Skip to content
Log in

Long-term containment

Definition

The incident response phase in which emergency stabilisation measures are replaced with durable controls, such as patches, credential rotation, and firewall changes, that limit the attacker's access while preserving business operations and evidence integrity.

Related terms

Access revocation
The removal of permissions, accounts, or trust relationships that the attacker exploited or could exploit. Distinct from credential rotation in that it...
Attack surface reduction
The systematic elimination of pathways an attacker could use to enter or move within a system. In incident response this includes closing...
Compensating control
A security measure that reduces risk when the ideal control cannot be applied immediately. For example, routing traffic through a monitored proxy...
Credential rotation
The process of invalidating and replacing passwords, API keys, certificates, and other authentication tokens that may have been exposed during an incident....
System hardening
Configuration changes that reduce a system's attack surface by disabling unnecessary services, applying least-privilege access, enabling audit logging, and removing or restricting...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account