Containment

1. Isolation

Physically or logically isolate affected systems:

• Disconnect compromised devices from the network
• Isolate infected servers

2. Network Segmentation

Implement network segmentation to limit lateral movement:

• Isolate critical systems from the rest of the network
• Restrict traffic between network segments

3. Endpoint Isolation

Disconnect compromised endpoints:

• Disable compromised user accounts
• Isolate infected devices from the network

4. Firewall Rules

Adjust firewall rules to block malicious traffic:

• Block incoming/outgoing connections to known malicious IPs
• Restrict access to vulnerable services