Archive for the ‘FireMon News’ Category

Today at the Juniper Networks Global Partner Conference, FireMon was honored to be invited to participate in the keynote address. FireMon’s President & CTO, Jody Brazil, joined Juniper’s CEO Kevin Johnson to demonstrate FireMon Risk Analyzer running on Junos Space. We at FireMon are thrilled to be partnering so closely with Juniper. The Space platform represents a significant development in terms of network programability and extensibility. FireMon Risk Analyzer leverages the rich real time configuration data provided by Junos Space to maintain the most accurate and update network topology within Risk Analyzer. FireMon also announced that while the current release of Risk Analyzer supports hooks into space, the release of Junos Space 12.1 would see the release of Risk Analyzer running natively within Junos Space. FireMon and Juniper will continue to work closely together to create the most accurate and real time risk analysis and remediation tool for Juniper environments, with many more exciting developments to come throughout the year.

As those of you who have followed this blog over the past couple of months know, we have been slowly revealing bits and pieces about our new Risk Analyzer product here at Firemon. Over the next week and  in the coming months, you will see and hear a huge push around Risk from all areas of Firemon. The official release of Risk Analyzer is imminent, as our CEO noted in his twitter feed this morning. We have also highlighted our partnership with Juniper Networks around Risk Analyzer and JunOS Space. You can get even more insight into what we are doing together on Juniper’s YouTube channel.

Why are we suddenly so focused on Risk, and why is it something you should care about? At the end of the day, all of the security controls organizations have put in place, the firewalls, IDS/IPS’s, proxys, ACL’s, desktop firewalls, etc., are there to help reduce and eliminate the risk to your IT infrastructure. Risk is what we are trying to control and limit. However, as we have previously highlighted, analyzing risk in today’s networks is a huge challenge. We tend to rely on a single tool to determine risk, and in the complex network environments we live in today, these tools can present 1000′s of items that an organization needs to address. Attempting to manually review that list and prioritize the remediation results in organizations spending to little or too much time attempting to reduce their risk. Furthermore,  those tools lack the full contextual awareness of your entire network topology and how data flows through the environment, which is a real key to accurately identifying the areas of your infrastructure that are most at risk.

Risk Analyzer provides that full context of network topology awareness that is so critical to accurate risk analysis. It automatically shows you what actions to take to reduce the greatest amount of risk with the least amount of effort, ensuring your valuable resources are spending the exact amount of time needed to effectively reduce risk to your infrastructure. It’s patented analysis engine that has been proven for the past 4 years in the largest DOD and Intelligence networks produces results in seconds as opposed to hours or even days that other solutions require.  It graphically shows you where you are at risk from any part of your infrastructure. Risk Analyzer will help you automate the reduction of risk to your IT infrastructure.

This is why we are excited about Risk Analyzer and so focused on Risk. Risk, after all, is the key.

The amount of news generated around attacks in 2011 has been overwhelming. In just the last week, the reports around SCADA based attacks have reached almost histrionic levels. Attacks on NASA, AT&T & VCU have all been highlighted this month as well. Despite the fact that companies will spend over $8 billion dollars on network security this year, hackers continue to successfully breach networks with an alarming regularity.

In an article on APT’s  posted on Dark Reading  yesterday, Sean Brady from RSA had an interesting quote. He said “Identifying the entry point — where an attacker got into a company’s network — is a key aspect of identifying and responding to an advanced attack”. At Firemon, we couldn’t agree more. However, we would also ask why wait until you’ve been attacked to discover the entry point? Why not proactively find the entry point yourself? As clearly indicated by the attack coverage we’ve seen in the press this year, the attackers are actively looking to find the entry point into your network even as you read this post.

Firemon’s new Risk Analyzer technology is designed to proactively find the entry point into your network that can be exploited. Risk Analyzer will also identify where an attacker can pivot off that access point, and what other resources within your network can be compromised. Risk Analyzer will also prioritize what patched vulnerabilities can reduce the greatest amount of risk with the least amount of effort, helping to focus your organization’s remediation efforts. Don’t be the last to discover the entry points that are exposed in your network; he who finds the entry point first wins.

