search

Containment tools and techniques

hashtag
Common containment tools

  • Packet sniffers

  • Forensics tools

  • Endpoint management tools

  • Network and infrastructure equipment

hashtag
Forensics tools

Check memory/network/hosts for signs of compromise

Sometimes these tools are best for verification of infection

hashtag
Endpoint management tools

Generally not security tools

Useful for quickly shutting down or removing devices from the network

May also assist in assessing whether a device may be compromised

hashtag
Network and infrastructure equipment

Aid in traffic isolation

May be able to "disconnect" a device without physically disconnecting it

Route traffic to sandboxes or research DMZs for observation

PreviousContainment actionsNextIncident investigation

Last updated