A security operations center (SOC) wants to implement an automated workflow that automatically isolates an endpoint as soon as the EDR platform confirms malware execution. Which PRIMARY benefit of security automation does this approach provide?
Delegation of security policy creation to senior management
Automatic generation of detailed compliance reports for auditors
Centralized storage of log data for long-term retention
Reduced response time by eliminating manual containment steps
Automating endpoint isolation removes the manual containment step, allowing the SOC to cut mean time to respond (MTTR) and stop malware from spreading. Although automation platforms can also generate compliance reports or store logs, those capabilities do not directly address the urgency of containing an active threat. Policy creation and user-training compliance remain management functions rather than technical automation tasks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an EDR platform in cybersecurity?
Open an interactive chat with Bash
What does 'mean time to respond' (MTTR) mean in incident response?
Open an interactive chat with Bash
How does automation improve security operations in a SOC?