At Infinite Tech, we lead incident response using a structured lifecycle: triage, scope, containment, eradication, recovery, and post-incident review.

We start by validating the alert and assessing severity. Then investigate to determine the scope and identify affected systems. Once confirmed, we contain the threat by isolating systems or disabling compromised accounts. After that, we eradicate the root cause, such as malware or exploited vulnerabilities. We then restore systems from clean backups and monitor closely. Finally, we conduct a post-incident review to identify lessons learned and improve detection and response processes.

Common mistakes many SOCs make during containment and eradication include:

1. Acting too quickly without understanding the full scope.

2. Isolating only a single compromised host instead of investigating lateral movement.

3. Failing to disable compromised identities.

4. Trying to clean systems instead of rebuilding them. 

5. Not removing persistence mechanisms.

6. Failing to patch the initial vulnerability, and not rotating credentials after a compromise.