What is a common method for containing a malware infection?

Isolating the infected systems from the network is a fundamental step in containing a malware infection because it prevents the malware from spreading to other devices and systems. When systems are infected, they can communicate with other devices on the network, which may lead to additional infections. By isolating these systems, the organizations can effectively stop the malware from propagating, allowing the security team to focus on remediation efforts without the risk of further impact on the overall network.

Updating antivirus software, while important for ensuring that systems have the latest defenses against known threats, does not directly contain an existing infection. It can help in detecting and removing malware, but it doesn't isolate the threat already present in the network.

Changing all user passwords can be a part of a broader incident response strategy, particularly in the context of credential theft or unauthorized access. However, it does not address the immediate spread of malware itself, nor does it isolate infected systems.

Conducting user training sessions is an excellent preventative measure for reducing the likelihood of future incidents, but it does not provide an active containment mechanism for existing malware infections. Therefore, isolating infected systems is the most effective method in the scenario presented.