FireMon Security Manager Fact Sheet



Similar documents
Cyber Security RFP Template

FIREMON SECURITY MANAGER

Cisco Application Networking Manager Version 2.0

FIREWALL CLEANUP WHITE PAPER

Forcepoint Stonesoft Management Center

Introduction to Junos Space Network Director

The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

Best Practices for PCI DSS V3.0 Network Security Compliance

Security Policies Tekenen? Florian Buijs

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

Symantec Security Information Manager 4.8 Release Notes

SonicWALL PCI 1.1 Implementation Guide

ACL Compliance Director FAQ

McAfee Security. Management Client

March

About Network Data Collector

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

Tufin Orchestration Suite

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

TITANXR Multi-Switch Management Software

CiscoWorks Resource Manager Essentials 4.3

Panorama. Panorama provides network security management beyond other central management solutions.

Panorama High Availability

EMC Data Protection Advisor 6.0

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Infoblox vnios Software for CISCO AXP

MIMIC Simulator helps testing of Business Service Management Products

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Secure Cloud-Ready Data Centers Juniper Networks

OpManager MSP Edition

Contents. Platform Compatibility. GMS SonicWALL Global Management System 5.0

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

Alliance Key Manager A Solution Brief for Technical Implementers

Manage Firewalls and Log Collection

QRadar SIEM 6.3 Datasheet

The Comprehensive Guide to PCI Security Standards Compliance

CiscoWorks Resource Manager Essentials 4.1

Live Guide System Architecture and Security TECHNICAL ARTICLE

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Palo Alto Networks User-ID Services. Unified Visitor Management

Centralized Orchestration and Performance Monitoring

Vistara Lifecycle Management

Panorama Overview. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

Clavister InSight TM. Protecting Values

How To Manage Sourcefire From A Command Console

Storage Guardian Remote Backup Restore and Archive Services

How to Painlessly Audit Your Firewalls

Network Monitoring Comparison

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

CorreLog Alignment to PCI Security Standards Compliance

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Cisco NetFlow Generation Appliance (NGA) 3140

Improving PCI Compliance with Network Configuration Automation

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

IBM Tivoli Netcool Configuration Manager

This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.

STRM Log Manager Administration Guide

GlobalSCAPE DMZ Gateway, v1. User Guide

GMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management

CloudPassage Halo Technical Overview

SapphireIMS 4.0 BSM Feature Specification

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Network Management System (NMS) FAQ

EventSentry Overview. Part I About This Guide 1. Part II Overview 2. Part III Installation & Deployment 4. Part IV Monitoring Architecture 13

MSP Dashboard. Solution Guide

VMware vcenter Log Insight Getting Started Guide

Manage Firewalls. Palo Alto Networks. Panorama Administrator s Guide Version 6.1. Copyright Palo Alto Networks

Cisco Security Manager

Contract Number NNG07DA20B NASA SEWP IV

SolarWinds Log & Event Manager

Cisco Certified Security Professional (CCSP)

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

VMware vsphere Data Protection 6.0

Edge Configuration Series Reporting Overview

Scalability in Log Management

ENC Enterprise Network Center. Intuitive, Real-time Monitoring and Management of Distributed Devices. Benefits. Access anytime, anywhere

EVault Software. Course 361 Protecting Linux and UNIX with EVault

Information Technology Solutions

Junos WebApp Secure (formerly Mykonos)

Command Center :56:41 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Business and enterprise cloud sync, backup and sharing solutions

NETWORK AND SECURITY MANAGER

Subject: Request for Information (RFI) Franchise Tax Board (FTB) Security Information and Event Management (SIEM) Project.

CloudPassage Halo Technical Overview

Securing the Service Desk in the Cloud

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014

Syslog Analyzer ABOUT US. Member of the TeleManagement Forum

vsphere Replication for Disaster Recovery to Cloud

IBM. Vulnerability scanning and best practices

Flow Publisher v1.0 Getting Started Guide. Get started with WhatsUp Flow Publisher.

