// THREAT DETECTION AND DATA PRIVACY TERM
Containment
Containment is the phase in incident response where security teams take steps to stop a cyberattack from spreading further and minimize its impact on systems and data. This often involves isolating affected systems or removing the threat from the network.
TECHNICAL DEFINITION
Containment, a critical phase within the cybersecurity incident response lifecycle, involves applying tactical measures to prevent the propagation of an identified cyber threat, such as malware or unauthorized access, across an organization's network or systems, thereby limiting damage and preserving forensic evidence for subsequent eradication and recovery efforts.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Threat isolation
- Damage control
- Incident limitation
- System quarantine
- Threat mitigation
USAGE NOTE
Containment is typically the second phase in the incident response process, following identification and preceding eradication, requiring swift action to prevent further harm.
DEVELOPERS
Organizations developing technology related to Containment.
CrowdStrike is a leader in cloud-native endpoint protection, offering Falcon, an AI-powered platform for endpoint detection and response (EDR), next-gen antivirus, and threat intelligence, with robust capabilities for automated and manual threat containment across endpoints and workloads.
Palo Alto Networks provides a comprehensive cybersecurity platform including next-generation firewalls, cloud security, and Cortex XDR for extended detection and response, enabling organizations to prevent, detect, and contain advanced threats across their infrastructure.
SentinelOne offers an AI-powered security platform that provides autonomous endpoint protection, detection, and response (XDR), including powerful automated containment and remediation capabilities to neutralize threats in real-time.
Fortinet delivers broad, integrated, and automated cybersecurity solutions, including next-generation firewalls, endpoint security, and network access control, which are critical for network segmentation and containing security breaches.
Microsoft provides a vast suite of enterprise security products, including Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Microsoft 365 Defender, offering advanced threat detection, investigation, and automated containment across endpoints, identities, and cloud applications.
Cisco offers a wide range of security solutions, including network security, endpoint security (Cisco Secure Endpoint), and SecureX, their integrated security platform, which facilitates rapid detection, investigation, and containment of threats across the entire attack continuum.
Sophos develops endpoint and network security solutions, including Intercept X for endpoint protection and Managed Threat Response (MTR), which features active threat containment, isolating compromised devices to prevent further spread of attacks.
Darktrace specializes in AI-powered cyber security, using its 'Self-Learning AI' to detect and autonomously respond to threats across an organization's digital estate, including active containment actions to stop in-progress attacks.