Visually Assessing Possible Courses of Action for a Computer Network Incursion

When a computer is compromised a standard incident handling process is followed to mitigate damage, expunge the attack, and recover the system. In order to prevent possible spread of an attack, the incident handler will try to isolate the victimized system. Isolation may involve disabling the asset or blocking the attacker's access. This report presents a tool that allows the security analyst to visually evaluate various containment options to minimize operational impacts.