What advice do you have for others considering FireMon?

I rate FireMon Security Manager eight out of 10. It has many more features than we use, but we have a limited scope. I think we could've done more had we used that momentum when we were implementing it. Even if you think having a firewall management solution isn't a priority, the FireMon can provide more visibility and make some tasks easier, faster, and more efficient.

I would rate FireMon a seven out of ten. There's a lot more I can gain from FireMon, as opposed to just running reports. I am particularly interested in automation and similar functionalities, but I haven't dedicated enough time to fully take advantage of all the features it offers. There are ten of us using FireMon within our organization. The maintenance we undergo for FireMon primarily involves upgrades. We have dedicated networking personnel and a development manager who oversees the maintenance. I suggest spending a significant amount of time watching the videos; there are some beneficial training videos available. Additionally, it would be beneficial to arrange some sessions with their contact. I have an account and have been having sessions with my contact for five months. Firewall policy clean-up management is undoubtedly a priority. If we have rules that are not correctly configured or overly encrypted, we expose our environment to numerous serious compromises, making it imperative to address this promptly.

My advice would be to spend a good amount of time on the training videos. And if you can set up some sessions with your FireMon contact, that would also help. I do so many different things that I don't get enough time to spend on FireMon. I do use it pretty often, but maybe in terms of training, especially, there's a lot more I could gain from it, as opposed to just running reports. I could get into automation, for example. In addition to what I've been using it for, I know there's a lot more within FireMon, like getting an understanding of your network topology, bringing many different points together, and analyzing the risk factors. FireMon also helps automate firewall policy changes across large, enterprise environments, but we don't have it set up to that yet. Real-time compliance management is great. That's something that we are looking into and we have created some PCI rules. It's just a matter of learning how to make the reports. It's not very difficult at all. The maintenance that we go through with FireMon is mainly upgrades. I'm the point of contact and we have a couple of networking guys who are hands-on as well. Firewall policy cleanup is definitely a priority. If you have rules that are not properly configured or overly permissive, you open your environment to a lot of serious compromises.

I give FireMon a nine out of ten. I recommend that prospective users thoroughly familiarize themselves with all the features and capabilities of FireMon before configuring it. This will help ensure that no features are overlooked and that all features are utilized correctly. Firewall policy rule cleanup and management should be a top priority for all organizations. Improper configuration of these rules can pose a significant security risk. It is crucial to have knowledge of the allowed traffic, necessary policies, and unnecessary policies. Additionally, it is essential to monitor web traffic and accessed web port applications within the organization, including which users are accessing them. Configuring policies correctly is crucial to gaining control over malicious activity and user access.

Make sure that you've got somebody from your non-cyber-security teams, somebody from one of the other IT teams, such as infrastructure, servers, or networks, who understands and who does really good documentation around the initial setup. Our cyber security or information security team is the one that uses it mostly, but we do need assistance from the other team. Make sure that you have stakeholders from other groups, even though they're not going to be the primary users. The idea that firewall policy rule cleanup and management is important, but it's just not a priority compared to other more urgent items, is a pretty tough statement to make, especially in a regulated environment or if any sort of compliance is needed. It's just not really a valid statement. If someone said that, I would ask them to go back and make sure that they're following all the rules of the road. It comes down to what your priorities are and what's important. Most regulations have some sort of a component around zoning and limiting communications between different systems. It's of utmost importance if you think about it from a compliance standpoint.

With more understanding, we could have saved time on what kind of access FireMon needs, since we can't just give full access. We have to gradually allow it until that is enough access to get the information. I would rate this product as 10 out of 10.

It is a very good product. I always tell others to have FireMon people come and give a demo. I encourage people to try it out. We only have security management, but it is really a good product. I have attended a couple of their webinars, and they have a lot more features for more usage and value. It is a capable product. If our company had sent us for training and we had got to know more about the product, it wouldn't have been so hard. To a colleague at another company who says that firewall policy rule clean-up and management is important, but it is just not a priority compared to other more urgent items, I would say that it is very important. Sometimes, a firewall is created temporarily, and if you don't know, you will forget. So, the usage and hit count information is very important. In terms of compliance reporting, we have set it up for compliance reports such as PCI, but we didn't use it that much. Similarly, in terms of identifying the risks in our environment, it does show the changes, but we aren't yet able to prioritize them. It is helpful in automating firewall policy changes across large multi-vendor enterprise environments, but we only have two vendors. We were earlier using it only for the Cisco environment, and now, we are using it for Cisco and Palo Alto. We will probably use it for the core environment. Overall, it notifies you, but we are still not using it that much. In terms of the clean-up of firewall rules in a large enterprise environment, it didn't affect us, and that's because we are not doing it in the right way. We probably need somebody to help us on that one because we gave them the report, but they haven't cleaned it up. For Panorama, they use their own reporting, and we have to correlate them. One thing about Panorama is that if you have a rule from 20 years ago, and somebody is still modifying it, it doesn't update the new person's name. It doesn't ask you to put any change number. I know FireMon is only pulling the data, and it is not pushing the data, but I wish that it was pulling the changed data. The last time when I talked to FireMon, they said that they are just pulling the data. They don't go and push any data. For that reason, we don't have that much data. So, we have a report, but we haven't used it much for clean-up. We should use it in the future more. We also haven't used it to create a lot of policies. I would rate it a seven out of 10.

