Containment

Execute short-term and long-term containment measures to prevent further spread of the threat across the environment. Isolate compromised hosts, disable affected accounts, apply network segmentation rules, and block known malicious indicators at perimeter and endpoint controls while preserving forensic evidence integrity.

Network Isolation of Compromised Systems

P1

Network Isolation

30min
View node

Credential and Account Lockdown

P1

Account Lockdown

45min
View node

Block Active Exfiltration Pathways

P1

Block Exfiltration

30min
View node

Halt Ransomware Propagation

P1

Stop Ransomware Spread

30min
View node

Revoke Cloud Sessions and Tokens

P1

Revoke Cloud Sessions

30min
View node

Covertly Restrict Insider Threat Actor Access

P1

Insider Containment

45min
View node

Phishing Containment: Block, Quarantine, Purge

P1

Phishing Quarantine

45min
View node

Roll Back and Block the Compromised Release

P1

Supply-Chain Rollback

120min
View node

Contain the Mining Workload and Entry Vector

P1

Mining Containment

60min
View node

Activate Scrubbing and Layered Mitigation

P1

DDoS Mitigation

240min
View node

Isolate Compromised Kubernetes Workload

P1

K8s Workload Isolation

120min
View node

Contain Compromised Serverless Function

P1

Serverless Containment

90min
View node