Incident response (IR) automation and orchestration was one of the hottest topics in the halls of the Moscone Center. IR is dominated by manual processes, which ultimately get in the way of overall IR productivity. IR tasks such as fetching data, tracking events or collaborating with colleagues depend upon the organizational, communications and technical skills of individuals within the security operations team. The top area cited (33 percent) was security analysis and investigations; IR is bound to suffer from a cybersecurity skills shortage. The IR is a dysfunctional team sport; the SOC team may be responsible for finding the fires, but it counts on IT operations to fight the fires.”]
Source: https://www.csoonline.com/article/3181360/why-is-ir-automation-and-orchestration-so-hot.html