Many companies have automated systems in place for preventing, detecting, and investigating security incidents, but automating the incident response and mitigation process for networks and endpoint devices has been a tougher nut to crack.
That includes actions such as automatically re-imaging endpoint devices, isolating devices from corporate networks, or shutting down particular network processes in order to quickly and efficiently respond to attacks.
"I think there's a lot of potential," said Joseph Blankenship, analyst at Forrester Research. "We're definitely in a period of discovery, though, and that has to take place before we're going to see widespread, mainstream adoption."