Endpoint isolation cuts a compromised endpoint's network connections while maintaining management plane access — stopping lateral movement and C2 while preserving the ability to investigate and remediate.
Modern EDR solutions (CrowdStrike, Defender for Endpoint) support one-click network isolation. Maintain management access while blocking all other traffic. Isolate as soon as ransomware or active attack is confirmed.