Security: CY22 Q3 Q4, CY23 Roadmap

Status: PLANNED

This is an uncommitted roadmap for CY22 Q3 & Q4, CY23 (some things might get dropped or added over the period).

Feedback is welcome in #security-automation on IRC Libera.chat.

Ansible Security Working Group:

Security Automation Group.

Ansible supported Security Platform Collections:

Cisco ASA, IBM Qradar, Splunk ES, Trendmicro Deepsecurity,

Follow our progress:

1. Develop roles to:

• Install distributed security platform e.g IDS/IPS agent.
• Link IDS logs to security operations tools e.g. SIEM/SOAR
• IDS alerts to SIEM. SIEM uses EDA to run controller job to fix, which needs to run close to edge devices i.e. mesh exec node

2. Kubernetes and Container security

We've begun collaborating with Kubernetes and Container security platforms and vendors to provide an Ansible integration solution for automating Kubernetes and Container security use cases. Vendors planned:

• RedHat StackRox
• Palo Alto Networks Prisma Cloud Compute Edition
• Aqua Container Security
• Anchore

3. PKI / Certificate handling for EDGE

a. Identify key PKI platforms to integrate through modules eventually promoted into Certified content collections Candidates:

• Entrust
• Digicert
• Thales
• Utimaco
• Amazon Web Services (AWS)
• Azure and Google Cloud Platform (GCP)

b. Identify key use cases to integrate through roles eventually promoted into Validated content collections Potential examples:

• Workload Identities management
• Life cycle of certificates across the organization
• SSH Key Management
• IaaS Provider Secret
• Key and Certificate Management

ansible.security meta collection:

Security.