The latest release is version 9.4.2 but we only upgrade to the version behind the most recent release. This is so that we are more aware of what the issues with it are. We have a module called Policy Planner that facilitates the automation of firewall policies across large multi-vendor enterprise environments, but we never use it in practice. We bought the module and we tested it. In fact, we had plans to integrate with ServiceNow for the automatic policy portion, but the organizational policy here is to make changes only within the Panorama. Essentially, we have the technology, but we can't make use of it. This is definitely a product that I recommend, based primarily on how it compares with other similar tools. I would rate this solution a nine out of ten.

My primary advice is take advantage of professional services whenever you are doing the initial implementation. The second piece of advice is just to adopt the tool. We could have purchased FireMon, set it up, and not done anything with it. Then, we would not have gotten our return on investment. By choosing to adopt the tool and creating projects and processes around it, we have our money's worth out of the tool. If rule hygiene and policy management are a priority, you just have to make the time for it, in terms of setting aside time during the day that you are able to implement proactive changes and being able to measure those times for management. Anyone who does say that it's a priority for them knows that good policy management pays off in the end. Because down the road, you will be spending less time with a cleaner rule base. We do not currently use it for automatic rule deployments, but that is a feature that is available and we have tested it. From my perspective, that is a feature which provides value. We don't automatically deploy rules with FireMon, but I do know that is a feature and we have tested it. We don't use FireMon to automatically make changes on our firewalls. I would rate it as a nine out of 10. It has been very good. In terms of our use cases, it has met them very well. To move that up to a 10, changes to its reporting features would definitely make this product a lot better. Also, increasing the vendor specific features coverage and making sure that they are normalizing every aspect of each type of firewall.

We haven't been using it for compliance at this point. The auditors use a different application for compliance. So we've been running that to check with security compliance. I would rate FireMon a ten out of ten.

It's a good solution that is stable, I would recommend this solution to others. I would rate FireMon an eight out of ten.

My advice is to make sure you choose the right reseller because it's not a product you should use by itself. Overall, on a scale from one to ten, I would give FireMon a rating of eight.

On a scale from one to ten, I would give FireMon a five.

We're using the latest version of the solution currently. I'd rate the solution ten out of ten. I've been very happy with the product overall. I'd recommend the solution as it's so easy to use. Clients are very happy with it.

It is fairly straightforward to use, and I haven't really had a whole lot of issues with it. This solution provide us with end-to-end change automation for the entire rule lifecycle of firewalls. It does it from the request, then all the way through the approval cycle. We really haven't done much with this solution’s cloud support automation for public cloud platforms. We are just doing on-premise.

Each deployment scenario will be unique. A robust proof of concept is key to make sure it will meet all of your intended use cases. The solution is managing 25 percent of our firewalls right now. We probably won't increase usage until we can get the required features for firewall change rule management to work correctly. We probably will not increase usage until that works. I would rate it as a six (out of ten). We need the end-to-end mapping feature working to make it a ten. That is just our next phase. I don't know what other problems that we will run into. There is a lot to deploy before we can give all the details of what we need to make it a ten. There is integration with ServiceNow and some of our other tools. We have to make sure all that is working before we could give it a ten.

