Containment—you see it in the response frameworks. What does it mean in practice? How do the new trends, such as hunting in the network, help? This discussion will explore the decisions, trade space and technical capabilities needed to perform containment while trying to support continued operations under pressure.

Learning Objectives:
1: Identify how to decide to contain adversary vice rebuild enterprise.
2: Establish methods for effective containment and measures of success.
3: Determine how mature solutions like hunting contribute to containment.