Monitoring is hope; containment is the alternative.
Advisory enforcement with direct DNS, socket, and credential access compared with physical containment through removed execution primitives, RPC stubs, and a fail-closed isolated boundary.