security

Containment

Incident Containment

Definition

Containment is the incident response phase focused on limiting the spread and impact of an active security incident. Actions include isolating compromised systems, revoking credentials, blocking malicious IPs, and disabling compromised accounts.

Short-term containment prioritizes stopping damage quickly; long-term containment involves hardening the environment while systems are rebuilt.

Related Terms

DFIR

Digital Forensics and Incident Response

Eradication

Threat Eradication

Playbook

Security Response Playbook

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product