Rapid Quarantine

Managed Detection and Response + Automatic Incident Response

How it Works

Rapid Quarantine is an opt-in service for MDR for EDR and MDR for O365 services we offer at no additional cost, and is dependent on your present EDR solutions and licensing levels. Our SOC will take action on your behalf to stop threats as part of our remediation efforts during a confirmed incident. This limits the damage from a breach.

Playbook Outline

In collaboration with you, we review (or establish) playbooks that describe what should happen in case of a breach.

Clear Expectations

Depending on your preferences, you authorize us to take action on the network automatically or manually on your behalf.

Breach Event Response

The 24x7x365 Critical Insight Incident Responders execute the established playbook when a breach occurs.

Quarantined Attack

Post-response, we report the incident and work with the victim organization to remediate and eliminate the vulnerability.

Enable faster response

Our EDR service utilizes third party Endpoint Detection and Response (EDR) products to monitor for risky activity. Rapid Quarantine allows our SOC to take action using your EDR to isolate any endpoints on your network.

Incidents can occur at any time, day or night. This service provides greater security and peace of mind because our 24x7x365 SOC will quarantine threats for you. Then, you can choose how you want to proceed knowing the immediate threat has been neutralized.

SOC Response

You maintain control

This service is governed by an agreed upon Rapid Quarantine Playbook. If you do not have one, our Professional Services team can assist you.

As part of your initial deployment, you may choose which assets or accounts we should quarantine immediately, seek approval before quarantining, or just contact and do not quarantine.

By isolating the endpoint, threat actors will be unable to access to the internet or network, preventing them from accessing the endpoint and preventing any further spread or exfiltration.

After the investigation, you can un-isolate the asset via your EDR dashboard.

Related Solutions