FireMon Security Manager Reviews

The most valuable feature is the Firewall reviews for our company compliance.

The review process is an area that needs improvement. We would like to review the rules and be able to make comments.

The advanced features are complex in setting up the rules.

I would like to see level mapping available with other products improved, to allow other products to build the level mapping. It does not have an export in Visio.

I have been working with FireMon for half a year.

We are using version 8.

This solution is stable.

It's a scalable product. We have five to eight people who are using this solution in our company.

Technical support is fine. I don't have any other issues.

I have not worked with any product that is similar previously.

Most of the setup was easy for us, but the advanced features are more complex.

Pricing is reasonable.

Licensing fees are paid every year.

It's a good solution that is stable, I would recommend this solution to others.

I would rate FireMon an eight out of ten.

FireMon is nice and provides 360-degree user views. You can also find the information you're looking for pretty easily.

I don't like that it comes with bugs, constant issues, and limited functionality. I would like to have enhanced change management reporting support for UTM features in the next release.

I have been using FireMon for six months.

On a scale from one to ten, I would give FireMon a five.

• Vendor agnostic when it comes to integrating with other product.
• Reliable
• Excellent customer support

This product has enabled Kaiser Permanente Clinical Technology technicians with proactive/remote monitoring of highly critical systems.

A phone app would be nice. This is the reason why it is not perfect yet.

12 months.

No problems.

No problems.

A 10 out of 10.

No previous solutions were used.

Since a non-IT person like me was able to setup the system from scratch, I would say that it is not complex at all.

Relative to what it offers, the price is fair.

FireMon Immediate Insight was the only product that would work for us, due to the limitations that the Clinical Technology Department has at KP.

It is a very versatile and sustainable product.

Our main use case is the monitoring of changes on our firewalls. Another of our use cases is keeping firewall rules in good shape by doing regular rule reviews, using FireMon's built-in categories for rules and even deploying our own. Additionally, we used FireMon when we did internal firewall migration, meaning we were switching to a new generation of firewalls.

The solution has decreased errors and misconfigurations that would otherwise increase risk in our environment.

In addition, when we migrated to a new generation of firewalls, FireMon was of help when doing a first benchmark of the new solution and the initial setup.

It also identifies risks in our environment and helps prioritize fixes for them. The compliance module in Security Manager does that by watching overall rules and any changes, and benchmarking them against a pre-setup set of controls. It notifies us if any control has failed. That's how we monitor whether our firewall rules are compliant with a pre-set benchmark.

Firewall policy rule cleanup doesn't need to be a priority for a company to justify using FireMon, given that it makes that job much easier and faster. That means you don't need to allocate as many resources to do that work. It's now incomparably easier to do things like a rule review.

Overall, our monitoring and compliance are on much higher levels. The visibility we have into our firewall rules is much better now than it was prior to having FireMon.

One of the most valuable features is the compliance feature, which is something that we really utilize in Security Manager. It has a set of controls that we tuned a little bit from the way they came out-of-the-box, and created a custom set of rules that we are monitoring and that we want to have inline in our environment. It's a very good solution for real-time compliance management.

And for the cleanup of firewall rules, it performs really well for us. We utilize it in our regular rule cleanup tasks, several times a year. FireMon is our primary tool when doing that, either by going through its out-of-the-box compliance rules or using it to search for certain things in our rules that we want to prune from our firewalls.

When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box. We have tried to work around it by setting up email notifications, but it would be nice if it came with the product. That would really turn it into real-time monitoring for us. 

The workaround works for us, and the out-of-the-box setup is also good, but it expects you to be constantly watching and monitoring the solution itself. That's a bit hard when you have more than one solution to work on. You cannot just watch one and keep an eye on it for something that's non-compliant. Having an alert would be much easier for us. Still, it's a good tool for that kind of monitoring, for us.

I have been using FireMon for about two years.

FireMon is quite stable. We haven't had any stability issues with it so far.

It's quite scalable. The process of adding modules has gone quite well. Anytime we have needed to increase it, there hasn't been a problem.

We use it extensively; if not on a daily basis then on a weekly basis. There are periods when we use it even more intensely when doing reviews.

They really give us great support. When thinking of the level of support that we get from some other vendors, FireMon's support is really good. They have a good, knowledgeable support team around the world. We have offices in Europe and California. Whenever we have had any type of issue and have needed their support, whether the issue is in Europe or California, we have had really great support from them.

We did not have a previous solution.

We had a FireMon support engineer for the initial setup and it looked fairly straightforward, but it definitely needed some FireMon knowledge. Since then, we have onboarded a number of new devices in FireMon on our own, and that part is quite straightforward. But setting up the system itself is something that requires the knowledge of a FireMon engineer.

For the deployment, there was a month of weekly sessions with the engineer to get it working.

We have three people, within our security staff, who are using FireMon regularly. The three of us were involved in deploying and we work on maintaining it. It's a shared effort. None of us is working full-time on FireMon.

There are no costs in addition to the standard licensing fees.

We talked about other solutions with different partners, and based on that we decided to go with FireMon. We did have a proof of concept with them before going live, and we liked it and the options it had, so we decided to go forward.

The Configuration Change Management feature was something we were interested in as it helped us to identify who made the change, when and why. Also, the workflow was easy to set up to ease operations.

