Review: FireMon clears the clutter for network security policy management

A pioneer in the field of network security policy management, FireMon provides full visibility into networks and devices, and overlays that knowledge with the rules, platforms, hardware and programs designed to protect it.

It’s kind of a paradox that as an organization’s network grows, they have to add more and more security appliances and programs to keep it safe, yet with increased complexity comes diminishing returns on those investments. What happens is that new security platforms implement new rules, which often conflict with or duplicate existing protections. And don’t forget that the network itself is constantly changing, especially these days with cloud deployments, which further muddies the waters. At some point, it becomes almost impossible to manage everything, fix vulnerabilities and maintain good security without a lot of help.

For the past 15 years, FireMon has been pioneering the field of network security policy management, providing a dedicated way for organizations to get full visibility into their networks and devices, and overlaying that knowledge with the rules, platforms, hardware and programs designed to protect it. Of course this unified look at network protection configuration settings has changed over the years, especially recently as hybrid infrastructures have become increasingly popular, but the core FireMon platform is still the same, just expanded to meet every new network advancement. More so than any other platform we have recently reviewed, it’s clear that FireMon has a mature offering and any of the early bugs or quirks have long since been worked out.

Because FireMon brings together all the complicated and sometimes conflicting policies from other security platforms, it works with almost any existing cybersecurity product. That includes everything from firewalls to vulnerability scanners, and everything in between. It also works within hybrid infrastructures, including all cloud deployments or networks that have embraced micro-segmentation.

Testing FireMon

To collect all of the information that it needs, the FireMon platform is installed in three parts. The heart of the system is the application server, which provides the frontend interface. It is normally deployed as an appliance and can be up and running in most organizations in a matter of minutes. In enterprise installations where more than one application server is required, all the secondary servers can be virtualized and still report to the main console. There is also a database that collects all of the historic change data from devices on the network, though this component is more or less invisible to users. The amount of data that can be stored only depends on the amount of space assigned to it. FireMon officials say they have some customers with over ten years of data analytics, which is a powerful tool for looking at local cybersecurity trends.

The final pieces of the platform are the data collectors, which are normally virtualized but can also be physical. Each collector is tasked with gathering the log data from multiple devices, like firewalls, and looking for any changes that are made in the rulesets or configurations. Large enterprises can have multiple collectors but are not financially penalized for that. Pricing for the FireMon platform is based on the number of devices being protected. There are also fees to activate extra modules that add functionality to the main program.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!