Enterprise 11: Securing the RPA environment with external controls

The Automation Anywhere architecture consists of a standard desktop and server class infrastructure for the clients and the Control Room.

RPA platform

This topic details the best practices for securing the RPA platform with external security controls. Network-based firewalls, Intrusion Detection Systems, anti-malware, and external log servers are all standard security controls that are relevant to RPA deployment and the other infrastructure in your environment. The following figure shows logically where these components are deployed in the RPA deployment:

RPA deployment model showing logical component deployment

Each external security control is discussed in detail in the following sections, in terms of placement and configuration. Supporting network services such as Active Directory, SVN Server, PostgreSQL Server, SMB File Share, Microsoft SQL Server, and Production applications, and are accessed through network firewalls or directly, depending on their placement relative to the RPA components.

Network-based access control to protect RPA with firewalls

Network-based firewalls and local server-based firewall are used to protect the Control Room or all nodes in a Control Room cluster. By default, required protocols on the Control Room are permitted from the corporate network. Additionally, all clustering protocols are permitted only between the nodes in the Control Room cluster. Network-based firewalls are used to isolate Development, Test, and Production RPA environments from the corporate network and from each other.

For unattended automation environments, the Bot Runners are placed in a specific isolated network and protected by a network-based firewall. Attended automations run from corporate workstations with the Bot Runner client installed and are protected via the corporate perimeter firewalls or internal firewalls protecting the corporate desktop infrastructure, like any desktop.

Anti-malware to protect RPA from viruses and malware

The Automation Anywhere Enterprise Client runs on desktop class infrastructure and is considered a corporate desktop. Anti-malware or anti-virus software is used to protect the client environment from malicious software in the form of viruses and malware.

Intrusion detection systems to protect RPA from direct attacks

Intrusion Detection and Prevention Systems (IPS) protect the corporate network by detecting network-based attack through network traffic analysis. Like any other critical section of the data center, an IPS protects the RPA platform at the egress point, behind the network-based firewall.

Security Event Incident Management to protect RPA with external auditing

All Automation Anywhere Control Room logs can be forwarded to a Security Event Incident Management (SEIM) system for external storage, processing, and alerting. Integration with SEIM or any Syslog-based audit consolidation and reduction system greatly enhances the security posture and governance compliance. Configure the Control Room to forward audit logs to the appropriate Syslog collection server in the environment.