new release highlights – - firemon
TRANSCRIPT
New Release HigHligHts – secuRity MaNageR V7.0aNd Policy PlaNNeR V3.0
Continuous Network Security Assessment and Business Process Integration
Without continuous visibility into current alignment of security infrastructure, even the best network defenses yield to the forces of complexity and
change within today’s large, multi-vendor environments.
The combination of everyday management challenges – including compliance and migration to emerging technologies like next-generation
firewalls, data center firewalls, and virtualization – and ever-evolving business demands result in countless opportunities for misconfiguration and
resulting exposure. The key to policy enforcement mechanisms delivering optimal protection is frequent, comprehensive assessment.
FireMon’s new Security Manager V7.0 and Policy Planner V3.0 solutions provide advanced functionality ensuring consistent, up-to-date
management of complex enterprise security infrastructure, including firewalls, routers, and switches.
continuous assessmentAudit results derived months or even days ago rarely reflect the current
state of network protection. In the worst case, even minor post audit
alterations significantly diminish effectiveness of layered defenses. To
maintain continuous awareness of current IT risk exposure amid daily
operational change, outdated audit results cannot provide the necessary
visibility into real-time enforcement.
Most organizations spend significant time preparing for mandated
security audits – time better spent addressing current, real-world
conditions and adopting proven security best practices.
FireMon’s highly scalable analytics engine offers truly continuous
assessment with actionable results, empowering staff to improve
protection and address audit requirements simultaneously – combining
best practice checks and ongoing policy compliance validation for up-to-
the-minute insight into defenses.
Leveraging its onboard library of pre-defined controls alongside the
flexibility to create custom controls and policies, assessments are tailored
to address unique corporate security policies, track previous audit
mitigations, or analyze environment-specific risks. Select the desired form
of assessment and the device or group of devices to monitor – FireMon
does the rest:
� Detailed reports are delivered via personal notifications and
Web-based dashboards
� Powerful management features allow whitelisted findings
with approved exemptions
� Reports highlight common control failures by device,
assessment, or severity trending results over time
With Security Manager V7.0, empirical evidence demonstrates how the
environment is becoming more secure over time.
Continuous Assessment Provides On-going Real-time Audit Status
Detailed Analysis, Rule Management and White Listing
Integration with Existing Processes
Assess Potential Design Changes
Detailed Rule Recommendations
advanced Business Process integrationEvery organization has unique security demands and established
management procedures. At the same time proven industry standards
help build operational consistency – streamlining critical processes to
deliver assessment result intelligence to decision makers.
FireMon Policy Planner 3.0 combines automated network enforcement
analysis with support for the Object Management Group’s (OMG)
Business Process Model and Notation (BPMN) standard, leveraging
integrated workflow to facilitate rapid integration with existing business
process management solutions.
Via inclusion of BPMN 2.0 best practices throughout analysis and rules
recommendation, FireMon Policy Planner provides targeted results
crucial to both business and technical users, solving one of the most
significant management challenges for security teams.
Multiple teams including audit staff can also create customized
workflows using Policy Planner BPMN 2.0-compliant templates –
including forks for parallel approval paths, resulting decisions, status
notifications, pre-set timers to escalate delayed tickets, and related user
inputs. Workflow is delivered in industry-standard modeling notation
with queue-specific templates and customized ticketing flows, providing
the ability to submit requests based on the nature of proposed changes,
current enforcement, or user access level.
Spearheaded by technology leaders including Accenture, IBM, Oracle,
SAP and Unisys BPMN methodologies permit rapid deployment of Policy
Planner alongside those companies’ solutions, among many others.
Using FireMon’s unique Access Path Analysis, the solution automatically
selects all the relevant devices for a specific assessment and then
recommends how rules should be modified along a selected path.
This greatly extends the Continuous Assessment to validate network
access policy changes BEFORE implementation, ensuring that resulting
configurations offer optimal protection.
In addition to full-text search capabilities, FireMon Policy Planner
Version 3.0 ties directly into FireMon Insight platform, lending native
ability to write ad-hoc queries based on any ticketing requirements.
enhanced domain supportToday’s Managed Service Providers must offer the most flexible,
comprehensive offerings to their clients while retaining all the
protection and multi-tenant control necessary to meet unique
requirements.
Using FireMon Security Manger 7.0, Managed Service Providers
appreciate even broader support for multi-domain environments. By
enabling new Domain configurations, MSPs can maintain segregated,
parallel environments – with vulnerability data, custom assessments,
zone definitions, and device configurations segmented across accounts.
Users with permission across multiple domains can now share “global”
Assessments, with custom values inside each domain hidden from
other environments. Users and User Groups can be limited to a single
domain allowing customers the access necessary to manage their own
installations. All FireMon Security Manager features – including the
network map, policy testing, behavior modeling, and Insight portal
queries – inherit these domains automatically, restricting access to any
selected groups.
ldaP authorizationWhether customers demand full-time, hands-off management by
their MSPs or seek a balance of oversight with flexible controls to play
a continuous role in operations, Security Manager offers the control
necessary to meet their specific demands.
� Advanced multi-domain support for MSSPs
� New authorization via LDAP support for accurate
authentication
� LDAP authorization
Authorization via LDAP extends FireMon’s Security Manager’s
longstanding flexible authentication capabilities. Once approved, the
system applies the configured LDAP group to Security Manager group
mappings to assign remote user permissions correctly. Allow LDAP
do what it does best – manage users and group memberships – then
quickly enable access to an entire group by simply mapping permissions
to existing roles.
Automation is the name of the game, saving time and making the
most of efforts to optimize policy and process. With extended support
for LDAP and greater ability to leverage resources already devoted to
network access policy management, FireMon Security Manager 7.0
raises the bar for automated enterprise security assessment and
policy validation.
Advanced Multi-Domain Support for MSSPs
New Authorization via LDAP support for accurate authentication
additional capabilities � Direct integration with Vulnerability Managers:
− Qualys QualysGuard
− Tenable Nessus
� Behavior-based rule recommendations
� Packet trace enhancements
� New device support
− AhnLab TrusGuard
− Hillstone SG-6000
− Huawei Eudemon
− Palo Alto Panorama
− Positive Technologies MaxPatrol
− SECUI NXG
For information on all FireMon supported platforms and integrations please visit our website at http://www.firemon.com/products/supported_platforms
Ready to try FireMon? http://www.firemon.com/demo
Follow us on twitter @FireMon
like us on Facebook: www.facebook.com/firemon
8400 W. 110th Street, Suite 400 • Overland Park, KS 66210 USA • Phone: 1.913.948.9570 • E-mail: [email protected] • www.firemon.com
FireMon and the FireMon logo are registered trademarks of FireMon, LLC. All other product or company names mentioned herein are trademarks or registered trademarks of their respective owners.
© Copyright FireMon, LLC 2013
rev 111513