The second important feature I liked was determining unused rules - rules placed incorrectly in the ACL - this helped us to reduce the load on the firewalls, thus we didn’t have to buy a new firewall due to high CPU or memory consumption. With the help of FireMon, we fine-tuned the rules and were able to save money for buying a new firewall.

As mentioned, we were able to ease the operations and set up a workflow that allowed the firewall and other network-related requests to go through a formal approval process. This helped to track who, when and why the request was done.

Also, removing redundant rules and placing the rules at the correct place helped lower CPU and memory consumption.

I would have preferred fewer updates, as there were quite a few updates made every now and then. Secondly, the Risk Management Module didn’t work well until you have the all of the subnets mapped. This can be improved.

I used it for two years.

I didn’t really encounter any deployment issues. However, sometimes the GUI used to crash when it tried to populate the device map; we had a lot of devices. At times, the map displayed fine, even though it took some time to show up; and at other times, the GUI crashed. This should be fixed.

Technical support was fine; they have good technical people. However, support can be improved, if they become more responsive.

I did not previously use a different solution.

Initial setup was fine; you just need to map certificates between the sensor and the Application Server, which was something different. It can be sorted out through some other methods as well. I don’t exactly remember, but we faced one issue and to resolve it, we had to install the certificates again to get it working.

Implementation was done by the vendor team.

Although I have left the company, I heard that since the license renewal cost was too high, management decided not to renew it. The vendor should reduce the license renewal cost.

I personally did not test any other alternative, but I heard management evaluated Skybox as well; they eventually chose FireMon. It was a management decision, so I don’t know why others were rejected.

Check the renewal cost, and determine whether the Risk Management Module is mature enough and whether GUI crash issues have been fixed or not. Maybe for small companies, it comes up fine, but for large environments, it might cause issues.

Security Manager (SM) and Risk Analyzer (RA) are the most valuable features to me. SM assesses a network's security posture in terms of deployed policies, redundant policies, duplicate policies, etc. RA takes a snapshot of everything connected to and within the network down to the end points. It recommends security policies that would improve and further secure the network from potential threats etc.

The product is extremely helpful in policy analysis and improvement. RA was exceptional is identifying risk exposure areas.

Although there is nothing 'wrong' in FireMon's support for other vendors, with the advent of SDN, NGFW, etc., I think FireMon will have to cover more layer 3 devices from different vendors. Again, their current database covers almost all of the major vendors: Cisco, Juniper, Fortinet, etc. However, there is always room for growth in this particular area.

I have used this solution since 2012.

We have not encountered any issues with stability so far.

We have not encountered any issues with scalability so far.

Their technical support is superior.

Pricing and licensing is structured well and FireMon was very helpful in meeting the target budget for this project.

We looked at AlgoSec before choosing FireMon.

The instant and complete network graphical view it provides is amazing. Alerts give you complete control of firewall changes, its amazing for compliance and security policy validation. Rule comparison and filters are an easy way to check if you policy is concise and clean, giving your firewall the best performance and readability.

We managed around 70 different firewalls in more than 25 countries all over the world. The firewalls were from different vendors such as Palo Alto, Checkpoint, Cisco, Juniper, etc. FireMon helped to decrease the workload on risk analysis and also firewall rulebase review time by 50%, at least due to its very elaborate and easy to use filters.

It’s been a constant need not only to analyze firewall rules and configurations but also implement them, for which FireMon has no support. Also some of the firewall analysis involve weak password policy, FireMon could implement a way to send firewall hashes, when they exist, to third party cracking softwares.

I used this solution for about three years in my previous job. I primarily used the Policy Planner and Policy Optimizer modules.

The deployment was already easy for v7.0, the upgrade to v8.0 is even easier.

We had no issues with the performance.

It's been able to scale for our needs.

I would rate it 8/10. The only reason I don’t rate it 10/10 is because of the response time which, for us, sometimes took a little bit longer then expected. Customer service and technical support is very good.

The initial setup was very easy and straightforward and we had no problems implementing it.

It was initially implemented by a vendor team, but the implementation could easily be done in house.

FireMon is not a cheap solution but its price is well balance for what it has to offer.

We have evaluated FireMon’s competitors like AlgoSec and others, but found FireMon to be the best solution for our needs due to having a complete set of tools.

Be sure you read all the specs, and test the application as deeply as you can to ensure it meets all your requirements.

• Firewall cleanup - the best and most efficient way to clean the firewall from unused, redundant, shadowed rules that create unnecessary risks and impacts the firewalls performance overtime. Also, it helps with the PCI compliance.
• Rule use analysis.

• Improved change workflow
• Optimized my firewalls
• Meet PCI compliance
• Enhanced security

Needs more functional basic workflow for the Policy Planner for those who do not need a fully customized workflow.

One year.

No issues encountered.

No issues encountered.

I've found technical support to be a 9/10.

Straightforward.

Add infrastructure devices to the firewalls and negotiate an overall discount that way. Needed to get insight into configurations.

Tufin and AlgoSec were evaluated as well.

The customized workflow is worth it. If you are considering to migrate to new firewalls, implement FireMon because it will make your migration much easier. Also, cleaning up some slow firewalls will help you extend its life.