FireMon Security Manager Reviews

We have a two-server system, application and web, and we're using FireMon for our Palo Alto firewalls and their logs, to help us create rules. 

We're working on cleaning up our rules using FireMon as well, because we have a lot of live, open rules.

FireMon really helps save time with the reports that give you visibility into what's going on with your network. We were able to pull a report and give it to the networking team and they were able to remove those rules, as opposed to having to dig deep and spend hours on that.

It has also definitely helped decrease errors and misconfigurations. For example, we had certain rules that were overly permissive. We were able to redress those rules and make them more specific. We have seen at least a 10 percent reduction in misconfigurations.

I've been using the reports to see what is going on, and that is a helpful feature. We can track down unused rules, which helps with compliance. We can see rules that have not been used or that are duplicates or overly permissive. We can use FireMon to create reports and use that information to make changes within FireMon. I also like that we can track the kinds of changes that the network engineers are performing on the networks. We can run reports on that.

We have also set up alerts and reports that come into my inbox daily. That gives me a rundown of any changes that have occurred within the environment.

The solution has a good dashboard that gives you an overview of what's going on within your network in terms of compliance and the security index. The dashboard also gives you an outline of redundant and unused rules. You can run reports and make them a bit more targeted in terms of what you're looking for. That can help with the cleanup.

I've also dabbled in the Policy Analyzer to see what information I can get from that.

Some of the things that you want to do in FireMon are not exactly straightforward, like creating certain reports or controls. Some of the functions could be a little more user-friendly, such as creating certain filters.

For example, I was trying to do a traffic analysis and it can be a little tricky trying to change your firewalls on that profile. You almost have to create the entire thing over again. So there could be some enhancements in the user-friendliness.

I have been using FireMon for eight months.

FireMon is pretty stable. 

There has been one issue when I try to run reports. Sometimes it gives me an error and I have to reboot the web services. I'm not sure if that's unique to us or an ongoing issue. I've opened quite a few tickets with FireMon on that. 

Apart from that, it's pretty stable. It doesn't go down.

The support has been good. They have been slow to respond sometimes, but overall, it has been good.

Positive

Networking-wise, I used a number of different solutions, but I didn't use anything similar to FireMon before.

My advice would be to spend a good amount of time on the training videos. And if you can set up some sessions with your FireMon contact, that would also help. I do so many different things that I don't get enough time to spend on FireMon. I do use it pretty often, but maybe in terms of training, especially, there's a lot more I could gain from it, as opposed to just running reports. I could get into automation, for example.

In addition to what I've been using it for, I know there's a lot more within FireMon, like getting an understanding of your network topology, bringing many different points together, and analyzing the risk factors. FireMon also helps automate firewall policy changes across large, enterprise environments, but we don't have it set up to that yet.

Real-time compliance management is great. That's something that we are looking into and we have created some PCI rules. It's just a matter of learning how to make the reports. It's not very difficult at all.

The maintenance that we go through with FireMon is mainly upgrades. I'm the point of contact and we have a couple of networking guys who are hands-on as well.

Firewall policy cleanup is definitely a priority. If you have rules that are not properly configured or overly permissive, you open your environment to a lot of serious compromises.

We have multiple use cases but most of our use of Firemon is around our security focus. We use it to make sure that bad things don't happen within the infrastructure.

We're able to push policy changes on a daily basis. Before, we had to schedule certain timeframes, but now we can push them throughout the day without having any issues. For us, it's only on-prem and for the cloud, but it does make things a lot easier to deploy.

Also, the cleanup of firewall rules in a large environment is a huge benefit. It allows us to stay current and get rid of all the junk that is in there. It's huge. 

It definitely saves us time in accurately creating, approving, and deploying firewall policy rules. And that is true as well for changing firewall policy rules. We're able to review them and either reject or agree with what the policies are trying to do.

Another advantage is that Firemon has decreased human error by taking all the human factors out of it. That's a good thing.

The ease of use is the most valuable feature. There are a lot of products out there, but the ability to navigate through and use Firemon is very good.

It's also a pretty good solution when it comes to real-time compliance management. We get feeds on a daily basis and they're real-time. It does its job well. There are only a couple of players in the market that do the job well, and FireMon is one of them.

