EN 
Multi-vendor visibility across Palo Alto, Cisco, and cloud devices
Managed on a single platform
Professional Services required with out-of-the-box compliance reporting
The Challenge
After years of relying on an incumbent NSPM solution, this organization’s security team reached a breaking point. Their existing tool had failed to keep pace with Palo Alto device upgrades, leaving a significant portion of their environment invisible and unmanaged. Attempts to use the platform for change automation, a primary reason for the original purchase, never succeeded. And when it came to firewall object normalization and rule-level usage data, the solution simply could not deliver, making meaningful policy cleanup impossible.
The company sought to:
- Replace a failing NSPM solution that could not normalize Palo Alto devices or surface object-level rule usage for cleanup.
- Gain complete, real-time visibility across a hybrid environment spanning Cisco ASA/Firepower, Palo Alto, Meraki, and AWS.
- Automate PCI compliance reporting that previously consumed weeks of skilled staff time.
- Implement end-to-end change automation, from request through decommissioning, integrated with their existing workflows.
- Reduce policy bloat by identifying and removing unused, shadowed, and overly permissive rules.
The Solution
With FireMon in place, the organization replaced blind spots with complete multi-vendor visibility and transformed manual, error-prone processes into automated, continuous workflows, all without requiring professional services to configure core compliance capabilities.
- Delivered real-time visibility and policy normalization across all Palo Alto, Cisco ASA/Firepower, Meraki, and AWS environments, including devices the previous solution could not reach
- Native Illumio integration extended microsegmentation visibility within FireMon’s policy framework, supporting the organization’s broader zero trust initiative.
- Surfaced rule-level object usage data, enabling the team to identify and remove unused, risky, and redundant rules, the cleanup capability their prior solution could never provide.
- Automated the full change lifecycle, with request, design, review, implementation, and decommissioning, and pre- and post-deployment compliance checks eliminating manual handoffs and backlog.
- Out-of-the-box PCI compliance reporting replaced a weeks-long manual audit process with on-demand reports produced in minutes.
Our previous solution couldn't deliver on its promises. FireMon proved, time and time again, that they can do exactly what they say they can do, and then some.
Results
- Full visibility across the entire multi-vendor environment, including Palo Alto devices the previous solution could not support.
- PCI compliance reports produced in minutes, freeing skilled staff from weeks of manual audit preparation.
- End-to-end change automation eliminated rule backlogs, rework, and misconfiguration risk across hundreds of weekly change requests.
- Object-level rule usage data enabled systematic policy cleanup that had been unachievable with the previous NSPM solution.
- Foundation established for ServiceNow integration and Illumio microsegmentation expansion as the environment grows.