Deploying BlackFog Enterprise: Step-by-Step Implementation Guide

Step 1: Licence Key Provisioning

Deployment begins with Kyanite Blue provisioning your BlackFog Enterprise licence key. This key determines the number of endpoints covered, the features enabled, and the console access tier. For new deployments, Kyanite Blue typically provisions a 30-day assessment licence first — this allows the organisation to see their exfiltration risk profile before committing to a full deployment. The assessment licence has full functionality; the only difference is the time-limited duration. Once the assessment confirms value, the production licence key is issued.

• Kyanite Blue provisions the licence key based on your agreed endpoint count
• Assessment licences (30-day) have full functionality — no feature limitations
• Production licences are issued after the assessment confirms exfiltration risk profile
• Licence keys are tied to your BlackFog Enterprise console instance

Step 2: Agent Download and Installation

The BlackFog agent is a lightweight application that installs on each endpoint. Agent packages are available for Windows (MSI for enterprise deployment), macOS (PKG), Android (APK or Google Play), iOS (App Store), and Chromebook (Chrome Web Store). For enterprise deployments of 50+ endpoints, the Windows and macOS agents can be distributed through existing endpoint management tools — Microsoft Intune, JAMF, SCCM, or any MDM platform that supports silent installation. The agent footprint is minimal: under 50MB installed, less than 1% CPU overhead in normal operation, and no user interaction required after installation.

• Windows: MSI package for silent deployment via Intune, SCCM, or Group Policy
• macOS: PKG package for deployment via JAMF, Munki, or MDM
• Android: APK or Google Play distribution via MDM
• iOS: App Store distribution via MDM or manual installation
• Chromebook: Chrome Web Store — deploy via Google Workspace admin console
• Agent footprint: under 50MB installed, less than 1% CPU overhead

Step 3: Apply Licence and Connect to Console

After installation, the agent must be activated with your licence key. For enterprise deployments using MDM distribution, the licence key can be embedded in the installation package — endpoints activate automatically on first boot after installation. For smaller deployments, the licence key is entered manually during first launch. Once activated, the agent connects to the BlackFog Enterprise cloud console, registers itself, and begins monitoring outbound data flows immediately. The console provides real-time visibility into all connected endpoints within minutes of activation.

Step 4: Console Configuration and Policy Setup

The BlackFog Enterprise console is a cloud-hosted management platform accessible from any browser. During the initial 30-day assessment, Kyanite Blue configures the console in monitoring mode — all exfiltration attempts are logged and reported but not actively blocked. This allows the organisation to see the full scope of exfiltration activity without disrupting business operations. After the assessment period, policies are tightened based on observed data: approved destinations are whitelisted, volume thresholds are set, and blocking mode is enabled. Policy changes propagate to all connected agents within minutes.

• Assessment mode (first 30 days): monitor and report all outbound data flows
• Review assessment results with Kyanite Blue — identify active exfiltration threats
• Whitelist approved business destinations and cloud services
• Set volume thresholds for anomaly alerts
• Enable blocking mode for all non-whitelisted destinations
• Configure alert routing to your SOC, SIEM, or Kyanite Blue managed service

Step 5: 30-Day Assessment and Onboarding

The 30-day assessment is the cornerstone of every BlackFog deployment. During this period, the agent monitors all outbound data flows from every protected endpoint and reports on: active exfiltration attempts (including those your existing tools are not detecting), data destinations (where your data is going), volume patterns (how much data is leaving and when), and threat classification (known malicious infrastructure, suspicious destinations, Tor nodes). Kyanite Blue reviews the assessment results with your team, provides a risk summary report, and recommends policy configurations for production deployment. Most organisations discover exfiltration activity during the assessment that they were completely unaware of.

Step 6: Production Rollout and Ongoing Management

After the assessment, production deployment follows the same installation process across all remaining endpoints. Kyanite Blue provides ongoing management as part of the managed service: policy tuning based on evolving business needs, threat intelligence updates (automatic), monthly reporting on exfiltration prevention metrics, and incident response support when blocked exfiltration attempts require investigation. The console provides board-ready reporting on data protection effectiveness, compliance evidence for GDPR and ISO 27001 auditors, and real-time visibility into the organisation's data exfiltration risk posture.

• Extend deployment to all remaining endpoints using established MDM workflows
• Kyanite Blue manages ongoing policy tuning and optimisation
• Threat intelligence updates propagate automatically to all agents
• Monthly reporting: exfiltration attempts blocked, data volume protected, threat trends
• Compliance evidence: audit-ready reports for GDPR, ISO 27001, DORA
• Incident support: investigation and response when blocked attempts require follow-up

Frequently Asked Questions