Containment tools and techniques
Common containment tools
Packet sniffers
Forensics tools
Endpoint management tools
Network and infrastructure equipment
Forensics tools
Check memory/network/hosts for signs of compromise
Sometimes these tools are best for verification of infection
Endpoint management tools
Generally not security tools
Useful for quickly shutting down or removing devices from the network
May also assist in assessing whether a device may be compromised
Network and infrastructure equipment
Aid in traffic isolation
May be able to "disconnect" a device without physically disconnecting it
Route traffic to sandboxes or research DMZs for observation
Last updated