Enabling automation is a critical component of every organization that wishes to address the speed and scale of modern cyber attack. Without orchestrated automated response via security tools, it is often not possible to respond to cyber threat intelligence in a timeframe that enables network defense. However, organizations often find themselves struggling to understand which of their security tools can leverage these capabilities. Merely having an Application Programming Interface (API) to a product is not enough. The factors identified in this guide will help each organization assess whether or not their tools can leverage the significant benefits of automated responses and identify features that they can request from their vendors to support their operational needs to assure business continuity while under cyber attack.