The best advice that I could give, honestly, would be not to look at a product for a short-term goal. Speak with the vendor about the maturity model that you want to go down and the roadmap that you have for your organization. They have a lot of different components and products that complement each other. I'm still waiting to do stuff now or next year that I wish I could have gotten funding for three years ago. If you're going to engage and move forward with something, try to future-proof what you're signing yourself up for. Take into consideration where your roadmap is taking you. If there is something you know you're going to do in two years, and they have this other product that supports that effort and can provide greater ROI between now and then, go ahead and lump that into it. As far as the solution's cloud support automation for public cloud platforms goes, I have used it and looked at it enough to ensure that it aligns with our roadmap. I feel it's there, but we're not currently utilizing the functionality. The solution would provide us with a single pane of glass for on-premise and cloud environments, but we're not using a production cloud environment at this time. However, I have made sure that whenever that does become a bigger footprint in our infrastructure, everything's going to be in place for us, as far as FireMon as a solution is concerned. The solution provides us with the option to have comprehensive visibility of all devices, but a prerequisite to it being able to provide that information is that the owners of the solution have to optimize and educate FireMon. That has not necessarily been a high concern of ours. It hasn't been a primary responsibility over the years for me to take my network map and input it into the device. For me, it doesn't fulfill that function, but that's not necessarily a reflection of the tool's abilities. In terms of using the solution to conduct a full inventory of our assets to secure everything, the Security Manager portion of it, alone, won't be able to perform that function. I think that there are a couple of other options that the vendor provides which address that need, but it's not something that we've invested in. Immediate Insight is the tool that associates itself with that kind of task. It's not something that we currently have the plugin for. End-to-end change automation for the entire rule lifecycle is something we're moving towards. It is something we have on our roadmap and that we've worked out with the vendor, to make sure we'll be getting funding for that integration. Integration is required to create that full automation. FireMon does support that and it's something that we're actively pursuing, but we have not submitted funding for it yet. I would certainly give it a nine out of ten because there's always room for improvement. Also, once I'm happy with a vendor, I'm not necessarily interested in whatever their competitors are doing. If I was sitting down with FireMon and all of their competitors every year, I might be able to say, "Hey, Tufin is doing this, why aren't you guys doing this?" But I don't do that. I would only feel comfortable giving a ten if I went through that process. I'm very happy with the solution for what it is, for how much it reduces my overhead, and how much it allows me to do things that, otherwise, I just wouldn't have the option of doing.

In terms of what I've used so far in my career, FireMon is one of the best. Try it out, it won't hurt. Give it a shot. It's the best, for me. It has everything that any company would need. It's easy to navigate, there is a lot of helpful stuff in their User Center, in their Knowledge Base. Everything's there. You don't really need to bother them a lot. If you want to know something, they have documents in their User Center. It's a very good product. In terms of FireMon's cloud support automation for public cloud platforms, we did ask for that. We are actually going to the cloud in a few months. We just asked that question last week. They did say that they do support that, but that's all we've talked about in terms of cloud. We use FireMon every day. And we have plans to increase usage. Where I came from, we only have regular firewalls in there right now. We're looking to implement our retail stores' firewall devices as well, which is about 200 stores. We're definitely going to implement that so we can see our retail stores' environments in it. We do have Policy Planner, but I haven't started playing with it yet. We're also looking to get Policy Optimizer, but we still haven't gotten the license for it. Security Manager is the one I mostly play with. When I came to this company, I have to say, they were very sloppy. That's why they gave me this role, to focus on stuff like this. We have cleaned out a lot in a year-and-a-half and we're still cleaning. It's so big, so many firewalls out there. We have the network team as read-only users. There are about six of them on that team. The network team members are the ones who handle the firewall; they're the ones that make the actual changes. So sometimes they go into FireMon and run reports to view things. I don't know what types of reports they run, but we gave them the read-only access for that. In addition, there are three admins: me, as an InfoSec ops technician, my coworker, and my manager. My director is also a user. For deployment and maintenance of FireMon, it's just me and my coworker. I rate FireMon at ten out of ten. I am very happy with the tool.

Make sure that you get the correct hardware for whatever size environment you have. End-to-end change automation for the entire rule lifecycle is not something we're using yet. It's something that I'm looking to get a beta for. There are about 20 people currently using the solution. However, the functionality allows us to extend the information that FireMon can gather out to hundreds of people, if not more. In some ways, there are hundreds consuming the information that FireMon gathers, and using it in some way. Network security engineers are the primary consumers, and network engineers are another consumer. In addition, anything related to our audit teams means those guys consume the data. Two people could do deployment and maintenance, although I tend to do it by myself. I'd put FireMon at an eight out of ten right now. To me, ten is something you only get if have no bugs or have very few bugs, and everything works perfectly. If you want a ten you've got to be perfect. I don't think any product would get a ten from me.

The version is an important choice for the product.