FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments. Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the entire IT landscape to automate policy changes, meet compliance standards, to minimize policy-related risk. Since creating their policy management solution in 2004, FireMon states they've helped…
N/A
Symantec Advanced Threat Protection
Score 7.2 out of 10
N/A
Symantec Advanced Threat Protection is a single unified solution that uncovers, prioritizes, and
remediates advanced attacks. The product fuses intelligence from endpoint, network, and email
control points, as well as Symantec’s massive global sensor network, to stop threats that evade
individual security products. It leverages existing Symantec Endpoint Protection and
Symantec Email Security.cloud investments, so it does not require the deployment of any new
agents. It includes functionality…
FireMon is best used in a large environment (for example, I have >100 firewalls in my environment). It's best used when trying to improve security posture and showing changes in firewall security over time. It might not be the best choice for smaller environments or those that aren't concerned about security management.
It is valuable software for when it comes to a large or medium organization, since it helps to protect the endpoints, but as the number of servers increases its value increases. However, it is important to keep in mind that when it comes to low end devices, its protection can affect their performance. This is because it is not a software with a very light agent.
The incident management piece is the heart and soul of the product. A single area where all data in relation to network and email protection is available.
Works well in conjunction with the standard Symantec Endpoint product.
URL Protection is advanced and very helpful
Technical support is great and definitely the best I have ever seen for a "anti-virus" type product.
I don't like that I have to maintain the client and keep it up to date. Updating the client is not a very easy process.
Deploying the client could be easier. They have a deployment tool, but it doesn't really get to all PCs, which means I still have to manually deploy it.
Because the product has so much customization, it can also be very difficult to set up and understand.
The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.
Symantec Advanced Threat Protection has done a sufficient job at identifying true positives. However, the UI could be improved and the amount of false positives is a little too frequent for my liking
FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.
I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.
FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.
I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them
Frankly, the other products were too expensive to make the change from Symantec so we continued with the tried and true protection. We don't have the funding to move to a more expensive product and the manpower that it would take to implement a new solution.
Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.
