FireMon Automation Revealed: Redefining the Possible

Don Closser

With well over 25 years in the IT security industry, I’ve never been more excited about a product announcement than the one FireMon released yesterday. Candidly, we believe that customers’ expectations for automation have been set too low. With FireMon Automation, we are redefining what is possible when it comes to automating security process management.

As a product guy, I’m sure I’d be expected to start with the “what.” But before we talk features, my enthusiasm is rooted in the problems we’re solving and outcomes we’re driving for our customers.

Why it Matters

Customers win when they have solutions that enable them to keep pace with the dynamic needs of their business. This fundamental belief has fueled our work over the last year, helping to shape our product development efforts at every turn. A shortage of skilled resources, vendor consolidation, increased focus on incident response, and migration to cloud, along with increased compliance requirements—these are business realities that are driving customers to seek automation solutions. In talking with our customers about these challenges, it became clear that there was a significant gap between what customers ultimately need and the automation solutions that are on the market today. With the announcement of FireMon Automation, the company is changing that.

What Is It?

FireMon Automation is a comprehensive set of policy automation management solutions driving the blueprint that enterprises need to apply smart security process automation.

FireMon Automation detects and computes dynamic environment changes and adjusts the policy accordingly based on the compliance requirements and as defined in templates, the golden rules and fast track access, with the appropriate guardrails. The system is also designed to automatically fix rogue out-of-band changes done at the device level, due to lack of knowledge, a change made directly from a firewall vendor console, or in cases of credential leaks and lateral movement in case of a breach.

Of course, automation isn’t something that you just “turn on.” FireMon Automation aligns security automation to meet enterprises where they are in their digital transformation initiative. By mapping to the current workflow and processes, FireMon gives customers the flexibility to automate at their own pace and confidence level.  FireMon is not proposing a ‘set-it-and-forget-it’ approach, rather, automation that allows customers to keep their hands on the wheel, and ultimately free up the resources of an already short-staffed team, to enable speed, lower risk and close the innovation gap.

Redefining Zero Touch Automation

Until now, “zero touch” has meant that policies can be automatically pushed and activated on all devices without having to go to different consoles or connect to individual enforcement devices. That’s a good start, but FireMon’s approach goes well beyond the asset level. We allow operators to define global as well as per-application access rules through abstraction, and the access rules define the intent.

For example, the application server can communicate with the database server on HTTPS, while abstracting the need to deal with zones and IP assignment management. We can also create best-practice Gold Standard guardrails such as “no FTP,” or “no SSH to devices not on the LAN.” We can also define the Fast Track applications or services. These are the routine changes IT teams would love to offload, like:

  • SSH from the engineering subnet to the network devices
  • Allow HTTPS to the web servers
  • Allow PostgreSQL to the database servers from the mid-tier servers
  • Allow NTP from the NTP server to any host on the LAN
  • Allow DNS requests from any host on the LAN to the DNS servers

While these actions aren’t an issue when only a handful of network devices are involved, they become a huge problem with tens or hundreds of assets and across a multi-platform environment. FireMon’s approach allows IT teams to be consistent at scale and is platform and vendor agnostic. At the same time, FireMon provides gold standard guardrails and fast track access to reduce the burden on the operator. We also provide the ability to retain supervisory control of policies. It’s the best of both worlds.

FireMon’s patent-pending Compute Engine enables FireMon Automation to be contextually aware of the environment, detect environmental network change, compute the current state and efficiently utilize the abstractions in order to immediately and continuously re-calibrate and deploy policy changes. The secret sauce is Continuous Adaptive Enforcement™ which allows policy management to continue after deployment.

Now, customers have a powerful and yet flexible approach to incorporate and grow their automation capabilities in a way that helps them close the gap between urgency and business—now and in the future.

So what are you waiting for? Check out this video.