Automating Security Operations for Improved Efficiency and Protection with F5 and Event-Driven Ansible

Nicolas Menant Thumbnail
Nicolas Menant
Published May 23, 2023

As enterprise IT environments grow in sophistication and scope, teams exceedingly rely upon advanced tools and techniques to effectively and efficiently manage network and security operations. Both internal and external pressures are ratcheting up, from the continued adoption of remote and hybrid working models that expand the attack surface to the rampant proliferation of cyberattacks, illustrated by the steady growth of ransomware over the past five years.1

Unfortunately, many organizations face dire IT resource and talent constraints, as currently, there is an estimated global shortage of 3.4 million cybersecurity workers.2 In the hopes of overcoming these various and likely prolonged challenges, organizations are looking to automate tasks and reduce the workload for security teams. Automation can provide immense value by helping enterprises achieve their critical cybersecurity objectives while improving their overall security posture.

Automate Security Operations with F5 and Red Hat

Automation is especially valuable to security as understaffed teams are frequently overwhelmed with alerts from a growing number of security tools. Event-driven automation provides immediate response to suspicious activity to head off attacks before they can cause damage, reducing the average cost of a data breach by 95%.3

F5 and Red Hat are working together to help protect enterprises more efficiently with fast, event-driven automation. When unusual or malicious activity is detected through event monitoring tools such as Elasticsearch and Kibana, Event-Driven Ansible Rulebooks take immediate action through F5 solutions, such as F5 Advanced WAF and BIG-IP Application Security Manager, to stop a potential attack.

This agentless automation uses existing transport mechanisms, such as APIs and webhooks, for easier interoperability. F5 content collections for Event-Driven Ansible are developed by F5 and certified by Red Hat to ensure reliable automation and support. Together, F5 and Red Hat help organizations reduce risk, achieve a faster mean time to resolution, and ultimately free up limited resources to focus on high-value tasks.

Let’s take a look at three security operations use cases that will benefit from automation with F5 and Event-Driven Ansible:

  • Enrich Security Investigations

Cyberattacks perpetually bombard organizations, and security tools generate more alerts than understaffed security teams can investigate. On average, it took security teams 277 days to identify and contain a data breach in 2022.4 With the average U.S. data breach costing $9.44 million in 2022,5 organizations could see huge savings by helping their security teams identify and remediate issues more efficiently via automation. A common first step on the security automation journey is to expedite the investigation phase of potential security incidents by following pre-defined investigation playbooks. When a new security event triggers an Ansible Rulebook, automated workflows can gather and correlate data from multiple F5 solutions to significantly decrease the amount of time the security analyst must spend on the investigation, which will result in a faster mean time to identify and ultimately contain an incident.

  • Improve Threat Hunting

The average enterprise manages approximately 135,000 endpoint devices.6 This massive attack surface opens them up to a litany of attack vectors, but many security teams lack the resources to invest in proactive threat hunting. With automation to constantly monitor and correlate threat data to produce actionable insights, security teams can prevent security issues more effectively and quickly detect anything that gets through their defenses.

  • Respond Faster to Security Incidents

In an era of automated cyberattacks, immediate response to threats is vital. Security teams can use automation that executes pre-built, verified workflows for instant response to contain or block attacks that reduces attacker dwell time and damage. Rules determine which workflows to trigger based on specific events. When the event is detected, automation takes effect to remediate the issue, block access, quarantine endpoints, or update security policies to prevent future occurrences. For example, if a malicious user is detected trying to access an application, event monitoring can trigger an Ansible Rulebook that instructs F5 Advanced WAF to block the specific user while continuing to allow application access by legitimate users. The instant changes enabled by automation can thwart security threats entirely or result in a faster mean time to resolution.

Get Automated, Proactive Security with F5 and Red Hat

Combining technologies from F5 and Red Hat can help protect enterprises through fast, event-driven automation that powers rapid responses to improve operational efficiency and reduce security risk. Learn how to efficiently scale and optimize security operations with automation by visiting:


1 Verizon, Data Breach Investigations Report, May 2022

2 (ISC)22022 Cybersecurity Workforce Study, June 2022

3 IDC, The Business Value of Red Hat Ansible Automation Platform, March 2022

4 IBM, Cost of a Data Breach 2022, July 2022

5 Ibid.

6 Adaptiva, Managing Risks & Costs at the Edge, July 2022