Archive for the ‘FireMon Development’ Category

FireMon announced the release of Security Manager version 6.1 yesterday. We are extremely excited about the new features and functionality that are a part of this release, which further extend FireMon’s unparalleled ability to strengthen both operational effectiveness and security posture. One feature that we are particularly keen on is the new Access Path Analysis (APA). Leveraging the patent-pending FireMon behavior analysis framework, IT personnel can both proactively predict and forensically record the flow of packets through network configurations and obtain detailed path analysis – including routes, interfaces, firewall and NAT rules that a packet encounters while traversing the network. Access Path Analysis uses the behavior of normal traffic as it traverses the network to understand what vectors and/or behaviors could allow malicious traffic to find critical assets. This allows more effective risk analysis and better informed remediation activities.

The 6.1 release includes additional features, including FireMon Insight, Device Packs and a new FireMon Query Language  (FMQL) API. FireMon Insight is a real-time dashboard of all your security configurations. Insight consumes the configurations of all major firewall vendors and presents data across all of them in a single, customizable dashboard. There is a critical need to transform configuration data into a usable form that can be quickly digested and acted upon. Insight enables security practitioners to quickly get the results of your queries even across hundreds of thousands of rules and millions of objects in multi-vendor environments. Turn those queries into meaningful, automatically generated security metrics in a matter of seconds. Device packs will enable FIreMon to add support for new devices quicker and not require an upgrade to Security Manager. The FMQL API will enable large organizations with a development staff or managed service providers to pull FireMon data and analysis into other systems. You can learn about all of these new features here, and read what Dark Reading wrote about the release as well.

As those of you who have followed this blog over the past couple of months know, we have been slowly revealing bits and pieces about our new Risk Analyzer product here at Firemon. Over the next week and  in the coming months, you will see and hear a huge push around Risk from all areas of Firemon. The official release of Risk Analyzer is imminent, as our CEO noted in his twitter feed this morning. We have also highlighted our partnership with Juniper Networks around Risk Analyzer and JunOS Space. You can get even more insight into what we are doing together on Juniper’s YouTube channel.

Why are we suddenly so focused on Risk, and why is it something you should care about? At the end of the day, all of the security controls organizations have put in place, the firewalls, IDS/IPS’s, proxys, ACL’s, desktop firewalls, etc., are there to help reduce and eliminate the risk to your IT infrastructure. Risk is what we are trying to control and limit. However, as we have previously highlighted, analyzing risk in today’s networks is a huge challenge. We tend to rely on a single tool to determine risk, and in the complex network environments we live in today, these tools can present 1000′s of items that an organization needs to address. Attempting to manually review that list and prioritize the remediation results in organizations spending to little or too much time attempting to reduce their risk. Furthermore,  those tools lack the full contextual awareness of your entire network topology and how data flows through the environment, which is a real key to accurately identifying the areas of your infrastructure that are most at risk.

Risk Analyzer provides that full context of network topology awareness that is so critical to accurate risk analysis. It automatically shows you what actions to take to reduce the greatest amount of risk with the least amount of effort, ensuring your valuable resources are spending the exact amount of time needed to effectively reduce risk to your infrastructure. It’s patented analysis engine that has been proven for the past 4 years in the largest DOD and Intelligence networks produces results in seconds as opposed to hours or even days that other solutions require.  It graphically shows you where you are at risk from any part of your infrastructure. Risk Analyzer will help you automate the reduction of risk to your IT infrastructure.

This is why we are excited about Risk Analyzer and so focused on Risk. Risk, after all, is the key.

The amount of news generated around attacks in 2011 has been overwhelming. In just the last week, the reports around SCADA based attacks have reached almost histrionic levels. Attacks on NASA, AT&T & VCU have all been highlighted this month as well. Despite the fact that companies will spend over $8 billion dollars on network security this year, hackers continue to successfully breach networks with an alarming regularity.

In an article on APT’s  posted on Dark Reading  yesterday, Sean Brady from RSA had an interesting quote. He said “Identifying the entry point — where an attacker got into a company’s network — is a key aspect of identifying and responding to an advanced attack”. At Firemon, we couldn’t agree more. However, we would also ask why wait until you’ve been attacked to discover the entry point? Why not proactively find the entry point yourself? As clearly indicated by the attack coverage we’ve seen in the press this year, the attackers are actively looking to find the entry point into your network even as you read this post.

Firemon’s new Risk Analyzer technology is designed to proactively find the entry point into your network that can be exploited. Risk Analyzer will also identify where an attacker can pivot off that access point, and what other resources within your network can be compromised. Risk Analyzer will also prioritize what patched vulnerabilities can reduce the greatest amount of risk with the least amount of effort, helping to focus your organization’s remediation efforts. Don’t be the last to discover the entry points that are exposed in your network; he who finds the entry point first wins.

