Some cyberattackers penetrate enterprise cyberdefenses no matter how well the defenses are designed, implemented, and maintained. Responding to these incidents (in other words, incident response) and the related costs are facts of life in the modern cyberenvironment. An enterprise often accepts a number of minor cyberincidents provided those incidents are contained. Enterprise endpoints and servers are destined to be compromised. It benefits the enterprise to embrace this reality and simply deal with these compromised systems as quickly and as cheaply as possible.