Containment

Containment in incident response refers to the actions taken to limit the scope and impact of a security incident. It involves isolating affected systems or networks to prevent the incident from spreading further, minimizing damage, and preserving evidence for investigation. This can include actions like disconnecting compromised machines from the network, shutting down vulnerable applications, or implementing temporary security controls.

Visit the following resources to learn more:

• @article@Microsoft Security Incident Management: Containment, Eradication, and Recovery
• @article@Containment - AWS