We Heard You. An Agile Approach to Managing Network Security Policy

Satin H. Mirchandani

An Agile Approach to Managing Network Security Policy

Today we announced the industry’s first agile network security policy platform which marks both the delivery of core new features and a statement of our future direction. We believe these new features, along with a compelling roadmap, sets a new standard for NSPM and provides our customers with the capabilities they need to enable their businesses to move faster while staying secure. Enterprise security must manage complex and dynamic policies and processes on massively distributed hybrid networks all while keeping up with increasing demands for speed and innovation. And all this must happen while defending against an evolving threat landscape and an expanding attack surface.

Misconfigurations are the leading cause of breaches, compliance violations, and unplanned downtime. And it’s no wonder why IT organizations have often found themselves at odds with security. It’s also no mystery why many organizations have struggled to realize the full value of network security policy management platforms. I’m proud to say that FireMon has listened carefully to our customers and is evolving our platform to meet their needs for agility and flexibility.

Evolving Requirements for NSPM

Show Faster Time to Value – Current approaches to NSPM take too long to implement, often requiring significant customization delivered through long, costly professional services engagements. This results in slow time to value and high levels of frustration.

Simplify Integration – NSPM is increasingly a part of core workflows like IT Service Management (ITSM), Security Orchestration, Automation, and Response (SOAR), as well as DevOps and CI/CD pipelines. But while many approaches to NSPM offer integrations, they lack flexibility and ask the enterprise to modify their processes to use the tool rather than the opposite. In order to move faster, the enterprise needs the ability to inject whatever element of the NSPM platform they need at exactly the time they need it. Rigid workflows do not cut it. Software-Defined Security is the order of the day.

Visualize the Entire Environment – Enterprise networks are hybrid networks and will be for a very long time. The NSPM platform must allow security teams to easily visualize the entire network, including routing paths between cloud and on-premise assets. Blind spots open up new attack vectors and opportunities for compliance violations.

Normalize Policy Across the Estate – Policy doesn’t care whether enterprise assets are in the cloud or on-prem. The NSPM platform must make it easy for security teams to manage policy across all types of traditional firewalls and cloud-native security controls to cover all the different aspects of cloud security as well as supporting the increasing adoption of software-defined technologies like SASE and SD-WAN. Incomplete or piecemeal coverage is simply not enough.

New Capabilities Now Available

Unified Visibility Across Cloud and Firewall Policies
As enterprises increasingly move to hybrid environments, our customers have consistently told us that they’ve struggled to manage policy across on-prem and cloud environments. Because firewall and cloud constructs are fundamentally different, traditional NSPM solutions have treated these environments separately, offering either a cloud view or a firewall view with minimal integration between the two. This makes enterprise-wide policy normalization and management extremely difficult. FireMon solved this complicated problem and now offers a single, unified interface. Cloud constructs such as security groups are presented natively, even as policy is managed holistically across both cloud and on-prem environments, allowing disparate teams to easily coordinate and manage policy while seeing the environments exactly as they expect.

Customers have all the information they need to make fast, accurate decisions about their network security policies across their entire estate without the added risk of misconfigurations.

 

Integrate Anywhere with Orchestration APIs
FireMon offers the most robust and broadest set of APIs on the market, enabling customers to access virtually any function available through the UI. Our stateless API gives customers the ability to inject any NSPM capability at any point in their process in exactly the way they want to use it. Orchestration APIs may be accessed via code or Swagger UI. For customers who prefer to build their automation workflows using the FireMon platform, we offer policy management building blocks.

 

FireMon Tags
Customers can use tags to manage network security policies efficiently by associating meaningful metadata to their rules and objects and later use this metadata to identify matching rules or objects. This simplifies rule management and reduces the risk that something will be missed when making network or policy changes.

 

SD-WAN, SASE, and Firewall as a Service
With FireMon’s synthetic router framework, customers can integrate and manage a wide range of devices with no need to create custom scripts.

By enabling visibility within our single pane of glass to include SASE, FWaaS, and SD-WAN, Cisco ACI, and VMware NSX, FireMon customers can expose another layer of network abstraction and orchestrate policies accordingly along a common source of truth, further increasing agility. And now we are adding Zscaler, Palo Alto’s CloudGenix, and Cisco’s Viptela to further round out this support model.

The Future is Bright. And Agile.

While we’re proud of what this new release means for our customers, this is just the beginning. Look for a steady stream of new capabilities and integrations specifically designed to help our customers move faster, respond to change more easily, and support their core cloud and digital transformation initiatives.

If you have ideas on how we can better help your organization meet its NSPM needs, I’d love to talk. Reach out to me here: https://www.firemon.com/contact-us/