FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments. Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the entire IT landscape to automate policy changes, meet compliance standards, to minimize policy-related risk. Since creating their policy management solution in 2004, FireMon states they've helped…
N/A
FortiDeceptor
Score 9.5 out of 10
N/A
FortiDeceptor is a deception-based breach protection that helps users deceive, expose and eliminate external and internal threats.
FireMon is best used in a large environment (for example, I have >100 firewalls in my environment). It's best used when trying to improve security posture and showing changes in firewall security over time. It might not be the best choice for smaller environments or those that aren't concerned about security management.
To help the Infosec Team Scale & create a seamless consolidated threat response. FortiDeceptor all the Security analysts to manually investigate & manual remediation or automatically block these attacks based on severity before actual damage occurs via integration with Fortigate to quarantine the IP address of the threat actor, FortiNAC to isolate devices within an organization with FortiSOAR to trigger appropriate playbooks for an orchestrated response and with 3rd party solutions to trigger a response action via built-in fabric connector API. FortiDeceptor needs other FortiFabric Devices to respond well, however, FortiDeceptor also connects with other solutions via built-in fabric connector API, but you may miss the real-time data flow or may be delayed in response.
The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.
FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.
I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.
FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.
I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them
Since we have other Fortinet solutions like Fortigate NGFW & FortiSIEM in place, they share the threat intelligence with each other, and FortiDeceptor works very well in FortiFabric environments, We decided to go with FortiDeceptor for Deception technology. In the case of Rapid7 & Smokescreen, we had to counter the integration issue with existing IT infra, Security solutions should not work in silos, they need to share intelligence with each other to get the best from the existing Solution & to get the best ROI.
Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.
Internet security is a gamble. It's hard to know the cost of a "would-be" attack. FortiDeceptor is basically an insurance policy and for that, it is a great investment.
