Overall Satisfaction with FireMon
FireMon is being leveraged across several IT Departments, including IT Security, Risk Management, Engineering, and Architecture teams. For us, it helps across many of our business models. We are in a highly regulated industry, SOX, MICS (gaming), and PCI, to name a few. For security best practices, we leverage integrated reports to help identify unused rules and objects. From an engineering and architectural approach, we leverage anything from policy creation and optimization, to ping path analysts to make sure the correct firewalls and policies are submitted the first time. With close to 100 firewalls, this helps streamline the process.
- Built-in compliance and security reporting - By scheduling reports, we automate the information gathered and get it to the correct department for remediation, freeing up resources for other tasks.
- Ping Path Analysts - this plays a big help in our environment. With over 300 IT personnel, communication is sometimes lost. Changes to architecture happen frequently with our dynamic and worldwide presence, including cloud. It is important to get it right the first time, in a secure and efficient manner.
- Security Manager - Organization, optimization, and metrics that can easily be tracked and help make future decisions on the appropriate coarse of action. For example, I've taken multiple firewalls which had high CPU and memory utilization, reprioritized the policies, and cut those metrics in half.
- Licensing is a nightmare - Depending on the 'size' of your firewall, there are different scu's. There are also costs associated with adding router/switches, as well as centralized management.
- System status and health - while there are ways to display the metrics, you have to go to a different URL and to each appliance. It would be nice if the manager had a health check for all of the collectors associated with it on it dashboard.
- MFA / SSO /SAML2.0 integration - It would be valuable to integrate the before mentioned integrations for secure access and flexibility.
I've had some challenges keeping this system up with the volume of traffic being sent to the collectors. We've engaged the vendor, but still have on-going issues.
- Positive - flexibility and use of the product. This enables non-firewall savvy people to gather enough information to make an intelligent, firewall policy request. Automation of reporting frees up a ton of resources by sending the appropriate information to the different teams. Compliance is a huge benefactor of these reports, as we are in one form of an audit every other month
- Negative - High price tag. Difficult Licensing model. Scalability and stability has been a problem for us. Integration to our ticketing system will cost to much, so this is still an area that I would like to integrate some day.
Yes, we have benefited from the multiple vendor, multiple environments quite well. Using tools such as ping path analysts, we can traverse multiple vendor and infrastructures, to gather information to correctly secure and create policy before ever touching a firewall or router. We can create accurate change control and execute right the first time. This is HUGE, as we are hybrid across multiple cloud vendors around the world to our properties.
I think the product is well suited for an environment with multiple, complex firewall deployments. Environments that are highly regulated and a have need for automation and reporting, would gain value. However, if you are a small company, or the deployment/environment is cookie cutter, then I don't think you would be able to justify the cost.... it's not cheap!