I read a quick blog post this morning from Rick Holland at Forrester. In fact, part of my title is borrowed from a line in his post. As security professionals, I think it is important to recognize that despite our best efforts, many of the network security controls that have been deployed have still failed to prevent breeches and attacks from occurring. Holland along with John Kindervag have published a new report called “Planning for Failure”. They note that this years headlines have not been encouraging for the security world, as evidenced yet again yesterday by the Steam website hack and the take down of Estonian hackers in Operation Ghost Click.

The deluge of news around breeches and incidents that have occurred this year should not cause us to throw our arms up and head for the exits. It should ultimately galvanize those of us in the security world to be more proactive about assessing the risk posture of our organizations, identifying the areas of weakness we have, and fixing them before an incident occurs. As Holland notes in his post “An ounce of preparation is worth a pound of remediation”. The full Planning for Failure report also stresses the importance of testing. We at Firemon could not agree more. Our new Risk Analyzer technology enables organizations to test their entire network topology, factoring in the network security controls that are in-place, and identify exactly where attackers could breach your network. Risk Analyzer will even highlight systems that are susceptible to client-side vulnerabilities that attackers could gain access to despite effective network security controls, and identifies where the attackers could further penetrate into the network by pivoting off these assets. Risk Analyzer’s patented analysis engine provides real-time analysis, and graphically shows you where in your topology you are vulnerable. Risk Analyzer also helps you to laser focus on what remediation steps will reduce the greatest amount of risk with the least amount of effort by providing a prioritized list of remediation actions, and allowing a user to virtually apply said patches, graphically showing the impact that remediation effort has on the networks risk posture.

We are excited to release Risk Analyzer this month, and believe it is the key part of a proactive testing process that all security organizations should implement as part of their overall Incident Management plan. Risk Analyzer will allow you to substantially reduce your risk posture, prioritize your remediation efforts, and to measure the effectiveness of the security controls you have put in place.

Lately, there has been a lot of discussion and interest on the blog around Firemon’s new Risk Analyzer product. While we are excited about bringing the fastest patented risk analysis and reduction engine to the market, we haven’t stopped developing new features in our flagship Security Manager product. The latest 5.3 release added support for both Palo Alto Networks Next Generation Firewall appliances and Fortinet firewall appliances, including support for Fortnet’s Virtual Domain (VDOM) technology. Firemon continues to be a customer focused organization, and we are excited to add support for these great products as requested by our customers.

We are also very excited about the future direction of Security Manager. Stay tuned for more updates around the integration of Risk Analyzer into Security Manager, and the awesome functionality that will provide organizations in proactively knowing what risks they could introduce when adding or changing firewall or network access rules. In a recent survey conducted by Ernst & Young, only 49% of respondents stated that their information security function is meeting the needs of the organization. The combination of Security Manager and Risk Analyzer enable any security group to quickly and easily know the status of their security posture, and to validate that their information security investment is in fact meeting the needs of the organization.

Image by Highways Agency via Flickr

The second key element in enterprise network risk analysis is speed. I mentioned in my last post the presentation I gave at the United Security Summit. In that presentation, I compared network risk analysis to automobile traffic engineering and the challenge of reducing or eliminating congestion on a given highway. I highlighted the Active Traffic Management (ATM) system that was originally deployed in 2005 in the United Kingdom on a 17km stretch of M42. There are a number of parallels between the ATM and what constitutes an effective enterprise risk analysis and reduction tool.

