It works in such a way that as soon as an attack is detected and an alarm is raised, your system automatically react by isolating the infected machines. With the right automated incident response tools, your IT security teams can stay in control and respond to intrusions swiftly. While automation cannot replace human security analysts, it can allow analysts in conserving time for higher priorities and make the incident response processes run swiftly.
If you rely on manual processes to contain and investigate a malware intrusion, it means you are faced with a long to-do list of tedious tasks: identifying all the infected systems, researching the threat, gathering event logs from different locations to investigate, and more. And if your security solution bombards you with noisy alarms, you might not realise you have something significant on your hands until the damage has progressed.