FireMon Security Manager and Risk Analyzer
Strengths: Lots of value, one of the most well-focused firewall management tools that we’ve seen.
Weaknesses: We’d like to hit this one for high support cost since gold level is 35% but the price is so low overall that we can’t so, really, there are no weaknesses that we observed.
Verdict: For a next generation tool this one cannot be beat for the price. It is solid, comprehensive and the user interface and drill-downs are clean and well thought-out. For its price and performance we make this one our Best Buy this month.
At $10,000 this product has a lot of power packed into a very low price. It is a next-generation tool and it focuses on the firewall(s) in your enterprise. Even though the price for gold level support is a whopping 35%, there is a silver option at 25% and, unlike other products we've seen, there is a software update option for only 15%. Still, at this price, the cost of the product plus full gold support is below its competition without support in most cases.
FireMon Security Manager provides continuous visibility into network security devices and policies across the enterprise. It does this primarily by managing policies on firewalls. The Risk Analyzer module provides real-time visibility into risks for assessment of risk posture by policy rule and asset. Security administrators can simulate how attackers might gain access to assets through network vulnerabilities and assess the impact of the potential attack.
Firewall policy management is a key to security management across the enterprise because of the central role that firewalls play in today's large networks. An important aspect of firewall management is cleanup to eliminate unused rules (90 days+), redundant rules and shadow rules. The vendor claims that it eliminated 150,000 rules in 4 months for a multi-firewall customer. Rules/policies need to be documented and the tool enforces this critical audit process. This includes who approved or changed the rule, why it was modified, etc. Automation is critical because people can take years to audit, edit and manage tens or hundreds of thousands of rules on multiple firewalls, perhaps spread across the world.
The tool never purges change data so there is a good historical picture. A solid API can feed data to a SIEM or other analytical tool. Using a normalized format makes it is easy to see and compare disparate data. Elastic search is the technology for the omni search on the backend PostGress database. For elastic search, you can use FireMon's language to search using drag/drop/select to form the. Queries go across the entire enterprise. From the query you can create a compliance rule so when a new rule is made that violates it, the rule will fail as being out of compliance. When the tool updates a widget, it is reflected across the enterprise.
Traffic flow analysis looks at a rule and sees every flow to identify overly permissive rules. A useful example is that the tool defines ports that applications require rather than just opening all ports without thinking about the application's requirements. This prevents overly permissive port access, particularly on high ports where applications often communicate.
Another neat function is the SCI score (security concern index) that answers the question, "Are changes increasing or decreasing risk?" Along with the SCI is the security and compliance zone matrix. The zone map can be reactive but can be proactive if you are doing what-if analysis. That lets you overlay a vulnerability on the map and do what-if to simulate an attack. FireMon then recommends critical patches.
We found the documentation up to our standards and, while support is a bit pricey as a percentage of tool cost, the overall cost is sufficiently low that it does not matter much, and in real dollars, you still get a lot of value, even at the gold support level.