cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
vnaidu
Level 11
Report Inappropriate Content
Message 1 of 4

ENS Policy Best Practices

Jump to solution

Dear All,

We understand that there are some character limit for the low risk which we have already been used number of characters is now 7,346, however I heard that, the total character limit would be 16K.

Please suggest me with the following.

1. We had almost 600 plus policies for high/low/default process policy list for OAS.

2. We had to extract the process from all the three and segregated them from all the policies and created safe/standard/toxic.

3. Standard policy will have file and folder exclusion list along with a few process exclusions.

4. Safe would have all the policies consolidated from almost all the existing default process, low and high risk policies.

5. Toxic has a few processes identified for particular applications which we categorized as critical servers, which are the servers with critical applications installed and derived some 300 plus processes.

6. Our aim is to eliminate the file folder exclusions but to keep its respective processes as per the defined categories safe/standard/toxic.

7. Now we have assigned safe policies for the machines irrespective of containers in the system tree as per the categorization against the process list.

8. Toxic we have assigned it to particular servers across the system tree that falls in to this category.

9. Standard we have assigned to the org level, so all the machines would get standard policy from the org level.

10. Then gets the safe or toxic policies.

Suggest me if this is a good approach. Your valuable suggestions are much appreciated.

Regards,

Venu
1 Solution

Accepted Solutions
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: ENS Policy Best Practices

Jump to solution

Best practice would be to have a default policy with minimal exclusions applied to all systems. Systems with special applications requiring exclusions should then have seperate policies applied.

As already discussed on other posts, keep the amount of exclusions to an absolute minimum otherwise you compromise the security of your environment. I am glad to hear you are now sorting out the exclusions you apply in your environment!

 

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
3 Replies
vnaidu
Level 11
Report Inappropriate Content
Message 2 of 4

Re: ENS Policy Best Practices

Jump to solution

Hi All,

Can someone one help me with your valuable suggestions. I look forward your reply.

Venu
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: ENS Policy Best Practices

Jump to solution

Best practice would be to have a default policy with minimal exclusions applied to all systems. Systems with special applications requiring exclusions should then have seperate policies applied.

As already discussed on other posts, keep the amount of exclusions to an absolute minimum otherwise you compromise the security of your environment. I am glad to hear you are now sorting out the exclusions you apply in your environment!

 

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
vnaidu
Level 11
Report Inappropriate Content
Message 4 of 4

Re: ENS Policy Best Practices

Jump to solution

@chealey

Thank you for the suggestion, I am to initiate a pilot tomorrow, so I asked this question multiple times in order to make myself clear and to avert any possibility of risk/issues once I go live. For now I am relying on the categorization, standard which is default, safe which is common for some set of application servers and toxic for a bunch of critical servers where the processes defined are different from each category.

Thank you once again for your time.

Regards,

 

Venu
Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.