RS.MI-01.339

Do your cybersecurity technologies and security features in other systems automatically perform containment actions when threats are detected?

Explanation

Automatic containment actions are security measures that isolate or restrict potentially malicious activities without requiring manual intervention. Examples include antivirus software automatically quarantining infected files, firewalls blocking suspicious network traffic, intrusion prevention systems terminating suspicious connections, and endpoint protection platforms isolating compromised devices from the network. Evidence of fulfillment could include configuration screenshots of security tools showing enabled automatic containment features, security tool logs demonstrating containment actions taken during incidents, documentation of containment policies implemented in security technologies, or vendor specifications highlighting the automatic containment capabilities deployed in your environment.

Implementation Example

Cybersecurity technologies (e.g., antivirus software) and cybersecurity features of other technologies (e.g., operating systems, network infrastructure devices) automatically perform containment actions

ID: RS.MI-01.339

Context

Function: RS: RESPOND
Category: RS.MI: Incident Mitigation
Sub-Category: Incidents are contained

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub