Enabling Security Management at Scale
Twenty years ago, when firewall and security technologies were in their infancies, most organizations had only a handful of devices, usually from one vendor, and the number of rules per device (usually an on-premises firewall in one or two geographic locations) was relatively small.
As networks have gotten more sophisticated, the number of firewall devices and firewall vendors have increased dramatically. As a result, many companies are running multi-vendor security environments with, dozens if not hundreds or even thousands of devices. These devices can be physical or virtual and spread out over remote locations. All with tens of thousands, and in some cases millions of rules to manage. If the company’s security management system doesn’t properly keep up with these network dynamics, assessing the company’s security posture can be inconsistent, slow, and in many cases, inaccurate.
Effective security management requires the security team to be able to assess and make changes to the security environment evenly across the entire network. In other words, it should not be easier to perform analysis and reporting on one firewall vendor’s rule set versus another vendor’s rule set or from one area of country versus another.
Effective security management depends on the security management system’s ability to normalize all rule sets from all devices, wherever they are or whomever manufactures them and manage all policy workflows in a consistent, even manner. As devices are added to the network or environments shift from on-premises to the cloud, the ability to quickly and accurately assess the network’s security posture should not change.
The ability to effectively manage the rule base across the security network in a linear way is called scalability. As the network expands with more devices and features to meet business demands, the ability of security staff to use their security policy management system to accurately perform daily network assessments, investigations or compliance audits should not change.
When FireMon built the Security Manager platform, we knew that scalability was a requirement, not an afterthought. It is a fundamental building block of the system.
Scalability is built from the ground up. Due to our unique distributed architecture, our platform can reliably monitor, collect and analyze data in real-time from any large enterprise infrastructure without noticeable degradation of performance. A distributed architecture uses clustered application servers that are connected to distributed data collectors to monitor an unlimited number of end points (devices). This also permits the ability to localize collection near the monitored devices, reducing impact on WAN bandwidth in a customer environment.
Other vendors’ systems require deploying additional servers that are independent from each other. In other words, you have completely separate installations without a global, central system. Not only is that more complex than our distributed solution, it’s more expensive and severely limits your organization’s ability to gather qualitative data.
Today’s organizations need visibility into the complexity of their security architecture, and they need a solution that provides that and can keep up with speed of business and growing networks. Your network policy management systems isn’t scalable if it can’t provide the information you need when you need it.
Learn more about how we scale in our white paper “Intelligent Security Management: Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Exposure”