Module 10: Active Incident Containment

Isolation Techniques

Network Isolation

Primarily used to prevent network congestion and improve overall network performance. However, it also allows us to establish discrete zones within a network, each furnished with its distinct security policy and access controls.

Tiered Isolation

Tier 0: Highest importance within the organization.

Tier 1: Assets essential to an organizations' daily operations, though not as critical as Tier 0.

Tier 2: Assets that, while less critical, still contribute value to the organizations' operations.

Virtualization Isolation

Containment Strategies

Containment Impact on Businesses

Weigh the impacts of isolation, etc. against business operations.

Manual and Automated Containment

Automation can be rigid in its flexibility and can have an increased amount of false positives. Manual can be slow and resource (human resources) intensive.

Single-Host Compromise Containment

Walkthrough of a single compromised host being contained.

Partial Compromise Containment

Walkthrough of an incident surpassing the confines of a single compromised host or device within the network, extending its reach and the potential breach.

Full Compromise Containment

Walkthrough of a full compromise containment.

PreviousModule 9: Incident Response Case Management NextModule 11: Incident Eradication and Recovery

Last updated 1 year ago

hashtagIsolation Techniques

hashtagNetwork Isolation

hashtagTiered Isolation

hashtagVirtualization Isolation

hashtagContainment Strategies

hashtagContainment Impact on Businesses

hashtagManual and Automated Containment

hashtagSingle-Host Compromise Containment

hashtagPartial Compromise Containment

hashtagFull Compromise Containment