For compliance reporting, the reports are definitely easier to create. We still have to massage them into something different, but it's helped out a little bit. The information is there.

Another pretty important feature is that it automatically warns you when new firewall rules, and changes to existing ones, violate compliance policies, before they are deployed. With security, you have to be able to react fast. You can't allow a threat to get deeply into your infrastructure. You have to catch it at the beginning. It's important to us to know that it's acting.

When it comes to identifying risk in our environment and prioritizing fixes, it is really about the different priorities within the organization. FireMon is not so smart that it can tell what's important to us. It's up to us to figure that out.

FireMon has been within our infrastructure for at least 10 years.

Regarding automating firewall policy changes, we don't like the word "automation" for the simple fact that automation is dangerous. We don't want it to take over. We want to be able to review everything before it happens.

We use it to keep track of our firewall devices, as an inventory database and a collection of the configuration. It also draws out the map of our network, including non-firewall devices.

We are using the latest version of the solution.

FireMon has been helpful because we have been able to meet our compliance risk management targets. We have been able to satisfy our auditors, internally and externally. 

FireMon has helped automate firewall policy changes across large, multi-vendor enterprise environments. This has been helpful for keeping a good inventory of the changes. Everything is well-documented. It also helps us to be mindful before we make any changes that everything is audited. Since we are a global environment, we can't see everything. We have many people working on different devices.

We are presently utilizing the automate firewall policy changes for our firewall and internal network devices.

The cleanup of firewall rules in our environment has been very helpful. We can go back and ensure we have uniform rules across different firewalls.

When it comes to real-time compliance management, it is very good because it is able to compare changes in the configuration as well as giving us a timestamp. It also sends email alerts to our environment so we know if someone has made a change on the network. It gives us the whole picture of that change. Whether it is a configuration change or just a small comment, it gives us the before and after snapshot.

FireMon can see firewall rules that may be too open. Then, we need to make them more restrictive. This is extremely important for our security posture. Every minute that passes, where we are not aware of an exposure, could cause major damage to the company.

We like that it is able to draw the network's topology. However, because it can't see certain things, it doesn't draw the full story. However, it is still extremely helpful. We also have asymmetric routing, which causes a challenge.

FireMon could improve its end-user practices. As an end user, I am just trying to catch up on all the alerts. There are so many, and you still have to go through them and document what was found. 

I have been using FireMon for at least two years.

Stability has been very good. The solution is set it and forget it. 

Scalability has potential. It could have more. Maybe a cloud environment is something that we should look into since there are many more layers once it gets out to the cloud. However, we don't want to trust the vendor completely. We just want to be able to see our environment.

It is used to monitor our firewalls and network devices from the US to Asia.

The technical support is very good. We have been able to get them on a call and get everything done as soon as possible, meeting our compliance and IT risk deadlines. I would rate the technical support as 10 out of 10. They were very patient with us on the call. It took about a week to get it all squared away.

Positive

Before FireMon, we were using FireEye. We switched because it could not generate the topology or draw it. It had a hard time with our Firepower Management Center, getting the firewall configuration and some of our ASAs. I also could not map the Cisco ACI environment.

The initial deployment was straightforward. Nothing was too complex, except adding more permissions to the service account. Otherwise, it was straightforward.

We did have a consultant from the solution on the call with us when it wasn't able to draw the whole network, as it couldn't log into that device. However, that was resolved.

We do change management every week. In a given week, we get at least a dozen email alerts about changes. FireMon saves us time in accurately creating, approving, and deploying firewall policy rules.

The solution saves us time in accurately changing firewall policy rules with 12 alerts per week. It gives us a graphical view, which is always helpful.

FireMon has decreased errors and misconfigurations that increased risk in our environment. There have been times that the solution found that we are using "any any" on some firewall rules. It was unintentional, and the solution was able to catch it and we fixed it right away.

Our information security did PoCs with many firewall or configuration change compliance software solutions.

Right now, we use a change management system so we are not using FireMon to warn us when new firewall rules, and changes to existing ones, violate compliance policies before they are deployed. FireMon does this, and we have seen it where it will have a questionnaire of things before we implement into the firewall. However, we are not presently using it because it does not integrate well with our current change management software, Cherwell.

