security

Eradication

Threat Eradication

Definition

Eradication is the incident response phase where the root cause of a compromise is removed from the environment — including deleting malware, closing exploited vulnerabilities, removing attacker persistence mechanisms, and revoking compromised credentials. Eradication must be thorough before recovery begins; incomplete eradication leads to re-compromise.

It follows Containment and precedes Recovery in the NIST IR lifecycle.

Related Terms

Containment

Incident Containment

DFIR

Digital Forensics and Incident Response

RCA

Root Cause Analysis

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product