Demonstrating Continuous Compliance Across the Hybrid Enterprise

Change. The regulatory environment is always changing and staying on top of it with an IT landscape that is growing and evolving into hybrid cloud mishmashes is a daunting task.  In this two-part blog series, we intend to show you how with FireMon Security Manager and Lumeta you can not only get better visibility into the state of your security policy compliance but audit your security posture to ensure compliance as your environment changes.

FireMon helps you address the following:Enterprise security & compliance overview

  • Maintain continuous compliance with industry standards
  • Continuously monitor security enforcement point changes that could lead to unnecessary exposure, misconfiguration, unauthorized change and unacceptable risk
  • Generate detailed reports for all periodic assessments
  • Capture valuable policy documentation to meet compliance assessment requirements
  • Ensure that policy changes adhere to existing requirements
  • Recertify all mandated firewall rules and configurations
  • Identify threats and security holes in security policies that could be exploited by hackers
  • Help detect and mitigate security vulnerabilities
  • Provide actionable intelligence for remediation guidance

FireMon continuous compliance takes seconds with automated audit reporting and alerts

What does continuous compliance mean? With FireMon, continuous compliance takes seconds with automated audit reporting and alerts you when you start to drift. Only FireMon can offer continuous compliance, because it is the only solution with real-time monitoring, traffic flow analysis, and custom controls to give you a 360-view of the entire network.


Changes have moment by moment implications for security. With FireMon’s real-time monitoring you get to see what’s happening instantly, take corrective actions and continue to meet the security policies you’ve defined.

Traffic flow analysis monitors traffic patterns and assess their effects on your state of security. It’s not enough to have a well-written firewall rule, you need to see the result from rules, the traffic they produce and act when compliance with security controls drifts.

FireMon Security Manager delivers more than 350 preloaded controls – with the ability to customize and create your own – to mix and match to your specific compliance needs. Customized controls can work together in any combination, tailoring compliance for internal or regulatory standards including: PCI DSS 3.2, NERC CIP, Federal DHS CDM, NIST and many others. Security Manager is also pre-loaded with a number of assessments, like FireMon Best Practices, DISA STIG, NIST (SP) 800-41, PCI, Palo Alto Firewall Security Configuration, etc. The Security Concern Index (SCI) is a metric that provides an audit score so you can easily keep track of your compliance posture.

An assessment is a set of controls you assign to a device or devicegroup that notifies you when a change occurs in the device or device group. Instead of running an audit on each device or device group, assessments allow you to proactively monitor device trends.

Automatically review rules based on specific details 

You can assign one or more assessments to a device group. Once your assessment is assigned, Security Manager monitors the status of assigned devices against that assessment. You can set up email notifications to notify you when there is a change to a device or device group.

Security Manager also comes with a number of reports that can be used for compliance right out of the box. For example, Check Point users can access the Multi-Domain Report to receive granular results in the Multi-Domain Administrator audit check for a selected Check Point device. FireMon is continuous compliance, so we provide the Compliance and Assessment Report that provides continuous monitoring of a device or device group whereby a report is generated every time there is a change on the selected device.

The Control Report displays the single compliance control results against a device or device group.

The Control Report displays the single compliance control results against a device or device group. Security Manager also ensures PCI-DSS v3 validation with the PCI DSS Payment Card Industry Data Security Report.

This is just a snapshot of the reporting capabilities you get out-of-the-box with FireMon Security Manager.

Now you know why FireMon Security Manager is the defacto standard for network security policy management. Stay tuned, in our next review of compliance, we’ll detail the network-level discovery data and security auditing available in our Lumeta solution.


Special thanks to Director of Technical Services, Ron Miller and Knowledge & Instructional Content Manager, Mark Maxwell for their assistance with this post.

This is the first post in a series examining compliance. Read the second post here.

You May Also Like

Ransomware Attacks – The new normal?

Once again, the world is hit with another ransomware attack. Similar to the WannaCry Ransomware cyberattack last month, Petya is causing major pain among thousands of users, this time crippling banks and infrastructure in what cybersecurity experts called one of the most-devastating digital intrusions of its type. In fact, not

Read More >

Looking Forward to Seeing You at RSA 2022

RSA 2022 is almost here! I’m excited to see many of you face-to-face in just a few weeks in San Francisco. So much has changed at FireMon since RSAC in 2020, yet our core mission of protecting our customers is still true north. If you are attending RSA, I’d love

Read More >

Pragmatic Steps Toward Zero Trust

If you ask most security professionals to define zero trust, you’ll get an eye roll and an exasperated sigh. To many, it’s been little more than a marketing exercise—and let’s be honest: a lot of what we’re seen and heard about zero trust over the past decade has been more

Read More >