With more understanding, we could have saved time on what kind of access FireMon needs, since we can't just give full access. We have to gradually allow it until that is enough access to get the information.

I would rate this product as 10 out of 10. 

We use it for firewall management and security management, firewall health, and processing firewall change requests.

Firewalls are very complex, and FireMon allows us to identify a firewall rule that may have a lot of sources, destinations, and paths, and identify various high-risk ports and high-risk situations that either shouldn't be implemented or need to be rectified prior to implementation.

It has not really saved us time yet because there is still some pretty significant manual intervention involved. We haven't implemented it on all firewall types yet because we have hundreds and hundreds of firewalls that do different things and because different firewalls have different risk conditions. But for the ones we have implemented it on, while it doesn't really save time, per se, it does provide higher visibility into high-risk situations, which were very difficult to identify before. As a result, it has decreased risk.

The most valuable features are the security assessments and the ability to identify unused rules or objects. 

The real-time compliance management, in general, is also pretty good, as is the cleanup of firewall rules in a large, enterprise environment.

It doesn't yet handle our firewall brand very well and some of the complexities that exist in a very large organization like ours. For example, it doesn't handle network address translation very well for cleanup and it doesn't handle nested objects very well for cleanup. It does unused-firewall-rule cleanup pretty well, but we have had to do some extensive modification because it sometimes gave us false positives. It would identify a firewall rule as unused when it really wasn't unused, due to the nature of how Palo Alto works and how FireMon works. That has required some manual workarounds.

I also wouldn't say the solution automatically warns before new firewall rules, or changes to existing ones, violate compliance policies. Not totally. When a change request comes through, it runs through the FireMon process and if it is a high-risk situation, FireMon will flag it. It then requires manual intervention or manual evaluation or correction. Other than that, we work from a monthly audit report that runs to flag any rules that are high-risk. We want to streamline our operations and make them more effective and automated so that high-risk requests are filtered out and validated automatically or semi-automatically, prior to implementation.

We're working on automating the request process, but we're at a standstill right now because FireMon doesn't handle Palo Alto attributes very well yet. It's very Check Point-centric. We've had limited success with automating, as a result. They need to be able to handle Palo Alto firewalls better. For example, they don't do App-ID very well.

I have been using FireMon for almost two years.

We've had some stability issues in the past with FireMon. We still have a few that they say are fixed in version 9.5. But we can't run version 9.5 yet because they took out the SNMP management and our ability to remotely monitor our FireMon instance. As a result, we can't put that version into production yet. They're putting that ability back. That's a feature that we absolutely require. We're not the only ones that require It. In talking with them, a number of customers have complained about that.

We've had some issues with file systems filling up because it identifies unused or unlicensed firewalls and it adds them to the list. It's trying to pull unused firewalls and that is filling up the file system and crashing the system. It still does that on version 9.3, but they say it's fixed in version 9.5.

It's hard to scale FireMon. You have to add a lot more appliances or virtual machines to run the software and scale it appropriately. Because we're a worldwide organization, we've had to do a lot of that. We've had to split out our application servers and databases. We have three instances around the world and we're probably going to need to add more as we go forward, because it does have some limitations in how much it can process at any point in time.

It's also, in part, a Palo Alto issue because Palo Alto processing is very slow. So in the handoff between Palo Alto and FireMon, we've had some issues where FireMon doesn't always retrieve the configurations in a timely manner. When we run a report that is not necessarily running on the current data for all firewall rules, a firewall rule will suddenly be flagged as "not used," for example, when it really is used.

In general, their tech support is pretty good. 

I do have a concern with them, and I did express it to them already: Sometimes, it seems that when a new release comes out and changes take place, their development team doesn't always let the field support people know what the changes are. We have run into something on several occasions that caught the technical account manager off guard because he wasn't aware of it. It was only when we surfaced it that he realized it and said, "Oh yeah, that has changed and they never told me."

But generally, their technical support has been able to resolve issues. They're good, but I don't think they have enough expertise yet in Palo Alto.

Some of our requests are feature requests. We're working with them on a lot of those and they take more time. Some have to be put into a future release, and some are on their roadmap but haven't been pushed out yet. 

