There are often huge time lapses between when an incident occurs, when it is detected and when the security team can address it. As the threat landscape evolves and expands, its increasingly critical to adopt automated incident response processes. The global median time from compromise to discovery was 99 days in 2016, but half of the respondents to the 2017 SANS Incident Response Survey reported a dwell time of fewer than 24 hours. Having early access to this type of information enables security teams to detect malicious actions as early as possible in the attack phase.”]
Source: https://securityintelligence.com/reducing-dwell-time-with-automated-incident-response/