Containment Architecture and Guardrails
RCCE students will learn incident containment strategies including network isolation, account suspension, system quarantine, and threat neutralization during active security incidents. RCCE students will learn to make rapid containment decisions that balance security with business continuity, implement network-level containment using firewall rules and VLAN isolation, execute host-level containment through endpoint isolation and process termination, contain compromised accounts through credential reset and session revocation, document containment actions for forensic and legal purposes, and coordinate containment activities across distributed teams and environments. This architecture course teaches secure system design using proven patterns, guardrails, and reference architectures. At an expert level, RCCE students will learn to evaluate design options against security requirements, make informed trade-off decisions, and build systems that are resilient by design. Students gain the architectural thinking skills needed for security engineering and solution design roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Containment Architecture and Guardrails
- Design a scalable privilege management architecture with policy and enforcement
- Explain Module Overview fundamentals
- Execute hands-on tasks for what you will master — covering Rapid containment decision-making.
- Execute hands-on tasks for architectural thinking — covering Evaluate designs against security requirements.
- Execute hands-on tasks for recovery prep — covering Segment compromised, Terminate malicious, containment.
- Execute hands-on tasks for containment decision framework
- Execute hands-on tasks for network-level containment: firewall rules
- Execute hands-on tasks for emergency firewall actions — covering Block all egress from compromised subnet.
- Execute hands-on tasks for rule deployment strategy — covering Push rules to perimeter firewall first.
- Execute hands-on tasks for vlan migration procedure — covering Identify all ports on compromised host.
- Execute hands-on tasks for forensic vlan setup — covering Dedicated VLAN for IR team access.
| Module 01 | Containment Architecture |
| Module 02 | Module Overview |
| Module 03 | What You Will Master |
| Module 04 | Architectural Thinking |
| Module 05 | Containment Architecture Fundamentals |
| Module 06 | Recovery Prep |
| Module 07 | Containment Decision Framework |
| Module 08 | Network-Level Containment: Firewall Rules |
| Module 09 | Emergency Firewall Actions |
| Module 10 | Rule Deployment Strategy |
| Module 11 | VLAN Migration Procedure |
| Module 12 | Forensic VLAN Setup |
| Module 13 | Host-Level Containment: Endpoint Isolation |
| Module 14 | Process Termination |
All hands-on labs run on Rocheston Rose X OS. Students practice containment architecture and guardrails by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Design a scalable privilege management architecture with policy and enforcement
- Lab 2: Explain Module Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will master
- Lab 4: Execute hands-on tasks for architectural thinking
- Lab 5: Design a scalable privilege management architecture with policy and enforcement
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Containment Architecture and Guardrails, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI