FireMon Security Manager uses intelligent policy automation so analysts have the ability to leverage comprehensive rule analysis and automated workflows for a streamlined change management process and to initiate proactive stance against risk. It works by ingesting security policies and configurations across an entire network. By leveraging APIs, FireMon discovers, maps and offers alerts on any topology changes across a network infrastructure.
FireMon’s acquisition of Lumeta last year added functionality in mapping and discovery to the Security Manager platform, which assists with finding unknowns in a network, such as rogue and shadowed policies and risk threat vector, using agentless probes that travel through a network to identify all assets and properly catalogue any and all VMs.
In general, policies are used to streamline the process of granting permissions for requests. Then, the solution leverages AI to handle the requests and, in minutes, automatically approve and provision access pertaining to rules configured across the network. FireMon sees this pre-compliance check and automation as the future of orchestration.
The Global Policy Controller (GPC) that FireMon built onto the platform shows the overall intent of a policy rather than focusing on individual policies themselves. Collaborators can use GPC, which provides the information necessary to create company policies, in order to reduce the risk footprint. The Policy Compute Engine tool within GPC converts policies into security data controls that get instantiated on appropriate enforcement points.
The offering ingests vulnerability data from vulnerability scanners and cross-references it with all other data to give a full and complete picture on vulnerabilities specific to an organization and its infrastructure for proactive action. Data also can be leveraged to perform compliance assessments. Once ingested, data is indexed and persisted within seconds. Queries are powered by Elasticsearch and aid analysts in conducting and finding policy-related searches in a matter of seconds. This data also helps to identify overly permissive rules to facilitate the decommissioning of redundant or outdated rules without the risk of interfering with production traffic.
FireMon provides a list of failed rules corresponding to the most severe control failures and the subsequently failed devices. It offers scores to help garner an understanding of where to start in the process of addressing and managing risk.
Starting price is $59,000. Phone, email, web support 8/5 come standard with any subscription along with a knowledgebase. Support 24/7 is available for an additional charge at three levels: Silver, Gold and Platinum. Fee-based options include hardware or software support and impact subscription price.
Tested by Tom Weil