Positive

Before FireMon everything was manual.

Our initial setup of FireMon was pretty complex, but we're trying to simplify things by choosing where we start. We're starting with some of our simpler, more straightforward firewalls. We haven't even gotten to the complex ones yet. It's a very slow process.

We haven't calculated ROI but the return when it comes to value is getting there. FireMon doesn't scale well enough with the complexity of our Palo Alto environment yet. I think the value will get there. We're at about the midway point when it comes to value. On a scale of one to 10, we're at about a four or five. On the simple firewalls, it works pretty well. On the complex firewalls, it kind of works, but there are a lot of exceptions that it doesn't know about or can't handle, and that causes us to have to backtrack into a lot of manual work.

I don't see an issue with the pricing.

AlgoSec was one of the three other products we looked at. FireMon seemed to be a better fit for where we're going and what we're doing. It seemed to have more capabilities and features than some of the others did, features that fit our environment.

If a colleague at another company were to say to me that firewall policy cleanup and management is important, but it's just not a priority compared to other more urgent items, I would say that firewall cleanup is pretty subjective. We think it's important because if you don't clean things up it leaves potential holes where vulnerabilities can come into your network. I would tell them it ought to be a priority.

In a small organization, I think FireMon would be absolutely fantastic. Just be sure you do a good job of documenting your use cases in terms of the scalability you need, before you talk to FireMon. You need to be clear with FireMon about what kind of scale you need to be able to scale up to.

When you get into an organization like ours, with hundreds upon hundreds of firewalls for different purposes, our firewalls don't line up in a linear fashion. It's not a case of "more of the same, more of the same," when it comes to our firewalls. They all have their own risks and nuances, their own rule sets, and their own security implications. Our firewalls have multiple paths through them and FireMon falls short a little bit because it's not Palo Alto-centric.

I don't think FireMon has kept up with where Palo Alto is at. They started out being Check Point-centric for years and they've never really fully embraced the nuances others, like Palo Alto or Fortinet, have. They don't handle a lot of the capabilities and attributes that Palo Alto does yet. They're working on it. They're getting there.

We have an open issue list that we are working through with FireMon little by little, including things it doesn't do well. We meet with a technical account manager on a weekly basis. Of course, we're not their only customer, so we can't dictate what they do or don't do regarding Palo Alto, but we're making our concerns known.

We've had to customize a lot of the security. Their out-of-the-box risk situation was too restrictive in some areas and not restrictive enough in others. So we have had to tailor the risk conditions by firewall type and create custom risk reports by firewall type, because not all our firewalls are the same.

We have a single server and we're a small group. We use FireMon to track all of our firewall rule changes.

The security section lets you see where your unused rules are and it lets us go in there, optimize it, and make the firewall more secure.

FireMon saves us a lot of time and it's nice because if you're adding a rule that's similar to another rule, it'll tell you so sometimes you can just edit the one and add another source or destination in there without creating a duplicate rule. It enables us to consolidate and have fewer, more meaningful rules. We're saving around 30% of our time.

I like the dashboard for the security section of it. It helps you identify the higher risk rules on your firewall so you can mitigate the ones that you were not aware of.

When it comes to real-time compliance management, we can use it to push out rules. We do that manually. But it's a great thing to be able to track and do everything because we were doing all that manually in the past and trying to go back and find something that we had done in the past the manual way was not working well.

FireMon decreased errors and misconfigurations that increased risk in our environment.

It also helped us to identify risks in our environment and helped to prioritize fixes. It does that through the security dashboard. It lists recommendations, zero-hit rules, and things that you just have out there that aren't being used.

It's been great for our security posture. Every hole we button-up is one less out there.

It comes as a Linux appliance on a server and we're not a Linux shop, we're more of a Windows shop. It would be great if they could automate or integrate the backups into it and other things through their GUI interface, just to make the management of Linux a little more transparent.

I have been using FireMon for two to three years. 

The stability has been great. We have not had any problems whatsoever. It's very reliable and always available.

We're a small shop. We have everything on a single server, but I know you can put it across multiple servers for larger organizations. We're just not one of them.

There is one network engineer who uses it. But we have about a dozen people on there all together who are system admins that add rules.

We have our main site and a remote site, so it's two firewalls.

It's at 100% of the implementation.

Technical support has been very good. They always answer my questions. They'll stay on with you until they resolve the issue.

FireMon is a totally new implementation. We previously did everything manually.

We chose FireMon because it was recommended to us by the auditors and it was time to automate it as much as we could.

The initial setup was straightforward. We sat back and they installed it for the most part.

I don't remember anything bad about our FireMon consultant so I'm sure everything went smooth. We set up the servers, they set up a backup server and they had everything working when we got off the phone. They also had some additional training online for me, which I found helpful.

Our ROI is that it saves time and helps us improve security. 

Other than the initial purchase, we just put in for the renewals every year and somebody else worries about budgeting and everything. 

We haven't been using it for compliance at this point. The auditors use a different application for compliance. So we've been running that to check with security compliance.

I would rate FireMon a ten out of ten. 

We use it to go through unused rules, for cleaning up stuff. We have a bi-weekly meeting where we go through firewalls and look for any unused rules or any rules that are redundant and any high ports that are being used that we're not supposed to use. 

We want to eliminate all firewall rules that have FTP access on them. We don't want to use FTP any longer. With the help of FireMon, we were able to go in and check all the firewalls that have rules with FTP on them and we opened up a project with the network team so we could eliminate all those rules.

FireMon has been very helpful with closing visibility gaps we previously had. Since I got here, it has helped us dig into stuff. And whatever help we need, any projects we have that we haven't been able to figure out by ourselves, they have gone in and helped us out.

I called them once because I wanted to see if they had a report that I could run for rules that have not been used in 365 days. With their help, I was able to run that report and provide it to the network team so they could eliminate those rules that had not been hit in a year. The list I gave to the network team had 7,917 rules.

Finally, the solution has helped to reduce our overall audit time by about 50 percent. That's awesome.

I'm working mostly with the Security Manager part of FireMon. It gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong.

We also use FireMon to conduct a full inventory of our assets so that we can secure everything. For example, our parent company has three retail brands. The other day, my director asked me for an inventory of all brands: every firewall, Cisco device, whatever we are using, and to give him a break down. I was able to go to FireMon, grab everything, put it in an Excel sheet, and break it down by brand and by DMZ and PCI environment as well.

In addition, it's very easy to navigate. Very easy.

We're working on implementing FireMon with our ticketing system service now. Having that would be an improvement. I believe they said that they are working on that for the future. That would help us out a lot. For example, when somebody wants to open a request for a firewall change, we'll go through ServiceNow, and then go through FireMon, make the changes, and make sure everything is recorded, who did it, etc.

The stability is very good.

The scalability is great.

Technical support is very helpful. On a scale from one to ten, I give them a high ten. You can either use their User Center and open up a ticket via the web, they're pretty quick about it, or you can call them directly. They have a number to call their Help Desk and they pretty much pick up right away. 

They'll go into your machine right away if you need help. I have hardly escalated anything to a Level 2 or Level 3 because right away, whoever picks up the phone is knowledgeable and will resolve it.

I'm not sure if FireMon has saved us money, but I know it has saved time in cleaning up the whole company and has helped reduce all that ugliness that we had.

We pay on a yearly basis but my manager takes care of it. Regarding additional costs, if you want things like Policy Optimizer, extra features, that's extra.

Before the parent company bought us, we used to have another product - I don't want to say its name - but it wasn't like FireMon. FireMon is way out there. It has all these features. I'm still learning it and I have almost a year-and-a-half of experience using it. It just has a lot of stuff that my other tool did not have at all. There's so much visibility in it and stuff to play with that my other tool did not have. I really like FireMon.

One of the products I used was Tufin. It wasn't like anything like FireMon. You couldn't do the stuff you can do with FireMon, in terms of the Policy Planner option and the Policy Optimizer. All you could do in Tufin was view the rules, how many hits; basic stuff.

In terms of what I've used so far in my career, FireMon is one of the best. Try it out, it won't hurt. Give it a shot. It's the best, for me. It has everything that any company would need. It's easy to navigate, there is a lot of helpful stuff in their User Center, in their Knowledge Base. Everything's there. You don't really need to bother them a lot. If you want to know something, they have documents in their User Center. It's a very good product.

