Recommended Traps Deployment Process
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Recommended Traps Deployment Process
The Traps software is typically deployed to endpoints
across a network after an initial proof of concept (POC), which
simulates the corporate production environment. During the POC or
deployment stage, you analyze security events to determine which
are triggered by malicious activity and which are due to legitimate
processes behaving in a risky or incorrect manner. You also simulate
the number and types of endpoints, the user profiles, and the types
of applications that run on the endpoints in your organization and,
according to these factors, you define, test, and adjust the organization’s
security policy.
The goal of this multi-step process is to provide maximum protection
to the organization without interfering with legitimate workflows.
After the successful completion of the initial POC, we recommend
a multi-step implementation in the corporate production environment
for the following reasons:
- The POC doesn't always reflect all the variables that exist in your production environment.
- There is a rare chance that the Traps agent will affect business applications, which can reveal vulnerabilities in the software as a prevented attack.
- During the POC, it is much easier to isolate issues that appear and provide a solution before full implementation in a large environment where issues could potentially affect a large number of users.
A multi-step deployment approach ensures a smooth implementation
and deployment of the Traps solution throughout your network. Use
the following steps for better support and control over the added
protection.
Step | Duration | Plan |
|---|---|---|
1. Install Traps on endpoints. | 1 week | Install the Endpoint Security Manager (ESM), including
an MS SQL database, ESM Console, and ESM Server, and install the
Traps agent on a small number of endpoints (3 to 10). Test
normal behavior of the Traps agents (injection and policy) and confirm
that there is no change in the user experience. |
2. Expand the Traps deployment. | 2 weeks | Gradually expand agent distribution to larger groups
that have similar attributes (hardware, software, and users). At
the end of two weeks you can have Traps deployed on up to 100 endpoints. |
3. Complete the Traps installation. | 2 or more weeks | Broadly distribute the Traps agent throughout
the organization until all endpoints are protected. |
4. Define corporate policy and protected processes. | Up to 1 week | Add protection rules for third-party or
in-house applications and then test them. |
5. Refine corporate policy and protected processes. | Up to 1 week | Deploy security policy rules to a small
number of endpoints that use the applications frequently. Fine tune
the policy as needed. |
6. Finalize corporate policy and protected processes. | A few minutes | Deploy protection rules globally. |