Implement Management

The next phaseto implement the management architectureyou designed during your planning. You should make sure to secure the management tool because it is a target for attack. When the tool has been implemented and secured, familiarize yourself with the interface, configure groups of hosts, and configure security policies if needed.

Pilot

During the pilot, you deploy agents on a small group of hosts for a relatively short period of time. The pilot gives you a chance to test software compatibility, begin tuning, and gauge users' impressions of the product. Any issues you encounter during the pilot test can be fixed before continue the deployment.

Tuning

The purpose of the tuning phase is to locate and eliminate false positives. Deploy more agents to increase the likelihood of encountering a false positive, so that you can tune it out. During the tuning phase, you should have agents on approximately 10 percent of your total hosts. When you are confident that you have eliminated all of the false positives, move on to the next phase.

Full Deployment

In this stage, you gradually deploy agents on all of the remaining hosts. If you find any last-minute false positives, tune them out. Eventually, you have agents protecting all of the targeted hosts.

Finalize the Project

In the final phase of your HIPS deployment, create procedures to govern:

• Change control

• Backup and restore

• Log archive

• Incident response

• Disaster recovery