Endpoint containment automatically (or manually) isolates endpoints when they are associated with malicious detections. If a detection matches one of the following settings, but the setting is disabled, the detection will be escalated to your team.

High Value Assets

Automatically isolates HVAs when detections are discovered. HVAs are endpoints associated with VIPs in your organization or critical infrastructure. This setting should be enabled with caution and discussions with the Wirespeed team before enabling. Once this setting is enabled, HVAs will only be contained when one of the other settings (e.g LST or unmitigated malware) are present on the detection and enabled.

Servers

Automatically isolates servers when detections are discovered. Servers are endpoints that are identified as servers in your environment.

Late Stage Tools

When a detection is discovered to be using late stage tools it is almost guaranteed an active breach is in progress. Enabling this setting is one of our secure default options and should always be enabled.

Unmitigated Malware

When a detection is discovered to be using malware (but is not a late stage tool). Many things may be considered malware in an environment, but are not malicious. It is best to disable this setting until you have a good amount of data to verify how unmitigated malware is represented in your environment.