Incident Response

Contain a Breach.
Before It Spreads.

Cut any compromised device off from inbound network traffic in under 15 seconds — while keeping your outbound command channel alive so you stay in control.

Deploy Incident Response View Plans

<15s

To Full Isolation

0

Inbound Traffic After

100%

Agent Channel Kept

1-click

De-Isolate to Recover

How It Works

The Critical 15 Seconds That Stop a Breach

STEP 01

Threat Detected

You receive an alert — ransomware activity, unusual data transfers, a compromised account. Every second of delay is more data exfiltrated or encrypted.

STEP 02

Issue Isolate Command

One click in the Sentinel dashboard. The isolate command is signed, encrypted, and dispatched to the device. No ticket. No VPN. No waiting for IT.

STEP 03

Firewall Rules Applied

The agent applies strict firewall rules that block all inbound traffic. The attacker loses their connection. The ransomware loses its C2 channel. Data exfiltration stops.

STEP 04

You Stay in Control

The outbound Sentinel channel is explicitly whitelisted — so you can still lock, snapshot, wipe, or de-isolate the device once the threat is assessed and remediated.

INCIDENT LOG — SNTNL-KE-00088 — 2026-06-25

09:14:02

Unusual outbound data transfer detected
3.2 GB uploaded to unknown IP 185.220.101.47 via port 443

CRITICAL

09:14:09

Admin issued ISOLATE command
Operator: admin@company.ke — 7 seconds after alert

RESPONDING

09:14:22

Device acknowledged — firewall rules applied
All inbound traffic blocked. Outbound agent channel preserved.

ISOLATED

09:14:23

Exfiltration channel terminated
Remote attacker connection dropped. No further data loss.

CONTAINED

09:22:41

Admin issued WIPE command for forensic rebuild
Total containment-to-remediation: 8 minutes 39 seconds

REMEDIATED

Threat Scenarios

The Breaches You Can Actually Stop

Ransomware Outbreak

One workstation gets compromised. Isolate it before the ransomware spreads laterally to the rest of the network. The C2 channel is cut. Encryption stops at one machine.

Ransomware

Insider Data Theft

An employee is downloading your client database before resigning. Isolate their laptop mid-transfer. The upload stops. The client list stays yours. HR handles the rest.

Insider Threat

Compromised Account

Login credentials leaked or stolen. An attacker is accessing your system from a compromised device. Isolate it immediately while you investigate and rotate credentials.

Account Security

Supply Chain Malware

A software update installs malware on a workstation. It's phoning home. Isolate it before it beacons your internal network topology to the attacker.

Malware

Technical Specifications

Isolation Without Losing Control

Linux Implementation

iptables rules applied by the agent: DROP all INPUT, DROP all FORWARD, except established Sentinel outbound connections.

Windows Implementation

Windows Defender Firewall rules — block all inbound, allow only pre-established Sentinel poll connections through the firewall.

Agent Channel

The Sentinel agent's outbound HTTPS poll channel is explicitly preserved. You cannot accidentally lock yourself out — the agent keeps checking in.

De-Isolation

Issue the Un-Isolate command from the dashboard. Firewall rules are removed on the next agent poll. Full network restored in under 15 seconds.

Audit Trail

Every isolation event is logged with: timestamp, operator identity, device state, GPS, network info. Full chain of evidence for post-incident forensics.

Combine with Wipe

After isolating, you can issue a Wipe command while still isolated. Data is destroyed before the device can reconnect and re-exfiltrate.

Emergency Preparedness

The Breach Is Coming. Be Ready.

Most organisations discover a breach days after it happens. Sentinel gives you a 15-second containment window from the moment you know.

Deploy Sentinel Now View Plans — From $29/mo WhatsApp Sales