I read a quick blog post this morning from Rick Holland at Forrester. In fact, part of my title is borrowed from a line in his post. As security professionals, I think it is important to recognize that despite our best efforts, many of the network security controls that have been deployed have still failed to prevent breeches and attacks from occurring. Holland along with John Kindervag have published a new report called “Planning for Failure”. They note that this years headlines have not been encouraging for the security world, as evidenced yet again yesterday by the Steam website hack and the take down of Estonian hackers in Operation Ghost Click.

The deluge of news around breeches and incidents that have occurred this year should not cause us to throw our arms up and head for the exits. It should ultimately galvanize those of us in the security world to be more proactive about assessing the risk posture of our organizations, identifying the areas of weakness we have, and fixing them before an incident occurs. As Holland notes in his post “An ounce of preparation is worth a pound of remediation”. The full Planning for Failure report also stresses the importance of testing. We at Firemon could not agree more. Our new Risk Analyzer technology enables organizations to test their entire network topology, factoring in the network security controls that are in-place, and identify exactly where attackers could breach your network. Risk Analyzer will even highlight systems that are susceptible to client-side vulnerabilities that attackers could gain access to despite effective network security controls, and identifies where the attackers could further penetrate into the network by pivoting off these assets. Risk Analyzer’s patented analysis engine provides real-time analysis, and graphically shows you where in your topology you are vulnerable. Risk Analyzer also helps you to laser focus on what remediation steps will reduce the greatest amount of risk with the least amount of effort by providing a prioritized list of remediation actions, and allowing a user to virtually apply said patches, graphically showing the impact that remediation effort has on the networks risk posture.

We are excited to release Risk Analyzer this month, and believe it is the key part of a proactive testing process that all security organizations should implement as part of their overall Incident Management plan. Risk Analyzer will allow you to substantially reduce your risk posture, prioritize your remediation efforts, and to measure the effectiveness of the security controls you have put in place.

Lately, there has been a lot of discussion and interest on the blog around Firemon’s new Risk Analyzer product. While we are excited about bringing the fastest patented risk analysis and reduction engine to the market, we haven’t stopped developing new features in our flagship Security Manager product. The latest 5.3 release added support for both Palo Alto Networks Next Generation Firewall appliances and Fortinet firewall appliances, including support for Fortnet’s Virtual Domain (VDOM) technology. Firemon continues to be a customer focused organization, and we are excited to add support for these great products as requested by our customers.

We are also very excited about the future direction of Security Manager. Stay tuned for more updates around the integration of Risk Analyzer into Security Manager, and the awesome functionality that will provide organizations in proactively knowing what risks they could introduce when adding or changing firewall or network access rules. In a recent survey conducted by Ernst & Young, only 49% of respondents stated that their information security function is meeting the needs of the organization. The combination of Security Manager and Risk Analyzer enable any security group to quickly and easily know the status of their security posture, and to validate that their information security investment is in fact meeting the needs of the organization.

Disaster Recover (DR) and back up long ago became staples of a competent network and security strategy. Backing up databases, applications and data can be as simple as setting up a schedule or deploying a service to automate it for you.

Though, much like the mechanic who doesn’t take care of his own car, backing up security and network device configuration is often overlooked and falls between the cracks. It’s just as important to back up security and network devices as it is to back up applications and other data.

Wouldn’t it be great if there was a solution that was tailor-made for backing up security and network devices? Something purpose-built for firewalls, routers, switches, content filters and load balancers?  Now there is!

FireMon is happy to announce the newest member of the FireMon suite of enterprise security management solutions: we call it BackBox. It is purpose built for security and network devices. Scalable and secure, with extensive multi-vendor support, BackBox offers central and secure backups that are verified to make sure you have everything backed up that you would need to restore in case of an incident.

BackBox also offers real-time reporting with a live dashboard and a full DR implementation plan to follow when you need to activate it.

All of these are custom tailored to security and network devices. When these devices go down, time is money. You want something that is going to get those devices back up and running as quickly as possible!

Here is a list of some of the devices BackBox supports:

Check in soon for more BackBox updates!

Our very own president and CTO, Jody Brazil, was the guest this week on the Security.Exe podcast, hosted by security blogger/podcaster Alan (ashimmy) Shimel.  Jody is a returning guest to the show, having appeared several times over the years on the popular podcast.

In this episode, Jody talks about recent developments at FireMon including the forthcoming Risk Analyzer product line. Additionally, Jody and Alan talk about the general state of security and recent events in the security industry. The interview is about 20 minutes long and well worth listening to!

When FireMon announced that it had acquired Saperix Technologies and their patent pending, MIT Lincoln Labs developed, risk analysis technology, many people nodded their heads but didn’t really understand why we were so excited.

While risk analysis on its face sounds like a no brainer for an information security company, not everyone may be familiar with the use cases around this type of technology. Risk analysis is often not about eliminating risk. That is pretty much impossible. Risk analysis is more about managing risk to an acceptable level for your organizational needs.  

