Whenever you set out to develop a new product, one of the trickiest aspects is selecting its name, as typically any solution offers numerous benefits; the newly introduced FireMon Policy Optimizer module is no different.
So what does Policy Optimizer do exactly? For starters, Policy Optimizer is designed for use alongside the base FireMon Security Manager solution, and greatly complements, though operates independently of, its sister modules – Policy Planner and Risk Analyzer.
While FireMon Security Manager addresses security device rules and policy management, and the existing Policy Planner and Risk Analyzer modules address intelligent policy workflow and change, and the combination of vulnerability data with network access intelligence, respectively, Policy Optimizer was born of the need to rapidly adapt firewall settings in response to changing conditions.
For example, whenever network security must respond to an emerging threat, changes in a business partner’s risk posture, or discovery of a troublesome firewall setting, Policy Optimizer allows those teams to research the impact on any affected device policies then connect with other officials to understand how to adapt enforcement.
Like all the best solutions, the genesis of Policy Optimizer lies directly in customer need, born of countless requests from large enterprises with a wide variety of related use cases.
The value of Policy Optimizer is clearly outlined by its moniker – to allow organizations to optimize (definition: to enhance or improve) alignment of firewall and network security device infrastructure. However, as anyone who has attempted to carry out or manage this process can attest, it’s a massive task with a huge range of related factors.
However, back to the notion of multiple benefits and use cases, Policy Optimizer was also created in response to enterprises that must review firewall policy compliance frequently to remain in scope with industry standards, notably PCI DSS.
Another key motivator was the continued growth of FireMon’s managed services provider (MSP) business. These providers are constantly seeking to transfer intelligence across accounts, and Policy Optimizer allows MSPs to query against established best practices to identify policies for improvement.
This may sound like a straightforward set of drivers, but the process encompassed is complex, remaining highly manual and fragmented at many enterprises today. Traditionally, operational security management, compliance teams and MSPs have been asked to improve device policies without any direct line of communication with key stakeholders – most importantly those officials that initially requested network access.
This lack of efficient workflow results in one of the most significant gaps in enterprise security management. Access requests are typically granted to support business needs then left in place for years, without ongoing review, based on the reluctance to affect changes that may interrupt critical services.
For their part, compliance/audit teams are asked to review policies every six months under PCI, and this process is so laborious that one FireMon customer had accounted 15 staffers to the process, full-time. That’s a massive investment to address a single compliance mandate, pulling resources away from other efforts.
Throughout Policy Optimizer’s development, FireMon management considered a number of potential names, including those related to policy assessment, rules review and rules recertification, among others.
The decision to adopt “Policy Optimizer” came from conclusion that this product serves so many customer needs and has such a huge range of inherent benefits that this bold, encompassing name was appropriate.
Anyone who manages network security, compliance audit prep, or related IT risk management would agree that optimization of firewall policies has a tremendous impact on improvement of network defenses.
Click here to read all about FireMon Policy Optimizer module – if you’re just such an individual or any element of network security is your job, you’ll be happy that you did.
We’d stake our name on it.