You’re in business because you can do something better and more efficiently than
your customer can do it. And you keep your customers because you can prove it. So
when it comes to managing firewalls, don’t just tell your customers that their firewalls
are configured correctly. Show them.
Security Manager provides the tools that you need to maximize operational efficiency
and provide the visibility that customers need to stay confident in your services.
Security Manager’s distributed architecture, inherited permissions model and policy
optimization features help your team work smarter. And the traffic analysis, automated
compliance assessments, and on-demand change reports in Security Manager provide
your customers with management transparency and accountability.
Distributed System
The Security Manager solution meets the unique challenges of an MSSP with a distributed
data collection architecture that collects device configuration and log data, and
sends that data back to the central application server for analysis and storage.
This architecture offers flexible deployment options and can scale to manage thousands
of devices.
Permissions Model
One Security Manager application server can support hundreds of monitored devices
across multiple customers. And while you can see all monitored devices on one screen,
your customers shouldn’t be able to. With Security Manager’s inherited permissions
model, you can be sure that each customer has visibility to only his devices and
has the appropriate levels of functionality.
Assign permissions easily by grouping devices into logical segments based on your
user base. Then, grant viewing and reporting permissions in just a couple of clicks.
Change Reporting
Security Manager’s Change Reports precisely identify changes between two configurations
or several configurations over time. They also include rule-level documentation
so that each change can be traced back to a change request, a business owner and
an approver. With Change Reports, customers have insight into how their requests
are being appropriately implemented. And the Security Manager Audit Log provides
incremental policy comparisons at the rule and object level so that with a quick
glance, you’ll see that your change was made and documented.
Workflow and Documentation
The Security Manager Rule Documentation feature retrieves documentation about the
rule, including business owner, expiration date and approver. This data is automatically
and permanently associated with the rule in Security Manager so that you can report
on why and where access is allowed.
FireMon’s Policy Planner module helps you gather customer change requests, design
firewall changes, and verify that the changes are correctly implemented. Policy
Planner can be deployed as a stand-alone system, or it can be integrated with existing
change management systems like Remedy or ticketing systems like JIRA. Policy Planner
and Rule Documentation help ensure that configuration changes are effectively designed,
correctly implemented and completely documented.
Web Portal Integration
In addition to the Security Manager GUI Client, Security Manager offers an API and
pre-built portal applets designed for integration with MSS portals. The portal supports
single sign-on authentication, and is built on the Security Manager permissions
model for controlled access so that you can provide — or limit — visibility to published
reports.
Traditional requirements like device inventory, configuration viewing and change
reports are readily available from the framework, and the open API allows for rapid
and flexible customization. Additionally, the framework provides easy customization
of the look and feel of the applets, along with branding of the reports.