduced functionality. Automation can help you streamline daily operations as well as integrate security into IT infrastructure, processes, hybrid cloud structures, and applications (or apps) from the start. Fully deploying security automation can even reduce the average cost.

Faster Threat hunting

Fast threat detection can reduce the likelihood that your organization will experience a security breach as well as the associated costs if a breach occurs. Manual processes can delay threat identification in complex IT environments, leaving your business vulnerable. Applying automation to your security processes can help you identify, validate, and escalate threats faster without manual intervention.

Why Ansible?

Ansible is an open source IT automation engine that automates provisioning, configuration management, application deployment, orchestration, and many other IT processes. Use Ansible automation to install software, automate daily tasks, provision infrastructure, improve security and compliance, patch systems, and share automation across your organization.

Does playbook works for cyber?

An Ansible® Playbook is a blueprint of automation tasks—which are complex IT actions executed with limited or no human involvement. Ansible Playbooks are executed on a set, group, or classification of hosts, which together make up an Ansible inventory.

Ansible Playbooks are essentially frameworks, which are prewritten code developers can use ad-hoc or as starting template. Ansible Playbooks are regularly used to automate IT infrastructure (such as operating systems and Kubernetes platforms), networks, security systems, and developer personas (such as Git).

Ansible Playbooks help IT staff program applications, services, server nodes, or other devices without the manual overhead of creating everything from scratch. And Ansible Playbooks—as well as the conditions, variables, and tasks within them—can be saved, shared, or reused indefinitely.

Ansible allows you to simply define your systems for security. Ansible’s easily understood Playbook syntax allows you to define secure any part of your system, whether it’s setting firewall rules, locking down users and groups, or applying custom security policies. Ansible comes with a library of over 750 included automation modules, allowing you to quickly perform tasks without complicated scripting and Ansible’s easily reusable roles let you write your automation procedures once and use them across your entire infrastructure.

Plus, when the need arrives to perform a one-off task like quickly applying a security patch from a vendor, Ansible’s command support allows you to get things done across your infrastructure with one simple command.

Why Nessus?

Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. Nessus employs the Nessus Attack Scripting Language (NASL), a simple language that describes individual threats and potential attacks.

Nessus has a modular architecture consisting of centralized servers that conduct scanning, and remote clients that allow for administrator interaction. Administrators can include NASL descriptions of all suspected vulnerabilities to develop customized scans. Significant capabilities of Nessus include:

Compatibility with computers and servers of all sizes.
Detection of security holes in local or remote hosts.
Detection of missing security updates and patches.
Simulated attacks to pinpoint vulnerabilities.
Execution of security tests in a contained environment.
Scheduled security audits.

The vulnerability database that Nessus has is its main advantage. While the techniques to understanding which service is running and what version of the software is running the service are known to us, answering the question, “Does this service have a known
vulnerability” is the important one. Apart from a regularly updated vulnerability database, Nessus also has information on default credentials found in applications, default paths, and locations. All of this fine-tuned in an easy way to use CLI or web-based tool.

Typical Scenario

In order to evaluate the health of a network, vulnerability handlers utilize products such as Nessus that automate the process of scanning servers for known security vulnerabilities. While these products address the issue of having to manually test an entire network for vulnerabilities, maintaining the Nessus ecosystem requires constant monitoring of Nessus Scanners’ health, manual updates when newer versions are released, and evaluating scan results to determine the presence of critical vulnerabilities on the network.

Objectives: Create a system to automatically pull down, rebuild, and register Nessus Scanners to alert vulnerability handlers when Nessus finds critical vulnerabilities so that they can be handled immediately.
Approach: Create Ansible playbooks that use pre-existing bootstrapping methods in an automated and utilize Ansible Vaults so that credentials and other sensitive information are stored encrypted on the system and decrypted only during runtime Schedule a job after each Nessus scan using Jenkins that evaluates the severity of discovered vulnerabilities and alerts handlers of critical result
Impact and Benefits: Nessus Scanners are automatically updated on a weekly basis to the latest version of Nessus. This allows for vulnerability handlers to have the most up-to-date information about vulnerabilities on network If a Nessus Scanner stops communicating, it is automatically torn down and rebuilt. If the rebuild process isn’t successful, a team member is notified.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.