Cybersecurity Playbooks Simplified….
I have always found it difficult to wrap my head around cybersecurity playbooks, I found the concept of cybersecurity playbooks confusing but now I don’t!
What changed? I changed how I approached the concept of playbooks!
After some research and studying cybersecurity playbooks also known as runbooks, I found that they are similar to cookbooks! I know it’s a wild analogy!
Cookbooks have step-by-step recipes for the food you want to cook, similarly, the playbook is a detailed recipe for how to prepare, detect, analyze, contain, eradicate, and recover from incident or respond to a vulnerability/risk. The way there are various cookbooks for deserts, cuisine, etc, there are different types of playbooks curated according to risks, vulnerabilities, and incidents, which organizations face.
But are cookbooks enough for creating a dish, no right? We need tools like a food processor, blender, grinder, etc along with them to cook the food. Just like that, playbooks are acted upon in conjunction with SIEM (Security Information and Event Manager) and SOAR(Security Orchestration, Automation, and Response) tools!
A SIEM tool is an application that collects and analyzes log data to monitor critical activities in an organization. SIEM tools offer real-time monitoring and tracking of security event logs. SOAR is similar to SIEM, but SOAR is a piece of software used to automate repetitive tasks generated by tools such as SIEM. Think of SOAR as a food processor, instead of you cutting those onions which make you cry, you let the food processor do it for you, exactly, SOAR automates the response to common incidents and events. Therefore, if a threat is flagged by SIEM, the playbook provides instructions on how to address the issue.
Over time, recipes in the cookbooks get updated because you encounter better ones, or maybe yummier ones. Similarly, playbooks need to be updated as vulnerabilities, and incidents evolve, additionally, playbooks are updated by Cybersecurity Analysts using their past experience so that they can respond to the incidents/threats in a more efficient way and improve the security posture of the organization!
Did you like this analogy? I would love to hear about your experience with cybersecurity playbooks!
