Pt 1 – Adversary playbooks as a cybersecurity first principle strategy.
If you are a believer in intrusion kill chain prevention as an essential cybersecurity first principle, then adversary playbooks are the key component. The general idea has been around since 2014 but the industry hasn’t embraced it. That doesn’t mean that it’s not the right idea. Adversary playbooks may not be the perfect solution that we need for deploying an intrusion kill chain prevention strategy, but there is nothing else out there right now that can operate at scale. If you are looking to pursue this idea, adversary playbooks are the path. And the thing is, we are so close. It wouldn’t take much to bump the security industry in this general direction. In this part one of a two part series, Rick Howard, the Cyberwire’s CSO and Chief Analyst, describes some first principle thinking when it comes to adversary playbooks.
For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.