In terms of FireMon's cloud support automation for public cloud platforms, we did ask for that. We are actually going to the cloud in a few months. We just asked that question last week. They did say that they do support that, but that's all we've talked about in terms of cloud.

We use FireMon every day. And we have plans to increase usage. Where I came from, we only have regular firewalls in there right now. We're looking to implement our retail stores' firewall devices as well, which is about 200 stores. We're definitely going to implement that so we can see our retail stores' environments in it.

We do have Policy Planner, but I haven't started playing with it yet. We're also looking to get Policy Optimizer, but we still haven't gotten the license for it. Security Manager is the one I mostly play with.

When I came to this company, I have to say, they were very sloppy. That's why they gave me this role, to focus on stuff like this.  We have cleaned out a lot in a year-and-a-half and we're still cleaning. It's so big, so many firewalls out there.

We have the network team as read-only users. There are about six of them on that team. The network team members are the ones who handle the firewall; they're the ones that make the actual changes. So sometimes they go into FireMon and run reports to view things. I don't know what types of reports they run, but we gave them the read-only access for that. In addition, there are three admins: me, as an InfoSec ops technician, my coworker, and my manager. My director is also a user. For deployment and maintenance of FireMon, it's just me and my coworker.

I rate FireMon at ten out of ten. I am very happy with the tool.

We use it to capture logs and events from our enterprise firewalls, and we also collect configurations from those firewalls. Our main use case is for cleanup and hygiene of those firewalls, to make sure that all the rules that allow our systems to talk to each other are current and being used. And if they're not, then we clean those rules up.

We use it more on the reporting and logging side, rather than for actually making changes to our firewalls.

For our PCI compliance audit this year, it was a better tool for us, with better real-time capabilities and better formatting for the reports that we needed. It has definitely made things more efficient by having a single console. We can run all of our reports from it, whether it's for the PCI environment or things that extend beyond that environment. It's very simple to use and it saves us time.

The "wheelhouse" of FireMon, and why we bought it is the effect it has on the cleanup of firewall rules in a large environment. We've had rules out there that needed to be cleaned up for a couple of years and we just didn't have an elegant way to do that. The solution has really helped make things more efficient and easy for the implementing teams to consume. It's been great for that.

While we didn't buy some of the additional tools that allow us to implement changes, it saves us time in accurately creating, approving, and deploying firewall policy rules. We get more value out of being able to compare what was done versus what the team said they were going to do or what was approved.

It has also decreased errors and misconfigurations that increased risk. It's hard to quantify by how much, but we'll catch something that wasn't done quite right or as optimally as possible in 10 to 15 percent of the things that are implemented.

There are some built-in cleanup reports, out-of-the-box, and we like those. 

Also, the unused objects is another nice feature, where it digs a little bit deeper into comparing the logs that it sees versus the configurations that it sees. As an example, a firewall rule deck could be very complex and might have hundreds of objects. The unused objects feature will go through in a pretty detailed way and show us which ones aren't being used. Or, if they are used, it will show us how often they're used. 

Both those are geared toward cleanup and hygiene of the environment.

It's also good when it comes to real-time compliance management. We used it for our PCI audit this year. It's a situation where we have to prove to our auditors that all the communications that are coming in and out of particular systems, and that process cardholder data, are current, and that we have the documentation, descriptions, and the rules. It's been extremely helpful for that. We used some other tools in the past, but this one is far superior.

In addition, in terms of when new firewall rules and changes to existing ones violate compliance, the way we have it set up, FireMon automatically warns us when they're deployed. We look at those and we compare them with what we have approved for changes to the environment and it's very helpful for us.

To my knowledge, there's no cloud component to FireMon whatsoever. We're on the hook for any updates to versioning of the operating system or the application that runs on the operating system. It would be nice if it was a little bit more automated. We've got a small team and every time a new version is released, we have to go back and relearn the commands and how to verify that things were done correctly. That's the one pain point for me: It takes quite a bit of hand-holding, in terms of system administration from our server and infrastructure teams.

We implemented FireMon about six months ago.  

We haven't had any problems since the deployment. Things have been running fast and efficiently.