Transcription:

FireMon Security Manager Fact Sheet Table of Contents Introduction to FireMon Security Manager... 2 Architecture... 3 Change Management... 4 Policy Cleanup & Optimization... 5 Business Continuity Policy Verification... 5 Rule Documentation... 6 Risk Analysis... 6 FireMon Security Manager Devices Dashboard... 7 Reporting and Compliance Audits... 7 FireMon GUI Reports Dashboard... 8 FireMon GUI Reports Dashboard Listing... 9 Integrated Firewall Workflow Policy Planner... 10 Administration... 11 Security... 11 Backup and Restore... 11 Platform Watchdog... 12 Device Support... 12 SPX Purpose Built Appliance Platforms... 12 REQUEST A DEMO!... 13 FireMon 2011 www.firemon.com 1 P a g e

Introduction to FireMon Security Manager FireMon Security Manager is software that helps you manage your firewalls. FireMon reports on any changes to the firewall policy, increasing visibility and reducing the cost of making changes. It will show you which of your rules are unused and how traffic flows through each rule, letting you clean up unnecessary access and tighten down existing rules. And, with continued, automated analysis of things like PCI and NSA guidelines, FireMon will greatly improve your compliance posture. It'll even help you with security management on other devices in the enterprise, like routers and load balancers. THE BOTTOM LINE? FireMon will strengthen your overall security posture and help you manage your security devices better so you can provide better service to your users at a lower cost Software that Monitors FireMon monitors network devices, collecting the configurations, audit trail information, and logs when changes happen. You can install it in minutes and quickly configure your devices to communicate with it. The architecture scales to monitor thousands of devices and it has built-in redundancy to ensure monitoring is always available. Control Change Configuration changes are going to happen. And to be in control of them, you need a change management process that consistently works providing immediate access to change justification, and clear communication channels. FireMon Security Manager can help you take control. Improve Your Firewall Policies Rules and objects are added to firewall policies by the thousands. Never-ending streams of new access requests ask that more be created. And what happens? Policies grow large, they become complex, and complexity makes your job even harder. FireMon offers several tools that address policy size and complexity so that you can clean up your policies. Enforce Compliance Ensuring compliance for the firewall is difficult and costly. Most regulations and frameworks require timely auditing for an optimal security posture, as well as justification that all access is necessary all while you plan and make changes to the firewall. These are tedious, ongoing tasks. And the key to enforcing compliance is to automate them. FireMon 2011 www.firemon.com 2 P a g e

Architecture FireMon may be deployed in either a unified or distributed fashion. FireMon software installation consists of an Application Server and Database, and one or more Data Collectors. A Data Collector monitors network devices (such as a firewall), and retrieves configurations as well as usage data. This data is passed to an Application Server. FireMon uses the CentOS Linux operating system which is binary compatible with Red Hat Enterprise Linux (RHEL). Both 32bit and 64bit versions are supported on the SPX appliance family. The Application Server controls one or more Data Collectors, stores data from those Data Collectors in the Database, and makes that data available to the FireMon Graphical User Interface (GUI). The FireMon GUI resides on the desktop of every FireMon user. The Application Server, Database and Data Collector can reside on a single FireMon SPX purpose built appliance. Or, for geographic or scalability reasons, multiple Data Collectors can be deployed on separate appliances. All SPX appliances are integrated into your network with minimal configuration. Optionally, FireMon may be installed on user supplied hardware if desired. The FireMon Data Collector may reside on the same platform as the FireMon Application Server or reside separately on its own platform. You can essentially have any number FireMon Data Collectors reporting back to a central FireMon Application Server providing a centralized view for the entire monitored security infrastructure. The ability to separate the FireMon DC from the FireMon Application Server adds extreme scalability and resiliency. There is no licensing cost associated to the FireMon Data Collector. Through this architecture, FireMon directly addresses scalability and performance through the addition of new data collectors to monitor remote or numerous devices. The number of devices a single FireMon Data Collector is capable of supporting is largely a function of the number of configuration changes, the size of the configurations, and the amount of time necessary to keep configuration revisions balanced against the storage space of the application server and the number of Data Collectors deployed. A good estimate based on FireMon practical experience is approximately 300 devices per FireMon Data Collector instance. FireMon 2011 www.firemon.com 3 P a g e

