Posts Tagged ‘Risk Analyzer’

In our first post on accurately measuring & scoring risk, we examined the holistic network approach many enterprises take around managing risk. This approach is to run vulnerability scanners against parts of their network or the network in its entirety at some predetermined interval. In both cases, scans are run, vulnerabilities are identified and possibly prioritized based on asset value, patching activities are scheduled over the next month or quarter, and the event repeats itself. As we noted, this approach over-simplifies the complex task of risk, as different threats and different assets define different risks.

The answer to this dynamic risk challenge is clear. Organizations need to operationalize risk into their daily security activities, and not make risk management simply a set event that occurs at predetermined intervals. As changes occur to the organizations risk posture based off of the business activities noted in our last post, or larger corporate events such as M&A or moving to the cloud, security organizations need to be able to dynamically and easily analyze this change to their risk posture in real time. To effectively do so, a tool that provides the ability to create different risk scenarios is required. Scenarios enable an organization to address each different threat to their assets as changes occur.

In the previous post, we provided the example of a business unit requesting VPN access to a new business partner after the predetermined scan had already been run. Leveraging a tool that provides the ability to create different risk scenarios, the security team would be able to create a new scenario to identify the new connectivity from the business partner into their network. To truly be effective, the tool would not only need to be able to identify this new connection, but have the contextual awareness of the firewall policy, network topology and any other network security devices that might be traversed between the front and back end systems involved in this new connectivity to accurately identify any potential vulnerabilities that are introduced from this new partnership.

FireMon Risk Analyzer is just that tool. Risk Analyzer enables administrators to create different scenarios: VPN connectivity to new business partners, connectivity to a cloud provider, a new data center coming online. Combined with Risk Analyzer’s full network topology and security policy awareness (which can be continually updated in real time via FireMon Security Manager), end users are able to identify new risk scenarios, proactively identify the new risk introduced from the scenario, and virtually apply remediation to ensure that the most effective remediation is completed with the least amount of effort. Multiple scenarios can be created as different threats or business events are identified, and as changes occur to the configuration or connectivity within the scenarios, end users can easily and immediately re-run the scenario within Risk Analyzer to asses how these changes affect the true risk posture of the organization. Risk Scenarios enable organizations to achieve the goal of operationalizing risk into their everyday activity.

Today at the Juniper Networks Global Partner Conference, FireMon was honored to be invited to participate in the keynote address. FireMon’s President & CTO, Jody Brazil, joined Juniper’s CEO Kevin Johnson to demonstrate FireMon Risk Analyzer running on Junos Space. We at FireMon are thrilled to be partnering so closely with Juniper. The Space platform represents a significant development in terms of network programability and extensibility. FireMon Risk Analyzer leverages the rich real time configuration data provided by Junos Space to maintain the most accurate and update network topology within Risk Analyzer. FireMon also announced that while the current release of Risk Analyzer supports hooks into space, the release of Junos Space 12.1 would see the release of Risk Analyzer running natively within Junos Space. FireMon and Juniper will continue to work closely together to create the most accurate and real time risk analysis and remediation tool for Juniper environments, with many more exciting developments to come throughout the year.

Image by Highways Agency via Flickr

The second key element in enterprise network risk analysis is speed. I mentioned in my last post the presentation I gave at the United Security Summit. In that presentation, I compared network risk analysis to automobile traffic engineering and the challenge of reducing or eliminating congestion on a given highway. I highlighted the Active Traffic Management (ATM) system that was originally deployed in 2005 in the United Kingdom on a 17km stretch of M42. There are a number of parallels between the ATM and what constitutes an effective enterprise risk analysis and reduction tool.

The UK has had an 80% increase in traffic since 1980, with only a 10% increase in their road capacity. They needed a solution that provided the full context of all factors that lead to congestion on a given stretch of highway, much like in network risk analysis we need the full context of the network topology and the network security controls in place to truly determine the given risk posture of any enterprise. The ATM on this 17km stretch of M42 has over 500km of cabling and sensors deployed, along with 300 CCTV cameras and 50 gantries with computer controlled signage. All of this information is fed back to a central control center, where traffic engineers leverage software algorithms to process all incoming data. The system then provides a prioritized list of actions the traffic engineers can take to reduce congestion and in the first 6 months of deployment increased capacity on this stretch of M42 by 10% and reduced transit times by 34%. With the amount of data generated by all of the wiring and sensors, no human could simply look at a raw listing of data and decide what are the 2 or 3 best steps to take to reduce congestion. The ATM automates the process of processing this data, and provides the recommendations in real-time. If an accident occurs at kilometer 14, the ATM can recommend that the traffic engineers change the speed on the gantries at kilometer 2 by 40 km/hour in order to ensure traffic doesn’t come to a complete standstill and increase the possibility of additional accidents and further congestion. This recommendation is made as soon as the problem is detected. It would not be effective if the ATM algorithms took hours to decide that the speed needed be reduced to alleviate congestion; the entire 17km of highway would be stopped by then.

Similarly in Enterprise Network Risk Analysis and Remediation, you need a tool that scales to process all of the data related to the network topology and the associated vulnerabilities, and provides the prioritized steps that reduce the greatest amount of risk with the least amount of effort in the fastest possible time. Tools that take hours or even days to process the data and produce a recommendation are like an Active Traffic Management system that takes hours to provide a recommendation. By that point, with the ever-growing and persistent threats that we face in enterprise security today, an attacker could have already exploited a resource in your environment and subsequently pivoted from that resource to exploit other parts of your network. Firemon’s new Risk Analyzer is able to scale to support the largest enterprise environments in the world, having been deployed for the past 4 years in the largest United States DOD and Intelligence networks. Risk Analyzer’s patented analysis engine processes all data in seconds, producing a prioritized list of remediation actions that allow organizations to know the exact steps that reduce the greatest amount of risk with the least amount of effort. Risk Analyzer has the full network context and real-time speed to enable any enterprise to significantly reduce their risk posture and ensure their security investment in both technology and people is being utilized as effectively as possible.

I was incredibly excited to join FireMon as the new Vice President of Business Development. After my first 30 days with the company, I can share that my excitement has only grown.  For my first posts on the blog, I wanted to share why I joined FireMon, and why I am so excited about the future.

FireMon was the first company to ever create a firewall change management tool. We invented the network security change management space. We were the first to introduce a graphical change report, rule usage information, policy test, traffic flow analysis, and many more features that are now the staple of the industry. In my career, I’ve always been drawn to companies that were innovators, and FireMon maintains that spirit of innovation at its core. FireMon continues to be the innovator with the acquisition of Saperix Technologies, which has become our Risk Analyzer product. Over the next few months, you will continue to hear about the dramatic innovations Risk Analyzer brings to the security optimization FireMon provides with its real-time risk analysis capabilities. In the zero day world we live in, enterprises can ill forward to use tools that take hours or days to tell them where their risks are. Risk Analyzer will provide real-time vulnerability analysis, and I am excited to debut the technology and some of the exciting technology partnerships we are building into the tool at the United Security Summit next month in San Francisco.

Risk Analyzer is a reflection of FireMon’s continued innovation. In part 2 of my post, I will share additional innovation being developed by FireMon, reflecting why FireMon provides the most complete suite of tools to optimize your enterprise security posture now.