Egress filtering is a network security measure that involves scanning the headers of IP packets as they leave a network. The purpose of this technique is to ensure that unauthorized or malicious traffic does not exit the internal network. This is achieved by implementing rules that define which types of traffic are allowed to leave the network. By filtering outgoing traffic, egress filtering helps prevent data exfiltration and blocks the communication of malware with external command-and-control servers.
References: The EC-Council's Certified SOC Analyst (CSA) program covers the fundamentals of SOC operations, including the importance of egress filtering in protecting a network's perimeter. The CSA training and credentialing program provides in-depth knowledge on various SOC processes, such as log management, SIEM deployment, incident detection, and response, which includes the implementation of egress filtering as a security control12.

The primary step in containing a malware incident is to isolate the infected machine to prevent the malware from spreading to other systems. This can be done by disconnecting it from the network and turning it off.
This action helps to contain the incident and allows for a proper investigation without the risk of further infection or data loss.
References: The EC-Council's Certified SOC Analyst (CSA) program emphasizes the importance of quick response to security incidents, including malware infections. The training includes understanding security threats, attacks, vulnerabilities, and the appropriate responses to such incidents. The CSA program also covers the procedures for incident response, which includes the containment strategies for incidents like malware outbreaks123.