There is no set limit on the number of total devices a single FireMon Application Server can support with multiple FireMon Data Collectors. Ability to monitor thousands of devices from a single application server. Distributed Architecture-allows user to separate FireMon components to spread across multiple geographical areas to reduce traffic across the WAN. Graphical User Interface is a thick client which results in increased security and lock down of information. Ex. Security policy cannot be pulled up and displayed on a public kiosk. All communication among various FireMon components and monitored devices is secured. Change Management Changes monitored and presented in REAL-TIME: FireMon alerts on change as soon as detected by monitoring SYSLOG or vendor specific API logging traffic from the end enforcement point or responsible management platform. FireMon is capable of accepting a redirected, forwarded, or reflected SYSLOG data stream from a SYSLOG logging aggregation point. Changes are shown graphically in a policy overlay format. The changes are color coded and marked with icons so that changes are immediately noticed without having to scroll and search down two different policy screens. There are also filters provided to eliminate unchanged items from view leaving only the most relevant information to review. Policy Test enables you to create a data model what if scenario that can be executed against a given policy allowing you to locate rules that match a specific source, destination and service combination without "testing" the traffic live. Policy Tests may be created with a pass or fail criteria. In addition to being a very effective operational feature for quickly searching specific pattern matching of a policy, Policy Test is an excellent dynamic audit feature that can be used to create business continuity checks that ensure immediate notification if certain business critical rules are modified or impacted by higher level rule modifications that would represent an impact to service. Real-time email notification and alerts in addition to scheduled reporting for all changes made to security devices. Formats include: html,.pdf, xml, xls and comma-delimited or tab delimited outputs. Real-time alerts on-demand for policy change is a function of FireMon. Both email and SYSLOG alerting are supported. FireMon fully supports policy comparisons that clearly indicate change to both rules and objects. This capability is offered directly via the GUI interface or via report generation. Rule recommendation from within GUI which analyzes the current policy and shows if and where a new rule should be placed. Will also tell user if rule already exists or if a current rule can be modified to take care of the request. FireMon 2011 www.firemon.com 4 P a g e

Platform and OS changes are captured in the same fashion as the policy information. Ex: IPSO, Crossbeam, SPLAT and others. Policy Cleanup & Optimization Reduce Policy Complexity, Track Rule Usage, Enable Policy Optimization Complete detailed rule and object usage available via the GUI interface or via report generation. Reports on unused rules and objects provide the necessary visibility to clean up and optimize a given policy. Reports on shadowed rules or duplicate rules with clear actionable details that indicate the portion of the rules that causes the redundancy. Provide a histogram (graphical display) on rule and object usage including NAT rules. Unlimited log history period for historical usage data storage. Overly Permissive Rules - FireMon includes a Traffic Flow Analysis feature that will show unique traffic patterns that exist in a rule and clearly report on what data is flowing across a broadly defined address range. This includes showing what traffic is flowing across the use of ANY in a source, destination, or service field. Business Continuity Policy Verification Policy Test is an excellent dynamic audit feature that can be used to create business continuity checks that ensure immediate notification if certain business critical rules are modified or impacted by higher level rule modifications that would represent an impact to service. Policy Test verifies connectivity through a firewall. You define the traffic model and the expected behavior, and FireMon shows you how the policy acts upon the traffic. Does the policy support the expected behavior of the defined traffic model or does it produce results that would cause the policy to fall out of expect boundaries. For example, you can find which rule in policy allows communication that was previously denied or denies communication that was previously allowed. Route awareness option; if routing data is available for the device, FireMon can use that information to test only the policies on the device that hit the traffic. FireMon provides results for the firewall and its operating system. FireMon 2011 www.firemon.com 5 P a g e

