FireMon Policy Optimizer Module, released June 2014, automates key elements of the process necessary to adapt network security device policies to respond to changing conditions. Policy Optimizer dramatically advances the identification and improvement of troublesome firewall configurations in relation to emerging threats, evolving business demands and maturing compliance requirements, providing a centralized workflow allowing security teams to interact directly with other network access stakeholders, with integrated risk analysis.
Policy Optimizer supports complex, heterogeneous networks containing multiple firewall vendor technologies. The workflow is customizable to meet the needs of any organization. And with RESTful API’s exposed, integration into existing change management systems is natively supported.
POLICY OPTIMIZATION PROCESS MANAGEMENT
Transform security infrastructure management by automating the change review process, from rule analysis to policy modification, as well as recertification and documentation. View our video here:
INTELLIGENT POLICY REVIEW
Automatically generate requests for device policy and rule review to address changing security conditions affecting network access. Policy Review connects network security teams directly with those officials that initially requested access, unearthing hidden, shadowed or undocumented settings and validating that existing configurations do not allow overly permissive access. Common scenarios that Policy Review can assist with are:
- Access Risk Change: a large percentage of firewall policy settings are problematic or out-of-date. Quickly review and improve troublesome rules without affecting necessary services or existing standards compliance requirements.
- Rule Recertification: many industry standards such as PCI DSS require frequent review and recertification of related access policies. Directly align network security and compliance audit teams to analyze and validate all related rules and configurations.
- Best Practices Adoption: holistic improvement of overall network security infrastructure protection dramatically strengthens defenses and reduces breach exposure. Safely remove expired rules and those that introduce multiple control failures, or have been modified from their original purpose.
MULTI-FACTOR RULE REVIEW
Analyze every aspect of rule review, driven by real-world events, to identify control failures, understand usage and apply best practices for improving or removing access, when possible.
POLICY COMPLIANCE VALIDATION AND RULES RECERTIFICATION
Utilize a closed-loop workflow to ensure that network security compliance requirements are being met and advance the process of periodic rules recertification for standards including PCI DSS.
INTELLIGENT POLICY EDITING
Leverage a wide array of powerful tools to automate policy identification, analysis and editing, including dynamic search capabilities built around the proprietary FireMon Security Intelligence Query Language (SIQL) enabling full-scope evaluation, review and testing of device configurations.
EVENT DRIVEN RULE ENROLLMENT
Automatically identify those policies and rules that demand immediate analysis driven by real-world events, including time frame expiration, critical security control failure, periodic review or ad-hoc query; complemented by manual routing.
Easily change the built-in workflow to meet your custom needs. Because it is built on BPMN 2.0 task types, including forks, parallel paths, timers and notifications, you can build a workflow specific to your environment.
Integrate with existing change management systems seamlessly. Policy Planner supports many integration options and connection points throughout the change process. Supported change management systems include:
- HP Service Manager
- BMC Remedy
- Service Now
- Proprietary Systems
To learn more about Policy Optimizer, participate in an in-depth demonstration or see how its capabilities can drive measurable improvements in your own unique environment, click here for more information.