We had a security issue with our vendor and had to terminate services/access immediately. I'm an IT project manager and not a network guy so I understand the basics, but I just coming up to speed on the "detailed" configurations.
They use a combination of VNC and Kaseya to maintain a connection to their remote central server since we have all inbound traffic blocked. It looks like port 5721 and 5722 are carrying the traffic.
How can I block the destination ip address, Kaseya, and VNC? Assuming that is the best way to isolate our system from their access.