Containment strategies in Cybersecurity - Time & Space Complexity

When dealing with containment strategies in cybersecurity, it's important to understand how the effort to contain an incident grows as the size of the affected system increases.

We want to know how the time to isolate and control threats changes when more devices or systems are involved.

Analyze the time complexity of the following containment process.

// Pseudocode for containment strategy
for each device in affected_network:
    isolate(device)
    scan(device)
    if threat_found(device):
        remove_threat(device)
        notify_team(device)

This code isolates and scans each device in the affected network, then removes threats and notifies the team if a threat is found.

Look at what repeats as the network size grows.

• Primary operation: Looping through each device to isolate and scan.
• How many times: Once for every device in the affected network.

As the number of devices increases, the total time to contain grows proportionally.

Input Size (n)	Approx. Operations
10	About 10 isolations and scans
100	About 100 isolations and scans
1000	About 1000 isolations and scans

Pattern observation: The work grows directly with the number of devices; doubling devices doubles the work.

Time Complexity: O(n)

This means the time to contain the threat grows in a straight line with the number of devices affected.

[X] Wrong: "Containment time stays the same no matter how many devices are affected."

[OK] Correct: Each device needs individual attention, so more devices mean more work and more time.

Understanding how containment scales helps you explain your approach clearly and shows you grasp practical incident response challenges.

"What if containment could isolate multiple devices at once? How would that change the time complexity?"