With an ever-growing threat from cyber attacks, we now live in a world where security operation centers (SOC) are the norm. These typically feature a number of cybersecurity analysts watching screens for alerts, and then following a play book for any alerts that occur. When done well, these operations will usually identify and remediate common attacks very quickly. For example, responding to an alert about a malware attack on a system, they would typically block the system from the network, and send field personnel to clean it up.