Which tool is used by a SOC analyst to quarantine an endpoint?

In the event of a confirmed compromise, a SOC analyst must act quickly to prevent lateral movement.Cisco XDR (Extended Detection and Response)is the integrated security platform designed to provide cross-layered detection and automated response actions across the network, endpoint, and cloud. One of the most critical response actions within XDR is the ability toquarantine or isolate an endpoint.

Cisco XDR integrates with endpoint security agents (like Cisco Secure Client) and network infrastructure (like Cisco ISE). From a single interface, an analyst can trigger a "Host Isolation" command. This command instructs the endpoint agent to block all network traffic except for communication with the security console, effectively putting the device in digital quarantine. This is much faster and more effective than manually tracking down the device. Aflow collector(Option A) andsyslog(Option B) are diagnostic tools used for visibility and logging; they cannot take active enforcement actions. Aload balancer(Option C) manages traffic distribution for applications and is irrelevant to endpoint containment. Cisco XDR fulfills the SDSI objective of "Securing Infrastructure through Automation," allowing SOC teams to mitigate threats at scale through coordinated response workflows.

========