FireMon Security Manager with Policy Planner and Risk Analyzer
Starts at $11,995; Policy Planner and Risk Analyzer are additional costs.
Strengths: Powerful and robust tool that offers a lot of risk and policy management functions.
Weaknesses: Can be cost prohibitive to some.
Verdict: Lots of power and full-featured, but can be a bit pricey.
The FireMon Security Manager with Policy Manager and Risk Analyzer is the ultimate policy and risk management tool. The two major components of this product are the Security Manager, which includes the Policy Planner running on a single, purpose-built appliance, and the Risk Analyzer, which is software that must be installed on a client machine running Microsoft Windows 7 or Mac OSX. These two components work in tandem to provide full-scale policy and risk management and are loaded with features.
The initial installation consists of setting up the appliance and then installing the Risk Analyzer software. The appliance setup process is done by connecting a monitor and keyboard to the appliance and running through a short setup wizard, which sets network and hostname configuration. At the completion of the setup wizard, the Risk Analyzer package can be easily installed on the client machine and the appliance can be added to the management console.
After spending some time with the appliance and management console, we found this product to offer some robust features and functions. On the policy management side, this tool offers full configuration management of firewalls, routers, switches and load balancers. Using Security Manager, administrators can run assessments of device configurations against industry best practices and compliance standards, and then the product will offer recommendations for policy cleanup and other options. This product also can run instant reports based on regulatory and compliance standards providing deep insight to ensure regulations are met and compliance is maintained. As for risk management, this product attacks risk on two fronts. First, the risk analysis engine determines possible attack paths into the network, as well as uses penetration test results to provide a full-scale score based on risk level. The second way this product can help manage risk is using the Policy Planner component. The Policy Planner offers a full, change management workflow that enables administrators to simulate proposed access changes to measure possible risk before the changes are implemented and rolled out.
Documentation included a getting-started PDF along with full user and administrator guides. The getting started guide provided a detailed overview of the installation process, as well as other useful information on basic configuration. The user and administrator guides focused on advanced configuration along with how to use the features and functions of the product. We found all documentation to be well organized and easy to follow with many step-by-step instructions, screen shots and configuration examples.We found this product can be a bit expensive for some, but we also found it to be a reasonable value for the money. Customers can purchase the FireMon Security Manager Starter Kit, which includes perpetual licenses for one server appliance, two firewalls and associated management consoles, two switches/routers and one year of support for all products, along with the appliance itself, for just under $12,000, adding on the Policy Planner and Risk Analyzer at an additional cost.