The UK has had an 80% increase in traffic since 1980, with only a 10% increase in their road capacity. They needed a solution that provided the full context of all factors that lead to congestion on a given stretch of highway, much like in network risk analysis we need the full context of the network topology and the network security controls in place to truly determine the given risk posture of any enterprise. The ATM on this 17km stretch of M42 has over 500km of cabling and sensors deployed, along with 300 CCTV cameras and 50 gantries with computer controlled signage. All of this information is fed back to a central control center, where traffic engineers leverage software algorithms to process all incoming data. The system then provides a prioritized list of actions the traffic engineers can take to reduce congestion and in the first 6 months of deployment increased capacity on this stretch of M42 by 10% and reduced transit times by 34%. With the amount of data generated by all of the wiring and sensors, no human could simply look at a raw listing of data and decide what are the 2 or 3 best steps to take to reduce congestion. The ATM automates the process of processing this data, and provides the recommendations in real-time. If an accident occurs at kilometer 14, the ATM can recommend that the traffic engineers change the speed on the gantries at kilometer 2 by 40 km/hour in order to ensure traffic doesn’t come to a complete standstill and increase the possibility of additional accidents and further congestion. This recommendation is made as soon as the problem is detected. It would not be effective if the ATM algorithms took hours to decide that the speed needed be reduced to alleviate congestion; the entire 17km of highway would be stopped by then.

Similarly in Enterprise Network Risk Analysis and Remediation, you need a tool that scales to process all of the data related to the network topology and the associated vulnerabilities, and provides the prioritized steps that reduce the greatest amount of risk with the least amount of effort in the fastest possible time. Tools that take hours or even days to process the data and produce a recommendation are like an Active Traffic Management system that takes hours to provide a recommendation. By that point, with the ever-growing and persistent threats that we face in enterprise security today, an attacker could have already exploited a resource in your environment and subsequently pivoted from that resource to exploit other parts of your network. Firemon’s new Risk Analyzer is able to scale to support the largest enterprise environments in the world, having been deployed for the past 4 years in the largest United States DOD and Intelligence networks. Risk Analyzer’s patented analysis engine processes all data in seconds, producing a prioritized list of remediation actions that allow organizations to know the exact steps that reduce the greatest amount of risk with the least amount of effort. Risk Analyzer has the full network context and real-time speed to enable any enterprise to significantly reduce their risk posture and ensure their security investment in both technology and people is being utilized as effectively as possible.

In addition to Risk Analyzer, FireMon has introduced Back Box, a centralized, enterprise backup solution for the critical security and network devices that provides a scalable, reliable and verifiable backup solution for your network. In my past roles as both a security consultant and a named accounts senior security engineer, I have had the privilege of working with some of the largest Network and IT Security organizations in the world. One element that was surprisingly all to common amongst these different organizations was that many of them had back-up solutions that were built in-house by their best engineer. While these customized solutions worked, inevitably said engineer left the organization at some point. Subsequently, another engineer or even a team of engineers had to figure out how the solution worked, and often ended up writing their own solution when they were unable to figure out how to update or add additional features to the previous custom tool. Most troublesome, many of these solutions had no mechanism to validate that a backup was completed and verifiable, and resulted in not being able to utilize a backup when a down situation occurred. Back Box provides a single, central location for all your network device backups and verifies that all of the components necessary for restoration are captured and usable with real-time status and reporting capabilities.

The combination of Risk Analyzer and BackBox along with Security Manager and Policy Planner give FireMon the most complete product suite to enable organizations of all sizes to optimize their network security posture. What is exciting to me is that organizations are starting to realize the importance of having a tool that enables them to have a complete picture of the state of their network security, and are no longer considering this just a nice to have. Consider one of our large customers in the financial vertical. They have 700 firewalls deployed globally, with an average of 300 rules per device. With over 200,000 rules to manage on a daily basis, they have come to rely on Security Manager to enable them to plan and report on any changes to the firewall policy, increasing their visibility as a security team. The Rule and Object Usage report has become a weekly process within their organization, allowing them to see which rules and objects are unused over a defined period of time and safely removing them. Security Manager automates the change process for them, capturing justification of access with Policy Planner and making compliance a repeatable and automatic process. Surveys consistently show that perimeter security is still considered one of the most important security tools to protect an organization. Security Manager and Policy Planner help enterprises manage these most important devices better so you can provide better service to your users at a lower cost to you.

This is why I am so excited to be at FireMon now. The company that invented the space continues to innovate and enable our customers to manage their risk in real time and ensure their enterprise has the optimum network security posture. This innovation is just the tip of the iceberg, and over the next year I look forward to sharing with you more of the many exciting developments and innovations we will bring in our products and with our partners to help you ensure your enterprise is optimized and secure. That is why you need FireMon, Now.

