Containment Threats and Detection
RCCE students will learn incident containment strategies including network isolation, account suspension, system quarantine, and threat neutralization during active security incidents. RCCE students will learn to make rapid containment decisions that balance security with business continuity, implement network-level containment using firewall rules and VLAN isolation, execute host-level containment through endpoint isolation and process termination, contain compromised accounts through credential reset and session revocation, document containment actions for forensic and legal purposes, and coordinate containment activities across distributed teams and environments. This threat-focused course teaches students to think like adversaries while building robust defenses. At an expert level, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Containment Threats and Detection
- Execute hands-on tasks for containment threats
- Explain Course Overview fundamentals
- Execute hands-on tasks for learning scope — covering Rapid containment decision-making.
- Execute hands-on tasks for target audience
- Execute hands-on tasks for delivery format — covering Lecture with visual workflows.
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for rapid containment decisions
- Execute hands-on tasks for network-level containment
- Execute hands-on tasks for host-level containment
- Execute hands-on tasks for account containment
- Execute hands-on tasks for module topic map
- Execute hands-on tasks for 1. containment fundamentals
| Module 01 | Containment Threats |
| Module 02 | Course Overview |
| Module 03 | Learning Scope |
| Module 04 | Target Audience |
| Module 05 | Delivery Format |
| Module 06 | Learning Objectives |
| Module 07 | Rapid Containment Decisions |
| Module 08 | Network-Level Containment |
| Module 09 | Host-Level Containment |
| Module 10 | Account Containment |
| Module 11 | Module Topic Map |
| Module 12 | 1. Containment Fundamentals |
| Module 13 | 2. Decision Frameworks |
| Module 14 | 3. Network Containment |
All hands-on labs run on Rocheston Rose X OS. Students practice containment threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for containment threats
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for learning scope
- Lab 4: Execute hands-on tasks for target audience
- Lab 5: Execute hands-on tasks for delivery format
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Containment Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI