FireMon Security Manager 7.0 – Top 5 Additions




With any major product release there’s typically quite a bit to sound off about, but with the launch of FireMon Security Manager 7.0 platform and the introduction of its updated Policy Planner 3.0 module there’s so much to highlight that one could potentially go on for a long time.

So, in the interest of shedding some light on the most exciting and breakthrough additions in these new releases, let’s take a classic “Late Show”-style approach citing the “Top 5 New Capabilities of Security Manager 7.0”:

1. True Continuous Assessment: The Security Manager analysis engine and supporting features are the only solution that truly provide real-time visibility across all network security device infrastructure. With even greater levels of automation including an updated library of proven assessments, proactive “what-if” change modeling, historical trend analysis to chart improving performance and the scalability to analyze enterprise infrastructure in seconds, FireMon has once again upped the ante.

2. Expanded Assessment and Controls: Striking at the lifeblood of how customers benefit from Security Manager’s automated assessment approach, the 7.0 release introduces major advancement including trending, whitelisting and an out-of-the-box library with over 100 pre-built controls and Best Practices assessments. The results? Faster analysis, greater policy and process retention and even greater ease-of-use – all with a high degree of customization – based on FireMon’s years of experience working with customers.

3. Standardized Policy Workflow: Policy Planner 3.0 delivers full support for the BPMN 2.0 workflow standard, allowing even more consistent policy design, evolution and management, and allowing direct integration with existing BPM systems and processes. More fuel to the FireMon flame of providing enterprise ready, time saving and closed-loop methodology; look here to see who else supports BPMN 2.0.

4. Added MSSP capabilities: While other vendors merely pass off their solutions to MSSPs, FireMon continues to add purpose-build capabilities for our many managed service provider customers, including support for organizational domains and LDAP authorization. Instead of handing-off an existing solution and merely saying good luck, FireMon continues to make the investments that drive increased ROI for MSSPs of all kinds.

5. New Device Support: The more network security devices that Security Manager provides direct integration with, the more powerful the results. This time around additions include newly released products from leading providers including Cisco (ASA 9.1), Palo Alto Networks (Panorama) and Qualys (QualysGuard VM) as well as support for device infrastructure popular in APAC (AhnLabs, Hillstone, Huawei, SECUI) and other regions, making the FireMon platform the most truly comprehensive and globally relevant on the market.

So there you have it, and honestly that’s just a quick peek at all of the extraordinary goodness and highly differentiated capabilities delivered in the FireMon Security Manager 7.0 platform. There’s no other product available that spans the full gamut of assessment and reporting needs required by today’s enterprise organizations and large government agencies.

Am I biased? Sure, but I’ve also been around this market long enough to know who is stretching the truth and how FireMon can truly back all its claims.

If you’re unwilling to take my word for it, why not sign up for a demo of FireMon Security Manager 7.0 today and you see how well it works for yourself.

FireMon Security Manager 7.0 – Top 5 Additions




With any major product release there’s typically quite a bit to sound off about, but with the launch of FireMon Security Manager 7.0 platform and the introduction of its updated Policy Planner 3.0 module there’s so much to highlight that one could potentially go on for a long time.

So, in the interest of shedding some light on the most exciting and breakthrough additions in these new releases, let’s take a classic “Late Show”-style approach citing the “Top 5 New Capabilities of Security Manager 7.0”:

1. True Continuous Assessment: The Security Manager analysis engine and supporting features are the only solution that truly provide real-time visibility across all network security device infrastructure. With even greater levels of automation including an updated library of proven assessments, proactive “what-if” change modeling, historical trend analysis to chart improving performance and the scalability to analyze enterprise infrastructure in seconds, FireMon has once again upped the ante.

2. Expanded Assessment and Controls: Striking at the lifeblood of how customers benefit from Security Manager’s automated assessment approach, the 7.0 release introduces major advancement including trending, whitelisting and an out-of-the-box library with over 100 pre-built controls and Best Practices assessments. The results? Faster analysis, greater policy and process retention and even greater ease-of-use – all with a high degree of customization – based on FireMon’s years of experience working with customers.

3. Standardized Policy Workflow: Policy Planner 3.0 delivers full support for the BPMN 2.0 workflow standard, allowing even more consistent policy design, evolution and management, and allowing direct integration with existing BPM systems and processes. More fuel to the FireMon flame of providing enterprise ready, time saving and closed-loop methodology; look here to see who else supports BPMN 2.0.

4. Added MSSP capabilities: While other vendors merely pass off their solutions to MSSPs, FireMon continues to add purpose-build capabilities for our many managed service provider customers, including support for organizational domains and LDAP authorization. Instead of handing-off an existing solution and merely saying good luck, FireMon continues to make the investments that drive increased ROI for MSSPs of all kinds.

5. New Device Support: The more network security devices that Security Manager provides direct integration with, the more powerful the results. This time around additions include newly released products from leading providers including Cisco (ASA 9.1), Palo Alto Networks (Panorama) and Qualys (QualysGuard VM) as well as support for device infrastructure popular in APAC (AhnLabs, Hillstone, Huawei, SECUI) and other regions, making the FireMon platform the most truly comprehensive and globally relevant on the market.

So there you have it, and honestly that’s just a quick peek at all of the extraordinary goodness and highly differentiated capabilities delivered in the FireMon Security Manager 7.0 platform. There’s no other product available that spans the full gamut of assessment and reporting needs required by today’s enterprise organizations and large government agencies.

Am I biased? Sure, but I’ve also been around this market long enough to know who is stretching the truth and how FireMon can truly back all its claims.

If you’re unwilling to take my word for it, why not sign up for a demo of FireMon Security Manager 7.0 today and you see how well it works for yourself.

Real-World Breach Shows Prioritizing Vulnerabilities Matters




Over at Krebs on Security, a rare but fascinating look into the monetary and brand reputation effects a real-world breach can have on a corporation were outlined last week in the fascinating post “FDIC: 2011 FIS Breach Worse Than Reported“. The post provides an in-depth review of the impact of the 2011 breach at FIS in which FIS originally stated ““7,170 prepaid accounts may have been at risk and that three individual cardholders’ non-public information may have been disclosed as a result of the unauthorized activities” in their original filing with the SEC. The article provided two very interesting insights. First, there are truly real-word financial and brand consequences in failing to effectively implement network security controls. Kreb’s article provides an in-depth look at the results of the FDIC audits performed at FIS in 2011 and 2012 as a result of the original breach incident. What was interesting to learn is that as FIS is a service provider to banks and not actually a bank, the FDIC is unable to levy fines against it or shut it down directly. However, in May of this year, the FDIC sent the results of its audits to all of FIS’s customers, as the post highlights with a letter attached that began “We are sending you this report for your evaluation and consideration in managing your vendor relationship with FIS.” The FDIC made this decision despite the fact that FIS has spent over $100 million dollars in trying to shore up their network security controls. This will obviously have some negative brand and revenue impact for FIS as the result of the FDIC actions.

The second interesting point within the post was the details around the environment FIS was attempting to secure, and the amount of vulnerabilities they were dealing with. Portions of the FDIC report that were noted in the post showed that FIS was dealing with “approximately 30,000 servers and operating systems, another 30,000 network devices, over 40,000 workstations, 50,000 network circuits, and 28 mainframes running 80 LPARs”. The post also highlights that “The Executive Summary Scan reports from November 2012 show 18,747 network vulnerabilities and over 291 application vulnerabilities as past due”. While 18,747 vulnerabilities identified in a scan might seem like a lot, it is not uncommon in a network of this size and scope. Many FireMon customers have seen scan results with an even greater amount of identified vulnerabilities. The challenge when faced with this amount of vulnerabilities is knowing which ones truly matter. Out of 18,000+ vulnerabilities, how would you know which ones to remediate first? Attempting to manually sort through the vulnerabilities or simply patching the highest value assets doesn’t actually solve the problem. An automated, intelligent and continuous real-time assessment of the vulnerabilities that shows what assets are truly reachable over the network by an attacker, and which remediation efforts will reduce the greatest amount risk (and access)  is the only way to proactively solve this problem.

Chinese Hack of US Weapons Designs Emphasizes Need for Proactive Risk Posture




Citing a report prepared for the Defense Department by the Defense Science Board, the Washington Post published an article today highlighting  attacks from Chinese cyber-spies that compromised US Weapons systems designs. The Post noted that the attacks exposed “programs critical to U.S. missile defenses and combat aircraft and ships.” The article specifically noted that “the advanced Patriot missile system, known as PAC-3; an Army system for shooting down ballistic missiles, known as the Terminal High Altitude Area Defense, or THAAD; and the Navy’s Aegis ballistic-missile defense system” were compromised, as well as “vital combat aircraft and ships, including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship”.

The Post’s article does not specifically cover how the designs were stolen, what methods were used to attack networks, and whether these were attacks aimed at US Government networks or defense contractors, although anonymous U.S. officials cited in the article “said senior U.S. defense and diplomatic officials presented the Chinese with case studies detailing the evidence of major intrusions into U.S. companies, including defense contractors.” The article also noted that a recent National Intelligence Estimate noted that “that China was by far the most active country in stealing intellectual property from U.S. companies”. This comes on top of Mandiant’s Intelligence Center Report earlier this year detailing the activities of APT1, a China based cyber-espionage group believed to be a unit in the People’s Liberation Army (PLA).

While the Cyber-warfare term has been hyped quite extensively and sometimes disingenuously within the information security community, these reports highlight that there are certain cyber threat actors today that are actively engaged in target specific attacks to gain information from networks. Without full details of how the attacks were executed, one can only speculate that the attackers discovered exploitable vulnerabilities within the network to gain access to and ultimately extract this data. It is yet further evidence that a reactive information security stance ultimately will not protect an organization from a dedicated attacker. To truly secure our networks, we as security practitioners must proactively identify the vulnerable system(s) on our network that could lead to a breach before the attackers do, and prioritize our remediation efforts around the systems the pose the greatest risk to attack. Furthermore, to ensure ongoing security, security practitioners must be able to know in advance if proposed network or security changes will introduce or expose systems to further risk or breach from attackers and remediate these exposures before the change is committed. We have discussed this topic many times here on the FireMon blog, and pointed out that the technology to enable a Risk-based security posture is already available. While many Federal officials have called for an expedited adoption rate around a proactive risk policy, articles like the one today in the Washington Post show that those calls are not being heeded fast enough.

Government Breaches Reinforce Need for Proactive Risk Management




For those of you following the now almost daily headlines on cyber-security breaches occurring around the world, you probably saw the recent Department of Energy and Federal Reserve breaches. As Reuters noted in their article on the Federal Reserve breach, “The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product,” a Fed spokeswoman said. The Dark Reading article on the Department of Energy breach noted that the DOE planned to “implement a full remediation plan” once the full extent of the attack was known. The DOE continued by stating “The Department is also leading an aggressive effort to reduce the likelihood of these events occurring again. These efforts include leveraging the combined expertise and capabilities of the Department’s Joint Cybersecurity Coordination Center to address this incident, increasing monitoring across all of the Department’s networks and deploying specialized defense tools to protect sensitive assets.”

Both incidents reinforce the need for proactively in identifying what assets are at risk on your network versus reacting and patching after a breach has occurred. While the Department of Homeland Security announced the continuous monitoring initiative last year, the time frame for implementation clearly needs to be moved up. According to Govinfo Security, the Federal Government responded to 106,000 attacks in 2011. Clearly, the traditional approach of reacting to an attack and patching the vulnerability is not preventing future attacks.

All organizations, not just the Federal Government, need to become more proactive and find the potential exploits before the attackers do. We have discussed the need for this many times previously on this blog. Securosis continues to lead the call for more proactive solutions as well, advocating just a couple weeks ago for the merits of an Early Warning System. The technology is available now to address this need. It imperative for your network’s security to know what assets are truly at risk right now. If you don’t know the answer to that questions, chances are an attackers exploit might just answer it for you.

Enhanced by Zemanta

FireMon 6.1: Improving Operational and Risk Visibility for Enterprise Networks




FireMon announced the release of Security Manager version 6.1 yesterday. We are extremely excited about the new features and functionality that are a part of this release, which further extend FireMon’s unparalleled ability to strengthen both operational effectiveness and security posture. One feature that we are particularly keen on is the new Access Path Analysis (APA). Leveraging the patent-pending FireMon behavior analysis framework, IT personnel can both proactively predict and forensically record the flow of packets through network configurations and obtain detailed path analysis – including routes, interfaces, firewall and NAT rules that a packet encounters while traversing the network. Access Path Analysis uses the behavior of normal traffic as it traverses the network to understand what vectors and/or behaviors could allow malicious traffic to find critical assets. This allows more effective risk analysis and better informed remediation activities.

The 6.1 release includes additional features, including FireMon Insight, Device Packs and a new FireMon Query Language  (FMQL) API. FireMon Insight is a real-time dashboard of all your security configurations. Insight consumes the configurations of all major firewall vendors and presents data across all of them in a single, customizable dashboard. There is a critical need to transform configuration data into a usable form that can be quickly digested and acted upon. Insight enables security practitioners to quickly get the results of your queries even across hundreds of thousands of rules and millions of objects in multi-vendor environments. Turn those queries into meaningful, automatically generated security metrics in a matter of seconds. Device packs will enable FIreMon to add support for new devices quicker and not require an upgrade to Security Manager. The FMQL API will enable large organizations with a development staff or managed service providers to pull FireMon data and analysis into other systems. You can learn about all of these new features here, and read what Dark Reading wrote about the release as well.