There are fundamental flaws in the way enterprises manage their network security infrastructures. We created FireMon, an enterprise security management company, to overcome them. By analyzing the posture of enterprise networks, we can help organizations find, correct and ultimately avoid gaps in their network security infrastructure.
Today, FireMon is delivering the only proactive, real-time enterprise security management solutions available. By enabling security decision makers with security management data at the time of decision, risk is reduced and access can be provided appropriately. FireMon’s enterprise platform provides a perfect framework for making intelligent, informed, decisions to enact security countermeasures in real time.
FireMon Security Manager is a web-based security firewall management platform that addresses the inherent complexity and changing requirements of today’s enterprise networks by providing continuous visibility into network security devices and policies. A scalable architecture and intuitive user interface ensure that security practitioners have the actionable data they need to quickly adapt defense to changing business needs and emerging threats.
Optimized to address the 3 biggest challenges of firewall management:
Key Features
Change Detection and Reporting
Continuously monitor all devices for changes to configurations or policies. Understand what changed, when and why it changed as well as the impacts of the change.
Change Detection & Reporting
Isolate, document and, when necessary, alert on every ongoing change implemented throughout your existing firewall policies.
Change Auditing
Audit every change made to your existing firewall policies with full search and historical event logs.
Change Comparison Views
Review every proposed rule change against your existing firewall policies to ensure consistency and prevent redundancy.
Rule History
Aggregate detailed documentation of all rules applied within your existing firewall policies to maintain a comprehensive repository.
FireMon’s Policy Optimizer Module automates key elements of the process necessary to adapt network security device policies to respond to changing conditions. Policy Optimizer dramatically advances the identification and improvement of troublesome firewall configurations in relation to emerging threats, evolving business demands and maturing compliance requirements, providing a centralized workflow allowing security teams to interact directly with other network access stakeholders, with integrated risk analysis.
Policy Optimizer supports complex, heterogeneous networks containing multiple firewall vendor technologies. The workflow is customizable to meet the needs of any organization. And with RESTful API’s exposed, integration into existing change management systems is natively supported.
Policy Optimization Process Management
Transform security infrastructure management by automating the change review process, from rule analysis to policy modification, as well as recertification and documentation.
Whitelist
Review effectiveness and correctness of enforced policies on firewalls to identify gaps in protection and inconsistencies in configurations as well as enforce internal access controls.
3rd Party Integration
Integrate with existing change management systems seamlessly. Policy Planner supports many integration options and connection points throughout the change process. Supported change management systems include:
- HP Service Manager
- BMC Remedy
- Service Now
- Proprietary Systems
FireMon’s Policy Planner Workflow Module automates the firewall change process with an intelligent workflow solution solving unique challenges associated with firewall change management. Policy Planner dramatically improves the efficiency of the change process, reducing time and costs associated with access change requests while at the same time improving security by integrating security and risk analysis directly into the process.
Policy Planner supports complex, heterogeneous networks containing multiple firewall vendor technologies. The workflow is customizable to meet the needs of any organization. And with RESTful API’s exposed, integration into existing change management systems is natively supported.
Rule Recommendation
Automatically generate recommended rule changes to meet the access change request requirements. Rule Recommendation analyzes the current behavior of the entire network and can quickly identify all devices impacted and determine the specific changes necessary to accommodate the request. Common scenarios that Rule Recommendation can assist with are:
- No Change Necessary: a large percentage of change requests are unnecessary. Quickly close these requests without impacting engineering resources or making unnecessary changes on a firewall.
- Identify impacted devices: the first step to making a change is understanding which devices are in the line of the traffic. The topology aware analysis engine in Policy Planner handles this automatically.
- Recommend rule changes: find existing rules that can be potentially modified to achieve the requested access. Or, if no similar rules exist, recommend where a new rule should be created to ensure the access is effectively configured.
What if Analysis
Automatically generate recommended rule changes to meet the access change request requirements. Rule Recommendation analyzes the current behavior of the entire network and can quickly identify all devices impacted and determine the specific changes necessary to accommodate the request. Common scenarios that Rule Recommendation can assist with are:
- No Change Necessary: a large percentage of change requests are unnecessary. Quickly close these requests without impacting engineering resources or making unnecessary changes on a firewall.
- Identify impacted devices: the first step to making a change is understanding which devices are in the line of the traffic. The topology aware analysis engine in Policy Planner handles this automatically.
- Recommend rule changes: find existing rules that can be potentially modified to achieve the requested access. Or, if no similar rules exist, recommend where a new rule should be created to ensure the access is effectively configured.
CMS Integration
Integrate with existing change management systems seamlessly. Policy Planner supports many integration options and connection points throughout the change process. Supported change management systems include:
- HP Service Manager
- BMC Remedy
- Service Now
- Proprietary Systems
FireMon’s Risk Analyzer Module evaluates the effectiveness of the security infrastructure by analyzing the exposure of identified system vulnerabilities in the context of the network access controls. Using the results of vulnerability scanners and the network and security data from Security Manager, Risk Analyzer identifies all potential attack paths into and through the network. The result is a picture of risk, with the probability of successful attacks through existing defenses. To reduce this risk most effectively, Risk Analyzer prioritizes remediation activities including vulnerability prioritization.
Potential Attack Visualization
Map all paths of available access from threats to vulnerable applications, providing real-world IT risk visibility.
- Detailed access path analysis showing how an attack could traverse the network
- Topology aware analysis taking into account firewall rules, routing and NAT
- Exposed vulnerabilities identified
- Firewall rules responsible for allowing access identified
Vulnerability Prioritization
Understand where defenses already mitigate existing vulnerabilities versus those that pose a significant risk to the organization. This is required by PCI DSS to ensure an effective vulnerability remediation program is in place. With that comes:
Pre-change Risk Analysis
Identify potential risk associated with change requests by integrating Risk Analyzer and Policy Planner. New risk exposure is identified by modeling the proposed change and evaluating the effects of the change before the change is ever made.
Effectiveness Measurement
Measure the effectiveness of ongoing risk mitigation and patch remediation efforts to chart improvements and track performance.
Introducing Immediate Insight:
Real-Time IT & Network Data Analysis Tool
The answers to many of today’s security and operational incidents are buried in your data. However, gathering and analyzing data across devices, systems and applications on an enterprise network is a time-consuming, costly undertaking – especially for short-staffed IT teams. Without a good understanding of this data, network threats and service issues can go undetected and unresolved. FireMon Immediate Insight collects and correlates all IT data to help analysts and operations staff increase visibility into the data and reduce the time and effort spent on incident triage.
Immediate Insight brings the speed and simplicity of a search engine to data analysis and discovery. It merges machine learning, correlation and natural language in a simple, workflow-centric interface to reveal relationships in the data that users didn’t even know to look for. It transforms organizations from a ‘data as last resort’ mindset to the ‘data first’ practice necessary to enhance security, performance and operations. Immediate Insight’s real-time analysis across data silos provides the timely and detailed operational visibility necessary to:
Identify and investigate the suspicious.
Search for indicators of breach and operational inefficiencies.
Get real-time analysis of security data.
Accelerate incident resolution and reduce escalations.
Automatically connect and correlate data silos.
Stage data for analysis by escalation teams.