I saw an article about automating responses to security issues being a marathon not a sprint. The articles gives a few examples of different levels of automation response to situations, noting that each of this is a different level of maturity in the organization. At early stages, the response is mostly alerting a human to take action. Later, the automation will make some changes, but still defer to a human for more actions. The final example is automation handling most of the issue itself. Note, none of this means humans are unaware of what responses are being made.

The idea is that improving security with automation is something that takes place across time, as the organization matures and becomes more comfortable and trusting of automation. It's a marathon, where we push, but we know this will take some time to get to the end. It's not a sprint where we make a quick fix and get a result.

Read the rest of Think Marathon, not Sprint