Canonical OpenStack vs. FireMon

Ubuntu OpenStack is well suited for startups where there are very tight financial constraints. As Ubuntu OpenStack is open source, the startup organizations will not have to spend a lot when compared to their commercial offerings in the market. Ubuntu OpenStack is less appropriate in organizations where they don't want to have private on-prem clouds. As deploying a private on-prem cloud is a very cumbersome and tedious task, the organizations must have a dedicated team to manage such on-prem deployments.

Incentivized

FireMon is best used in a large environment (for example, I have >100
firewalls in my environment). It's best used when trying to improve
security posture and showing changes in firewall security over time. It
might not be the best choice for smaller environments or those that aren't concerned about security management.

Incentivized

• Very easy to use, learning curve is very short. Don't need to invest months of training before using it
• Well suited with Jenkins for automated tests
• Works well on large sets of heterogeneous hardware

• Give good real time reporting for anyone making a change to any of our firewalls
• Provides good reporting tools that are out of box
• Provide good customization tools that is specific to our needs
• Upgrades are a simple process and support does relatively well with assisting us.

Incentivized

• More customizable options while choosing virtual machine configurations would be great.
• To have regular online learning sessions directly from Ubuntu OpenStack experts [to] help users and for those who implement it.
• Giving admin more control on what privileges they can grant to their users.

Incentivized

• Some features could be added to the existing functionality which include NAT rules usage
• Rule expiration normalization from firewalls rather than entering them in rule documentation
• .csv exports of the files from the firewall pane only gives usage for 30 days by default and that should be increased

Incentivized

The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.

Incentivized

It save me time and I'm able to have the review - review the rule independently with using my time.

Incentivized

FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.

Incentivized

I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.

Incentivized

FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.

Incentivized

Implementation is fairly simple. Most issues can be resolved by referencing manuals.

Incentivized

Everybody knows VMWare which is the world's number one in data center infrastructure management. OpenStack is lot lot less expensive but doesn't offer all the functionalities you have with VMWare especially for High Availability and load balancing. You should go for OpenStack if you need an easy to use solution without the need for external consultants. If you don't have the capacity to manage your own infrastructure you had better go for VMWare.

I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them

Incentivized

Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.

Incentivized

• Lighter on initial spending for the organization.
• Deployments which have no vendor locking makes management decisions easier.
• Support from great community saved lot of time for engineers managing it.

Incentivized

• FireMon's Compliance Reporting provided an immediate and tangible benefit
• FireMon helps identify egregious or erroneous rules quickly across multiple platforms
• FireMon took our audit process from an Excel spreadsheet into a far more advanced process with readily available context for reviewers

Incentivized