Plan Your Agent Deployment
Plan your Cortex XDR agent software deployment carefully.
You typically deploy
Cortex
XDR agent software
to endpoints across a network after an initial proof of concept
(POC), which simulates your corporate production environment. During
the POC or deployment stage, you analyze security events to determine which
are triggered by malicious activity and which are due to legitimate
processes behaving in a risky or incorrect manner. You also simulate
the number and types of endpoints, the user profiles, and the types
of applications that run on the endpoints in your organization and,
according to these factors, you define, test, and adjust the security
policy for your organization.The goal of this multi-step process is to provide maximum protection
to the organization without interfering with legitimate workflows.
After the successful completion of the initial POC, we recommend
a multi-step implementation in the corporate production environment
for the following reasons:
- The POC doesn't always reflect all the variables that exist in your production environment.
- There is a rare chance that theCortexXDR agent will affect business applications, which can reveal vulnerabilities in the software as a prevented attack.
- During the POC, it is much easier to isolate issues that appear and provide a solution before full implementation in a large environment where issues could affect a large number of users.
A multi-step deployment approach ensures a smooth implementation
and deployment of the
Cortex
XDR
solution
throughout your network. Use the following steps for better support
and control over the added protection.Step | Duration | Plan |
|---|---|---|
0. Calculate the bandwidth required to support
the number of agents you plan to deploy. | as needed | For every 100,000 agents, you will need to allocate
120Mbps of bandwidth. The bandwidth requirement scales linearly.
For example, to support 300,000 agents, plan to allocate 360Mbps
of bandwidth (three times the amount required for 100,000 agents). |
1. Install Cortex XDR on endpoints. | 1 week | Install the Cortex XDR agent
on a small number of endpoints (3 to 10).Test normal behavior
of the Cortex XDR agents (injection and policy)
and confirm that there is no change in the user experience. |
2. Expand the Cortex XDR deployment. | 2 weeks | Gradually expand agent distribution to larger
groups that have similar attributes (hardware, software, and users).
At the end of two weeks you can have Cortex XDR deployed on up to 100 endpoints. |
3. Complete the Cortex XDR installation. | 2 or more weeks | Broadly distribute the Cortex XDR agent
throughout the organization until all endpoints are protected. |
4. Define corporate policy and protected processes. | Up to 1 week | Add protection rules for third-party or in-house
applications and then test them. |
5. Refine corporate policy and protected processes. | Up to 1 week | Deploy security policy rules to a small number
of endpoints that use the applications frequently. Fine tune the
policy as needed. |
6. Finalize corporate policy and protected
processes. | A few minutes | Deploy protection rules globally. |
Recommended For You
Recommended Videos
Recommended videos not found.
