Cyber security must become more playbook-driven to reduce the time to respond to threats. Priority should be given to leveraging and adapting generic playbooks.
The model to aspire to is the airline industry model of physical security operations which is highly orchestrated and automated, as well as reviewed and rehearsed.
User organizations need to commit to defining, documenting and maintaining their security playbooks. Without that, there can be no effective security automation.
Automating basic Defensive playbooks is a lot easier than automating Incident Response (IR) playbooks.
More standardized security operations enable playbooks to run to completion faster.
Most enterprises can’t manage security playbooks very well. Providers of managed security services should prioritize investing in managed playbook services.