When creating a policy, you may have noticed a button next to Deploy called "Save as Simulation." This article is aimed to provide clarity into what Simulation Mode does, and how it can be used to increase confidence and ensure you deploy the correct policy from the start.
Simulation Mode is a powerful feature offered by the Elisity microsegmentation platform that allows users to assess the impact of segmentation policies without enforcing them on production networks. This feature provides administrators with a comprehensive view of policy effects, including traffic flows, affected assets, and the allowed or denied flows based on the policy configuration. In this knowledge base article, we will explore Simulation Mode, its benefits, and how it can be utilized for effective network security testing.
Understanding Simulation Mode: Simulation Mode offers a unique approach to evaluate the behavior of segmentation policies within the same dashboard as enforced policies. Instead of directly enforcing policies on the network, Simulation Mode enables administrators to save policies and observe their effects on traffic flows and affected assets. This allows users to visualize how the policies would impact network communication without making any changes to the live environment.
Key Features and Benefits:
Comprehensive Policy Insights: Gain a clear understanding of how policies would influence traffic behavior and asset accessibility. By visualizing traffic flows and the resulting allowed or denied connections, users can make informed decisions regarding policy configurations and potential refinements.
Policy Testing and Refinement: With Simulation Mode, administrators can experiment with different policy setups and observe their effects on the network. By analyzing the simulated outcomes, users can refine policies iteratively, ensuring they strike the right balance between security requirements and operational needs.
Enhanced Security Posture: Simulation Mode empowers administrators to proactively identify and rectify potential security vulnerabilities. By visualizing policy effects, users can detect any unintended consequences, blocked connections, or unauthorized access attempts, allowing them to strengthen the network's overall security posture.
Operational Risk Mitigation: By evaluating policy effects in a simulated environment, administrators can identify any potential disruptions or performance issues that may arise. This enables them to rectify conflicts or bottlenecks before enforcing the policies, minimizing operational risks and preventing unnecessary downtime.
Seamless Integration: Simulation Mode seamlessly integrates with the existing Elisity Policy Matrix Microsegmentation Platform, providing users with a unified interface to manage both enforced and simulated policies. This streamlined workflow ensures a smooth transition from testing to policy deployment, improving overall efficiency.
Deploying a Simulated Policy
During policy creation, after you have created your desired policy that you would like to simulate, click "Save as Simulation."
Any simulation policy is indicated on the Policy Matrix with an asterisk. Hovering over the policy will reveal more details, including the "simulation" status indicating again that this policy is not actually deployed.
Clicking on the policy, we can see the matched assets for both the source and destination, as well as our security rules and simulation status of the policy. At the top right of this window, you can quickly EDIT, DELETE, and importantly ACTIVATE this policy, quickly transforming this policy from simulation mode to an active policy on your relevant Virtual Edge Nodes.
Similarly, if the policy you have selected from the matrix is already active, you can quickly place it into simulation mode with one click.
Revealing traffic analytics gives more insight into what protocols we may want to allow or deny in our simulated policy based on traffic that has been observed.
Use this data to make informed decisions about policy beyond what traffic you think needs to be allowed.
Evaluating Simulated Policies and Making Adjustments
When a simulated policy within Elisity Microsegmentation Platform has observed traffic, it is essential to analyze and evaluate the results before making any enforcement decisions. Here are the recommended steps to follow:
Review the Traffic Analytics: Examine the traffic analytics associated with the simulated policy. Understand the flow patterns, identify any anomalies or unexpected behavior, and assess the impact of the policy on the observed traffic.
Analyze Allowed and Denied Traffic: Determine which traffic flows were allowed or denied by the simulated policy. Pay attention to any connections that should have been allowed but were denied, as well as any connections that should have been denied but were allowed. This analysis helps identify potential misconfigurations or policy conflicts.
Compare with Desired Outcomes: Compare the observed traffic with the desired outcomes and security objectives. Ensure that the simulated policy aligns with the intended network segmentation, access control, and security requirements.
Refine and Optimize the Policy: Based on the insights gained from the observed traffic, make necessary refinements and optimizations to the simulated policy. Address any unintended consequences, adjust rule priorities, or modify policy conditions to achieve the desired security posture and network behavior.
Re-simulate and Validate: After refining the policy, re-run the simulation to observe the impact of the updated policy on traffic flows. Repeat the process of reviewing traffic analytics and assessing the alignment with desired outcomes. Iterate as needed until the simulated policy yields the desired results.
Plan for Enforcement: Once satisfied with the simulated policy's behavior and its impact on traffic flows, carefully plan the enforcement process. Communicate with relevant stakeholders, establish a deployment strategy, and ensure that the necessary infrastructure and devices are prepared for policy enforcement.
Enforce and Monitor: Deploy the policy on the production network, carefully monitoring its effects on traffic in real-time. Continuously monitor network behavior, traffic patterns, and security incidents to validate the effectiveness of the enforced policy and address any emerging issues promptly.
This feature offers administrators a powerful tool to evaluate the impact of segmentation policies before enforcing them on live networks. By visualizing traffic flows, affected assets, and the allowed or denied connections based on policy configurations, administrators can make informed decisions, refine policies, and enhance network security. This feature promotes proactive security measures, mitigates operational risks, and ensures the smooth functioning of critical business processes.