Skip to main content

Deployment

One-Click via MDM

Cerbera AI deploys through your existing MDM, so rollout is a single push and requires no per-user configuration. The exact steps depend on the MDM, but the experience for the end user is the same:

  1. You push the package from the MDM (for example Jamf or Intune).
  2. The user sees a short prompt asking them to restart.
  3. After the restart, the proxy works out of the box. There is nothing for the user to configure.

Because it installs as a system proxy with no manual setup, even non-technical employees are covered automatically. And because coverage follows the device rather than a network, users are protected everywhere, at the office or at home, unlike a VPN someone might choose to turn off.

Platform Support

PlatformHow it is deployed
macOSVia MDM (for example Jamf), or a downloadable package without an MDM
WindowsVia MDM (for example an MSI through Intune), or a downloadable package
LinuxNo MDM, so installation is via an emailed script the user runs

You can deploy without an MDM if you prefer, but users then need to download and run the installer package themselves.

Disabling and Uninstalling

The proxy is configured as a system proxy. Disabling it means going into the device's network settings, which is harder than toggling a VPN icon but straightforward for anyone technical.

This is intentional. Cerbera AI is not built to stop a malicious insider; it is built to cover the careless user, or the user who assumes a tool is probably allowed and tries it anyway.

If anyone ever reports a conflict or problem, the proxy can be uninstalled in one click through the MDM, which unblocks them immediately while the cause is investigated.

Avoiding Conflicts

Cerbera AI is one more layer in the network path, so it should be validated against the other agents already on your devices. Common neighbors:

  • VPNs and ZTNA clients (for example Cato Networks)
  • Secure web gateways (for example Jamf Security Cloud)
  • EDR agents

In these cases the proxies are chained, and in practice this works without issue. Because any new layer can in theory cause side effects, Cerbera always tests against your specific stack before a fleet-wide rollout.

tip

During a pilot, include at least one device that runs each of your existing layers (VPN, secure web gateway, EDR). That way every combination is exercised before broad deployment.

  1. Confirm compatibility

    Cerbera checks for conflicts with your VPN, ZTNA, secure web gateway, and EDR.

  2. Pilot on a few devices

    Deploy to a small group of consenting users (often power users) to confirm everything works end to end.

  3. Monitor only

    Run in monitor mode for roughly five to ten days. Nothing is blocked; you simply learn what is in use.

  4. Harden gradually

    Introduce redaction and blocking rules as you grow comfortable, with Cerbera proposing stricter rules for you to approve.

  5. Roll out broadly

    Expand the deployment, with help on works-council and employee communication so the program is understood as security, not surveillance.

Next Steps