Recommended Traps Deployment Process
The Traps software is typically deployed to endpoints across a network after an initial proof of concept (POC), which simulates the corporate production environment. During the POC or deployment stage, you analyze security events to determine which are triggered by malicious activity and which are due to legitimate processes behaving in a risky or incorrect manner. You also simulate the number and types of endpoints, the user profiles, and the types of applications that run on the endpoints in your organization and, according to these factors, you define, test, and adjust the organization’s security policy.
The goal of this multi-step process is to provide maximum protection to the organization without interfering with legitimate workflows.
After the successful completion of the initial POC, we recommend a multi-step implementation in the corporate production environment for the following reasons:
- The POC doesn't always reflect all the variables that exist in your production environment.
- There is a rare chance that the Traps agent will affect business applications, which can reveal vulnerabilities in the software as a prevented attack.
- During the POC, it is much easier to isolate issues that appear and provide a solution before full implementation in a large environment where issues could potentially affect a large number of users.
A multi-step deployment approach ensures a smooth implementation and deployment of the Traps solution throughout your network. Use the following steps for better support and control over the added protection.
1. Install Traps on endpoints.
Install the Endpoint Security Manager (ESM), including an MS SQL database, ESM Console, and ESM Server, and install the Traps agent on a small number of endpoints (3 to 10).
Test normal behavior of the Traps agents (injection and policy) and confirm that there is no change in the user experience.
2. Expand the Traps deployment.
Gradually expand agent distribution to larger groups that have similar attributes (hardware, software, and users). At the end of two weeks you can have Traps deployed on up to 100 endpoints.
3. Complete the Traps installation.
2 or more weeks
Broadly distribute the Traps agent throughout the organization until all endpoints are protected.
4. Define corporate policy and protected processes.
Up to 1 week
Add protection rules for third-party or in-house applications and then test them.
5. Refine corporate policy and protected processes.
Up to 1 week
Deploy security policy rules to a small number of endpoints that use the applications frequently. Fine tune the policy as needed.
6. Finalize corporate policy and protected processes.
A few minutes
Deploy protection rules globally.
Traps Installation Options
Traps Installation Options You can install Traps in the following ways: Install from the endpoint —In situations where you need to install Traps on a ...
Set Up the Endpoint Infrastructure
Set Up the Endpoint Infrastructure Use the following workflow to set up the Endpoint infrastructure or, to upgrade your existing Endpoint infrastructure, use the workflow ...
Set Up the Endpoints
Set Up the Endpoints To set up Traps on the endpoints within your organization, see the following topics: Recommended Traps Deployment Process Traps Installation Options ...
Maintain the Endpoints and Traps
Maintain the Endpoints and Traps On a daily or weekly basis, perform the following actions: Examine the Dashboard to verify that the Traps agent is ...
View Processes Currently Protected by Traps
View Processes Currently Protected by Traps The Protection tab on the Traps console displays processes run by the current user that are currently protected by ...
Features Introduced in Traps Endpoint Security Manager
Features Introduced in Traps Endpoint Security Manager The following topics describe the new features introduced in Traps Endpoint Security Manager (ESM) 4.1. For additional information ...
Traps Components The Traps solution centers around the Endpoint Security Manager (ESM), which comprises an ESM Console, a database, an ESM Server, and the Traps ...
Install Traps Components Using Windows Msiexec
Install Traps Components Using Windows Msiexec As an alternative to using the Windows installers, you can use Windows Msiexec to install the ESM Server and ...