How do you balance blocking vs. monitoring in your data protection strategy?

How do you balance blocking vs. monitoring in your data protection strategy?

Hi Jeremy,

That’s a great question, and one that I’ve encountered frequently with many of our own Endpoint Protector customers.

Our recommended approach begins with identifying the types of sensitive content the organization aims to protect. While this may seem straightforward depending on the industry, the absence of clearly defined sensitive data types within policy configurations often results in either overly aggressive or insufficient coverage.

Once the organization has determined the key data types to focus on, I suggest piloting the policy with a small group (typically 10 to 20 machines). Additionally, we recommend setting the initial policy action to report only. This allows for evaluation of policy effectiveness without disrupting business operations. After this observation period, adjustments can be made to fine-tune the policy as needed.

Once the policy has been validated and optimized, it can be switched to block and report and gradually deployed to a broader set of endpoints.

I’m also very interested in learning what strategies other EPP users have adopted and would welcome any suggestions or insights they might have to improve this process further.

Thanks!

Jason