FireMon – Bringing the heat!!
Updated June 26, 2020

FireMon – Bringing the heat!!

Daniel James | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

Version 8

Modules Used

  • Security Manager
  • Policy Optimizer
  • Policy Planner

Overall Satisfaction with FireMon

FireMon is actively being used by our security team to enforce oversight and compliance standards for our firewall environment. Additional business units are also leveraging the solution to help with reporting. Change management will use the tool to identify rogue changes or changes that may have been implemented outside of our internal change management guidelines. Firewall admins will use the solution to improve the quality of the rules that they generate and to assist with the review and approval workflow. Compliance leverages the solution to help prioritize which devices may need more assistance or a greater amount of overhead needed to remediate.

The main benefit at this time is that it helps us help ourselves and reduce the amount of calories we burn each month or quarter in identifying what issues we need to address in our environment. Getting ready for audit, or quarterly reviews of devices is exponentially easier. Having the ability to automate many of our controls into our workflow on an ongoing basis also reduces the amount of time spent in each of those scheduled reviews/clean up efforts.

  • BU Reporting - Concerned about role segmentation? Want other business units to peek into how things are going on your devices but without having to give everyone under the sun admin credentials for those devices? FireMon accomplishes that for us. I'm able to take this solution to various business units and shop it around...and increase its ROI by getting additional processes or procedures built around its functionality.
  • Remediation Reporting - A flexible interface allows for very granular information to be generated, exported, and manipulated. Want to export a list of expired rules, done. Rules that allow traffic but don't have logging enabled, done. Find a change that took place outside of your change window and identify who's manager to speak to - done.
  • Support - Although this isn't a "Security Manager" specific example its worth emphasizing that with such a flexible and vestal tool there are multiple ways of doing things. Usually there is the way that I can find to fit my needs right now - but the support staff have been amazing as offering improvement suggestions for the way that I use the tool to accomplish the tasks I have to complete. Quick turnaround on tickets, and no micro-managing of prerequisites before offering a to schedule a webex or best guess first step.
  • More granular documentation - A flexible tool is great, but with flexibility comes gaps in documentation. Nothing serious, but I have found myself asking questions to support on more than one occasion because I couldn't independently find the solution in the default documentation. "How can I generate a query that uses this argument rather than this one..." kinda stuff.
  • More granular ability to "whitelist" specific rules - If security teams had perfect security, the business wouldn't be allowed to operate. That being the case there will always be compromises. Although I may care about a specific control as far as my environment is concerned, I will find myself with a laundry list of rules that will take an extended effort to clean up, or there is no good way around. Being able to acknowledge these and then circle back to them at regular intervals for review would be good - as opposed to having to make sure I filter those specific rules out of larger exports that I may dump into a ticket for remediation.
As a security professional let me first acknowledge that I know better than to say or document much in a public forum. That being said I have recently had reasons to sit down and future proof our current implementation. We're as virtual as virtual can be - if we acquired 300% of our current device load tomorrow responding to that need (aside from licensing) would just be a matter of spinning up more VM's in house, and cutting the appropriate tickets for where syslog info gets sent.
  • Extremely Positive - Recent efforts that have hinged on FireMon reporting abilities have greatly matured our security posture.
  • Administration Culture - Admins fight a balance of efficiency and due diligence - just as security teams fight a battle of risk vs. business needs. Having FireMon in house as a solution has helped shape the due diligence and expectations from our administrators, clearly allowing us to draw a line in the sand as far as acceptable risk, or acceptable documentation - and enforce that. Over time findings go down, technical debt from years past is lowered, and were promoting that security minded mentality into future vendor and device selections based off of in house practices and priorities.
I can't say that I've looked at a lot of competitors. What I can say however is that the great majority of those competitors simply offer reporting and tracking. Although in this review I have emphasized on just that area myself let me clearly identify that FireMon is more than that. Yes, I can run reports - but I can also canvas my team and come up with specific controls that we want to enforce going forward. A user submits a ticket and wants a rule with any object let's say - our admins will be told by FireMon that the security team has already said "NO - that's bush league stuff - get out of here with that nonsense" and that admin will then work with the user to identify a better solution. That's just one specific example...

Very well suited for reporting, and identifying control failures. I can single-handedly do the analysis work of an entire remediation team - validate my findings, export the information in a format that is friendly to pass along to my admins, track remediation efforts, and update documentation - in one interface.

There are some areas in the reporting that could be tweaked a bit to provide more nimble output. FireMon has a wide variety of pre-generated reports that have a lot of value over the query based reporting. Many of those reports you can run against your entire enterprise, but some you can't....meaning you might have to duplicate the report for a handful of devices depending on your need.