We wanted to give you three use cases to familiarize you with what can be accomplished with risk analysis. These use cases are general and apply to the broad category of risk analysis. In our next post, we’ll discuss how to calculate risk for an enterprise network so be sure to check back soon.

Here are three scenarios where risk analysis solves mission-critical issues:

1. Measuring Risk: How does one quantify risk? Of course, not all risks are created equal. Some risks represent greater risk (pun intended) than others. So how do we assign a value to risk, quantify it and compare multiple risks, which is essential in prioritizing risk reduction activities?

Risk analysis in general and FireMon’s Risk Analyzer in particular give executives insight into what their risks are, assigns prioritization scores to different risks and shows what remediation and other activities can reduce risk the most. This way, risk managers can decide how to use limited resources to get the “biggest bang for the buck” in reducing and managing risk.

2. Prioritize Vulnerabilities: Unfortunately, today’s networks are “target rich environments” with vulnerabilities often outstripping an organizations ability to cure them. In this type of situation, prioritizing which vulnerabilities to remediate first to reduce and manage risk is essential. While many vulnerability management solutions will assign priorities to vulnerabilities based on criticality of vulnerability and importance of the asset, these can be rather subjective. 

A risk analysis solution such as FireMon’s Risk Analyzer goes beyond the subjective and looks at other factors such as network configuration. Adding this additional level of context can drastically change the priority of remediation. Also, by analyzing which particular remediation will solve the greatest number of vulnerabilities again allows an organization to have greater insight and control of managing risk.

3. Preventing Attack Propagation: With blended attacks, advanced persistent attacks, spear phishing and other sophisticated attack techniques, often times the initial target of an attack is not the actual payday target of an attacker. Many times, intruders may first target a less-protected, non-critical asset on the network. However, once establishing the beachhead, the hackers use this “inside” base to then propagate an attack against other assets on the network. Because they are originating inside the network already, they are often invisible to perimeter defenses. Risk analysis can highlight how an attack can propagate through the network. Risk Analyzer can actually show graphical views of how an attack can propagate through a network and what paths it may take. In this case, forewarned is forearmed. Knowing how an attack may propagate, network admins can be on the lookout and thwart these dangerous attacks.

Hopefully this will give you a better idea of how important risk analysis is. Stay tuned for our next post where we’ll discuss how to calculate risk for an enterprise network.

Proactive, complete network attack simulation and risk measurement solution allowing you to assess the security of your most valuable assets.

When FireMon announced the acquisition of Saperix Technologies and their MIT- Lincoln Labs developed risk analysis technology, many in the market asked when they might see this technology find its way into the FireMon product line. At the time of the acquisition we weren’t in a position to give exact dates, but instead said “as soon as possible.”

Today we are still not in a position to give an exact date, but I’m happy to report that it will be sooner than later. In fact, we have already put up a page on our website that details some of the unique, exciting features that FireMon Risk Analyzer will have. Be sure to download the data sheet on the left-hand side of the web page for even more detail about this newest member of the FireMon Security Suite.

FireMon Risk Analyzer will join FireMon Security Manager and FireMon Policy Planner as part of this best-in-class suite.

We will be making more announcements about the upcoming release of FireMon Risk Analyzer very soon. You can subscribe and read about it here on our blog, or follow us on Twitter or Facebook to stay in the loop.

What we can tell you is that this is a game changer for both FireMon and the security management space. If you’re interested in finding out more now you can contact sales@firemon.com to speak with someone from our team.

I guess what they say about “what is old is new again” really is true, at least in the world of security marketing anyway.

More than 10 years ago when we first started developing FireMon, one of the core features that we thought any solution in firewall and policy management had to have was real time detection and management. Over the ensuing years, as we layered more and more functionality into FireMon, we have never swayed from that core belief and so real-time detection and management remain in the product today.

After pioneering the firewall management and policy management space ourselves for a time, about 4 or so years ago a few new kids on the block came into the market. While it would be nice to keep a market all for yourself, competition is inevitable and in some ways we welcomed it here at FireMon because it would drive to us to be an even better product and company.

One of the quirks that we noticed with some of the competition is that they did not seem to subscribe to the real time mantra. Instead they used a polling technology that didn’t give you the detection in a real-time mode. Frankly, we thought this was probably a mistake and it would be only a matter of time until they realized that real-time detection and management was a must.

Well, it only took them 4 or so years and now at least one of our competitors is touting “real-time detection.” We say, “real time”? It’s about time!

But that’s not the point I’m actually trying to make. At a time (no pun intended) when the security industry as a whole is being tagged for a lack of innovation, this type of me too technology being touted as something revolutionary just adds to the “innovation is dead” talk. It is cheap marketing at its worse to hold this up as something new when in fact it has been in the market already for years.

Our customers, the security industry and the media deserve better. Instead of rehashing old technology with a new marketing twist, we should be really innovating to better serve the market and make us all more secure.