Rule Documentation Provisions for complete rule history documentation including business owner, approver, ticket number (3 rd party (such as Remedy) or integrated solution), requester, business justification, and expiration or review date of every rule. Audit Change Log This feature captures and records the detail of every change event in the context of the firewall policy. It appears in the GUI as a collection of incremental policy comparisons at the rule, object and policy level that is updated in real time as revisions are retrieved. This provides the ability to produce detailed level report generation on the life history rule and object changes in a policy. Rule Change audit log that can contextually show the life history of a rule by simply clicking on it within FireMon. Also available as a scheduled or on demand report. Populate rule documentation information via comments field, 3 rd party ticketing systems or integrated ticketing system. Complete two-way information exchange available between FireMon and 3 rd party ticketing system available via professional services engagement. Ability to report on all data associated with rule documentation. Risk Analysis Service Risk Analysis (SRA) A FireMon feature which is comprised of a Service Risk Analysis Check and an Audit Report. When you create an SRA check, you define when a service should be considered risky, and you assign a level of risk to that scenario. Then FireMon evaluates your policies against those defined scenarios and produces an assessment of risk in an Audit Report. Service Risk Analysis audits can be automatically executed when a new policy change is detected and evaluate the new policy for the use of risky services. In this way FireMon can help place you in a continual compliance posture evaluating change real-time as it happens. Ability to feed external threat lists into FireMon to report on where your vulnerabilities are along with their threat levels. Firewall traffic flow analysis - Analyze any traffic the firewall may encounter (all possible SOURCE, DEST, SERVICE including groups). Provides extensive traffic flow analysis that may be used for risk analysis, risk avoidance, risk remediation, network analysis and policy optimization. Detect configuration mistakes from security zone definitions and highlight mis-configuration. Separate risks for outside to inside, outside to DMZ, DMZ o inside, etc. FireMon 2011 www.firemon.com 6 P a g e

FireMon Security Manager Devices Dashboard FireMon Devices Dashboard provides at-a-glance views of trending information across all devices in Security Manager. This information is automatically available in the Security Manager Dashboard, no setup is required. The FireMon Devices Dashboard provides the following list of expanding information windows. Yesterday's Firewall Activity Firewall Complexity Recent Device Changes Changes by Device Type Total Unused Rule Count FireMon News Welcome Reporting and Compliance Audits Customized reporting architecture that allows users to extract hundreds of custom report options in addition to the standard canned reports. FireMon Security Manager includes a library configurable audit checks called Extensions. These are audit checks that help ensure your policies are in line with industry standard best practices or checks that you have created on your own. Most FireMon extensions include configurable parameters that are easily modified by selecting available options within the extension configuration screen from simple drop down boxes or by directly entering data in a field that may represent a particular value you expect to see in a policy or configuration. Extension can be automatically executed when a new policy change is detected and evaluate the new policy against the values of the Extension. In this way FireMon can help place you in a continual compliance posture evaluating change Real-Time as it happens. Online Community for Extension sharing and collaboration. FireMon regularly makes new Extensions available via our online Nexus community. FireMon Nexus is an online community where engineers can find, download, review and even publish extensions for FireMon. It is also a space where engineers can share their ideas and collaborate on how to address common problems of emerging threats, technology solutions and ideas for new FireMon extensions to help better manage their security. http://nexus.firemon.com FireMon has the capability to automate and schedule report delivery to various users or groups. Canned reports on rule usage, change management, compliance and many others. PCI DSS 1.2 Continual compliance reporting ability against the PCI DSS 1.2 requirement. Additional reports and checks available through FireMon on-line Nexus community. FireMon 2011 www.firemon.com 7 P a g e

FireMon GUI Reports Dashboard FireMon 2011 www.firemon.com 8 P a g e

FireMon GUI Reports Dashboard Listing Usage Firewall Traffic Flow Analysis Object Usage Report Rule Usage Report Top Rule Report Compliance Audit Report Scheduler PCI DSS Report Analysis Reports Allowed Services Report Hidden Rules Report Daily Firewall Activity Report Weekly Firewall Activity Report Object Consistency Report Policy Test Report Firewall Complexity Report HA Consistency Report Rule Recommendation Report Documentation Reports Change Control Report Expired Rules Report Change Reports Change Report Current Policy Report Policy History Report Revision Summary Report Check Reports Device Inventory Report NSA Router Security Report FireMon 2011 www.firemon.com 9 P a g e

