To enhance your results with DeepArmor, consider the following best practice recommendations.
Policy Best Practices
• Limit Initial Deployment -- Before deploying DeepArmor across an organization, run a limited test pilot deployment of DeepArmor.
• Adjust Policy -- Deploy DeepArmor initially to a small group of systems with Automated Alert Action set to Alert Only. Monitor the management console for alerts on applications or processes that are considered safe. Adjust the policy (whitelisting) to enable these applications/processes to run on all systems without alerting DeepArmor.
• Executable Detection First -- During the initial deployment, limit DeepArmor first to executable detection only. This enables identification and quarantine for malicious or abnormal processes and files that exist within your environment. Tighten protection policy in a phased manner to eventually include document and In-memory attack vectors.
Group Best Practices
Establish initial device groups to organize devices for pilot, policy, and user-role granularity within the organization.
• Policy Groups -- Establish pilot groups to manage the initial rollout and test new agent updates
• Device Differentiation -- Establish policy-based groups to differentiate between different types of devices, such as workstations and servers. This can include devices with exclusions.
• Novel Groups/Roles -- Various identifiers, limited only by imagination, can define groups. For example: – User-Roles like departmental association such as sales, marketing, or engineering – User locations such as office number, geographical or floor location