We're a pretty small shop, so I don't know how it would scale for a Fortune 100-sized company. Based on the feedback I've had, it's been great. We haven't had any problems with capacity or what we have needed to do.

We have 10 people using it who are system admins, network admins, and security analysts. I wouldn't say we use it extensively. It's something that any given person probably uses once a week.

It's possible that we would purchase some other modules that could give us a little bit more insight into the implementation and the planning side of things. But we like what we have for now. We don't have any direct plans to purchase more.

Initially, we had contact with their technical support, but things have been smooth for the last few months. We haven't had to reach out lately.

I don't remember the specific issue that we had, but it seems that they were on the ball. They responded right away and got us what we needed. My overall impression of their support organization is good. We've had limited involvement with them, but from my experience, it's been great.

Positive

We used Tufin. When we looked at FireMon we liked it from a price standpoint; it was better. We asked some peers about it through the reseller that we bought it through and got very good feedback. Those were the two main factors.

The initial setup was pretty straightforward for the most part. We had some hiccups and some bumps with some of the more detailed configurations, but overall, it was pretty simple to set up, get it running, and collecting logs and configurations. It took us about four hours over the span of two weeks.

We used FireMon paid services to help us implement it. They were great.

It's hard to quantify ROI with FireMon, but it's definitely valuable. How do you quantify a missed cyber security incident?

It's a good value. 

From a licensing standpoint, our only limitation is the number of devices that we manage. Our environment is small. We have fewer than 20 enterprise firewalls, meaning it's hard to say what it would look like at a company that has thousands and thousands of enterprise firewalls. But from our standpoint, it's very simple to understand, and gives us a good bang for the buck.

There are some hardware components involved in the cost, but in general, it's pretty straightforward. There are no hidden fees or adjacent costs that we weren't aware of going in.

We looked at Tufin's comparable product. We were using an older platform of theirs so we looked at their new platform and we looked at FireMon's and we decided on FireMon.

Make sure that you've got somebody from your non-cyber-security teams, somebody from one of the other IT teams, such as infrastructure, servers, or networks, who understands and who does really good documentation around the initial setup. Our cyber security or information security team is the one that uses it mostly, but we do need assistance from the other team. Make sure that you have stakeholders from other groups, even though they're not going to be the primary users.

The idea that firewall policy rule cleanup and management is important, but it's just not a priority compared to other more urgent items, is a pretty tough statement to make, especially in a regulated environment or if any sort of compliance is needed. It's just not really a valid statement. If someone said that, I would ask them to go back and make sure that they're following all the rules of the road.

It comes down to what your priorities are and what's important. Most regulations have some sort of a component around zoning and limiting communications between different systems. It's of utmost importance if you think about it from a compliance standpoint.

FireMon has served as a change monitoring and notification tool for a number of years, but recently we’ve decided to utilize the policy review capabilities to automate our periodic firewall rule review process.

Our primary use case for Firemon initially was to perform change notification for our ASA firewalls. This was the case for about 5 years.

With the introduction of version 8, we decided to reconsider other capabilities of Firemon – specifically the policy review reports that show unused or duplicative policy rules. We intend to use these features to automate our firewall policy review process.

Instead of having to utilize a manual review process, we can automate most of the process. Change notifications for our ASA firewalls that do not have built in change notification is also automated for us.

7 years.

Yes, after an upgrade to version 8 from version 7, we experienced several issues with the Data Collector component. They were all resolved pretty quickly by FireMon support.

No.

FireMon’s technical support is capable and responsive. I’ve had no issues with getting the right resources engaged when I need them.

No.

The upgrade from version 7 to version 8 seemed to be unnecessarily complicated, so we opted to to a clean install on version 8, and have had no issues with using this approach. In fact, it helped us clean up our installation.

Understand that the licensing exercise, is intended to right size the costs to your actual firewall models, but that Firemon v8 does not make a distinction between firewall models in the tool itself.

No other solutions were considered.

Perform the installation and utilize FireMon support to optimize the installation. Perform a post installation review of the configuration a couple of months after it’s implemented and running so that you can decide what features to use, which are useful. There are a lot of built in features that aren’t apparent until you get the whole system set up, all of your devices discovered, and the system collects information for a few weeks.