Security Agents Decision Chart
What kind of device is it?
- A Server
Includes servers located in a datacenter or cloud infrastructure
- An End User Device (def.)
A laptop, desktop workstation, tablet, etc
-
[Elastic] (/docs/endpoint-security/endpointSecurityTools/Endpoint-Detection-and-Response/index.md)
-
Platform-specific Privilege Manager
-
Platform-specific Device Management1
Possible additional requirement: DLP
Certain devices will also need to have the Proofpoint DLP agent installed. DLP is required if the answer is YES to any of the following questions: -
Does the device store or process Critical data (DC-6)?
-
Is the device assigned to a person designated by security as a Very Attacked Person (VAP)?
-
Does the device belong to a business unit designated by security as storing or processing monitored data (RA-2)?
-
Is this device traveling outside the United States? DLP is required for the duration of the travel.
-
A Special-Purpose Device
A kiosk; digital signage player; embedded device, etcCan the device support user-installable applications? If YES, then follow guidance for end user devices above.
If NO, then speak to the Endpoint Security team about an exception to required controls.
Footnotes
-
Windows management platforms like Intune are out of scope for the Security Agent Standardization project. ↩