Security is vast and complex. FireMon strives to give users a different and simplified way of reviewing and managing their security policies. The FireMon Security Manager is set up to allow users to query millions of rules in a matter of seconds, by reaching out to all devices on an enterprise’s network and pulling down security metrics that show the state of a security policy’s health through KPI-driven information.
The entirety of this information and all items deemed risks are identified and displayed in a single window pane with four view options – Policy, Security Compliance, Change and Risk View – lending further credence to the intuitiveness of this platform.
The Policy View breaks down a user’s policy-related metrics into three easy mitigation steps: (a) redundancy; (b) unused rules; and (c) overly permissive rules. The KPI-driven information makes it easier for users to reduce complexity and start cleaning up their overall security policy using one-click-away options. The related Traffic Flow Analysis feature offers laser focus examination on overly permissive rules, the worst type of rule in terms of security concerns, in order to show the user how to lock down a rule and reduce risk.
The Security Compliance View shows compliance controls and their related metrics and contains a compliance engine that allows the user to find and score behaviors across the enterprise. In this view, users are shown their riskiest network device, on what assessment this conclusion is based and how many of the tested controls pertaining to that device have failed.
The Change View shows any requested or potential changes of individual security policies and what might happen for each should they be implemented, altered, or removed. It takes into consideration what a user’s vulnerability scanner is already telling them about their scanned host by showing what assets were scanned, what services were scanned and any vulnerabilities discovered on a specific asset. It then takes the analysis a step further and shows what security policy across the network is allowing each vulnerability and how the host is being compromised as a result.
Two specialized features assist analysts with change management tasks based on this view. The Policy Planner tool enables users to conduct pre-change assessments to demonstrate what risks will be inherited if that change is accepted/approved into their security policy. The Policy Optimizer tool gives users the ability to automate the review process of existing rules by leveraging what is already known about the security policy based on business practices, rule usage and managed change practices.
The Risk View encompasses the risk side of vulnerability and shows metrics related to management and assessments. To date, the most measurable return on investment for their users is around the policy planning portion of risk management and all it encompasses. This refers to how long planning takes on average today with changes and approvals, how many people are involved in this process, etc.
FireMon Security Manager’s competitive edge is the fact their platform gives full access to their compliance engine through custom assessments and controls. Users have flexibility to either create their own rules search method and can add their own security risk as it pertains to their specific business practices. Results are customizable for the subsequent fail text, or instead leverage prebuilt replacement controls which are also fully customizable. The solution allows users to create rules, schedule assessments and set the assessment results of those rules to be sent to their security team for review.