Vali Cyber's deployment best practices guide is your trusted companion, supporting and guiding you through every step of production deployment. You're not alone—we're here to assist you.
In the lab environment, begin with Precision Mode turned ON. Initially, test all sensitive workloads without applying lockdown rules, limiting protection to SSH-only traffic, and verify performance. If any alerts are generated and verified as false positives, create an Allow rule.
Next, test all sensitive workload types with both the recommended lockdown and Allow rules created in the previous step, limiting protection to SSH-only traffic. Verify performance again, and if alerts are generated and verified, modify the recommended rules for the specific workload system.
When switching to Precision Mode OFF, test all sensitive workload types with the Allow and modified lockdown rules applied. This allows ZeroLock to monitor all network-connected processes. Verify system and workload performance, and if alerts are generated and verified as false positives, create an Allow rule or modify the lockdown rules.
If there are any workload performance issues, turn the default Precision Mode back ON and work to identify the sensitive process. Review the list of processes that the ZeroLock Agent would monitor if Precision Mode were OFF. These may be found in “/opt/zerolock/zerolock-baldur/log/zerolock_log”. Then, verify performance and add the processes to the Precision Scan Regex field in the assigned endpoint configuration profile you are troubleshooting. There is no need to deactivate and activate protection when adding processes to be monitored.
Understanding that production systems may differ from the lab environment, Vali Cyber suggests transitioning to production by following the same steps as those used in the lab. Begin with the default Precision Mode enabled (ON) and monitor the system. Next, add the lockdown rules created and modified during lab testing for the specific workload. If Precision Scan Regex configurations were established during lab testing, include those in the production configuration profile. If there are no changes to the Precision Mode Scan Regex configuration or if the system runs without issues in the lab, you can turn off the Precision Mode setting.