I was incredibly excited to join FireMon as the new Vice President of Business Development. After my first 30 days with the company, I can share that my excitement has only grown.  For my first posts on the blog, I wanted to share why I joined FireMon, and why I am so excited about the future.

FireMon was the first company to ever create a firewall change management tool. We invented the network security change management space. We were the first to introduce a graphical change report, rule usage information, policy test, traffic flow analysis, and many more features that are now the staple of the industry. In my career, I’ve always been drawn to companies that were innovators, and FireMon maintains that spirit of innovation at its core. FireMon continues to be the innovator with the acquisition of Saperix Technologies, which has become our Risk Analyzer product. Over the next few months, you will continue to hear about the dramatic innovations Risk Analyzer brings to the security optimization FireMon provides with its real-time risk analysis capabilities. In the zero day world we live in, enterprises can ill forward to use tools that take hours or days to tell them where their risks are. Risk Analyzer will provide real-time vulnerability analysis, and I am excited to debut the technology and some of the exciting technology partnerships we are building into the tool at the United Security Summit next month in San Francisco.

Risk Analyzer is a reflection of FireMon’s continued innovation. In part 2 of my post, I will share additional innovation being developed by FireMon, reflecting why FireMon provides the most complete suite of tools to optimize your enterprise security posture now.

There is no shortage of security industry conferences and trade shows. Some are local in scope and some are national or international. Some are targeted at security training, others on security research and industry networking. With all the options, I think most would agree that it would have to be a really different and special conference to be worthwhile to add to the already crowded calendar of security events.

Well, it seems that just such a special and different kind of event is going to be held next month in San Francisco. The inaugural UNITED (“Using New Ideas To Empower Defenders”) Security Summit is being held September 19^th and 20 ^th and is focused on innovation and collaboration in the security community. Bringing together security decision makers, practitioners, commercial vendors, open source projects and academia, UNITED will highlight technologies and approaches that will help organizations better cope with the increased security threats they are seeing on a daily basis.

What is really unique about UNITED is that it will be themed around the anatomy of a breach. UNITED was started by the folks at Rapid 7, developers of the Nexpose vulnerability management solution and Metasploit penetration testing program. However, there are many security companies and others sponsoring the event including FireMon, the Platinum sponsor of the event.

Additionally, FireMon’s VP of Business Development, Ward Holloway, will be speaking among many other industry veterans, including Chris Hoff, HD Moore, Alan Shimel and Gene Kim, to name a few.

UNITED promises to be a different kind of show and one that is well worth your time. All of us at FireMon are very excited to be part of UNITED. We promise this is one you don’t want to miss, so we hope you can make it! Click here for more information or to register.

Stay tuned as we are working on several other conferences that we will be announcing our attendance and sponsorship of soon.

Disaster Recover (DR) and back up long ago became staples of a competent network and security strategy. Backing up databases, applications and data can be as simple as setting up a schedule or deploying a service to automate it for you.

Though, much like the mechanic who doesn’t take care of his own car, backing up security and network device configuration is often overlooked and falls between the cracks. It’s just as important to back up security and network devices as it is to back up applications and other data.

Wouldn’t it be great if there was a solution that was tailor-made for backing up security and network devices? Something purpose-built for firewalls, routers, switches, content filters and load balancers?  Now there is!

FireMon is happy to announce the newest member of the FireMon suite of enterprise security management solutions: we call it BackBox. It is purpose built for security and network devices. Scalable and secure, with extensive multi-vendor support, BackBox offers central and secure backups that are verified to make sure you have everything backed up that you would need to restore in case of an incident.

BackBox also offers real-time reporting with a live dashboard and a full DR implementation plan to follow when you need to activate it.

All of these are custom tailored to security and network devices. When these devices go down, time is money. You want something that is going to get those devices back up and running as quickly as possible!

Here is a list of some of the devices BackBox supports:

Check in soon for more BackBox updates!