Integrated Firewall Workflow Policy Planner Any change management tool can guide administrators through a change process. FireMon s Policy Planner helps ensure that the change is correctly designed, implemented and verified. Policy Planner is a firewall change request and change management system that enables firewall administrators to manage changes to the firewall, from the initial access request to solution design, through implementation and verification. Because it integrates directly with FireMon, Policy Planner incorporates FireMon features that help users make correct, effective changes. Rule Recommendation - As an example Policy Planner can prevent possible rule redundancy, or identify if similar access exists to help leverage modification of an existing rule before creating a new one. Further, Policy Planner can make rule placement recommendations to ensure a rule is not placed in a position where a higher level rule (stealth rule) may block the intended access thus causing unnecessary overhead to troubleshoot why the newly added rule is not working. Support for multiple inputs of source, destination, and services Prevent rule redundancy Identify if similar access exists Indicate proper rule placement Policy and Rule Documentation - As a result of Policy Planners tight integration with FireMon the key documentation elements contained in the ticket request can be automatically added as supporting rule documentation in the context of the policy stored on FireMon. Multiple Changes - Policy Planner supports multiple rule requirements in a single ticket Route Intelligence Option to analyze available route data to determine which policies are affected by proposed new rule addition(s). Include Attachments Option to include any required supporting documentation. Workflow Operations 1) Reject requests, 2) update information, 3) assign or reassign ticket, 4) request additional information from requestor, 5) Request Redesign Role Based Permissions Assign permissions for designers, reviewers, implementers, verifiers. Customizable - Custom Logo Branding, Custom Form Fields, Custom Colors not a problem! FireMon 2011 www.firemon.com 10 P a g e

Administration The FireMon GUI client operation provides very granular role based administration. Users are assigned to user groups and only the monitored devices (and associated stored policies) granted access within that user group s attributes are visible. Additional user group attributes that control specific operational aspects of the FireMon GUI client are also present. As an example a user may be granted read-only operational control or only allowed to run audit reports but no ability to modify tasks or view event logs. FireMon provides both RADIUS and LDAP methods of authentication for FireMon GUI access to the FireMon Application Server. For RADIUS; CHAP, EAPMD5, MSCHAPv1, MSCHAPv2, and PAP or supported. For LDAP SSL is used. MSSP model available Online community & forum for the exchange of certified custom reports, extension checks and audits to enhance the compliance and reporting initiatives of FireMon users. Security FireMon provides compression and encryption for the data contained in the FireMon database. All communication between the FireMon GUI Client and FireMon Application Server and all communication between the FireMon Application Server and FireMon Data Collector is done so securely using encrypted standards. Communication from the FireMon Data Collector to the managed device is accomplished securely. Backup and Restore Completely automated system backup process. Backup process creates and stores a single system image that can be used to fully recover from a catastrophic hardware failure. Provision for storing backup image archives either local or remote. Simple, single command, restore process FireMon 2011 www.firemon.com 11 P a g e

Platform Watchdog The FireMon Watchdog daemon is designed to monitor key operational aspects of the FireMon system. Watchdog will log and send an email alert when certain events occur or specific thresholds are reached or exceeded. Disk Volume Usage Threshold % Crash Data Storage Disk Threshold % FireMon Application Server Process FireMon Data Collector Process FireMon Database Process Raid Disk Controller Events TCP Connection Monitor Additionally, it is also possible to leverage an SNMP agent for monitoring of the FireMon Application Server and Data Collector platform if desired. Device Support Check Point R62 R75, NGX, P1, VSX, SplatOS, Crossbeam, Nokia IPSO, Cisco-PIX, ASA, FWSM, IOS cisco routers, cisco switches Juniper JunOS, SRX, ScreenOS McAfee (Sidewinder) F5-Big IP LTM and GTM Generic adaptor that support all ziptie devices Palo Alto (Q2/2011) SPX Purpose Built Appliance Platforms Developed and tested by FireMon, the creators of FireMon Security Manager, the SPX family of appliances are purpose-built to run Security Manager in your environment. Whether you re monitoring 100 devices or 1,000, on one continent or around the world, we offer an SPX appliance with the power and storage capacity to meet Security Manager s performance demands and your organization s data archival needs. Quick initial setup Pre-Hardened LINUX based O/S Complete CLI for appliance management Scalable, Expandable, SSD and High Speed fault tolerate disk array configurations FireMon 2011 www.firemon.com 12 P a g e

REQUEST A DEMO! Want To See A Live Demonstration Of Firemon Security Manager? Web-based demonstrations of FireMon Security Manager are a great way to see the tool in action and an excellent forum to ask our engineers questions. To schedule one, visit our website and select the Demo FireMon tab in the top right corner or you may contact us at sales@firemon.com. If you would rather see a recorded demo, simply visit our site and select Security Manager Overview at the top left of the page. FireMon 2011 www.firemon.com 13 P a g e

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information