Firewall Policy Compliance – Continuous Monitoring

Nearly every organization faces significant IT security compliance demands regardless of industry, with the goal of ensuring that mandated controls are always in place and that assessments are being performed with proscribed regularity.

In addition to being a security best practice, continuous monitoring is one of the most common requirements of many compliance initiatives, including PCI DSS, HIPAA, SOX, NIST, and DISA. In future posts, we will cover how to address these requirements more specifically.

What is Continuous Monitoring?

Continuous monitoring is an important function to monitor rule sets and assess proposed rule changes against a set of checks that map to internal security policies, a set of industry compliance requirements or the subset of other regulations that incorporate controls on network access rules and how they’re managed.

Why is Continuous Monitoring Important?

Continuous monitoring is important for a number of reasons. For one, the more you understand about what’s happening in your environment,the more likely your company is to detect threats, which lead to breaches.

Second, accidents happen and sometimes a legit change causes more harm than good. However, if you only inspect these changes at the end of the day you very well could have opened or created a gap in security in the interim. Continuous monitoring will help you detect and understand these changes in real-time.

And finally, compliance initiatives. There is a reason why many compliance requirements either recommend or mandate continuous monitoring – it can single-handedly prevent a breach. Passing compliance regulations can often be seen as a pain or a hassle, but at the end of the day many of these requirements will help improve your security posture.

How FireMon Provides Continuous Monitoring

FireMon Security Manager and the Policy Planner module streamlines compliance auditing and validation processes by using automation to demonstrate that network access controls are in place at all times and are being tested frequently.

While existing compliance automation solutions may help confirm that appropriate configurations are in place in the network security device rules base, FireMon offers the ability to comprehensively analyze and report in real-time that all of those systems have been calibrated together to prevent access and maintain true critical asset protection.

Here are three key ways FireMon helps with continuous monitoring:

  • Real-time, uninterrupted visibility into current security device enforcement including logging of all configuration changes and recording all audit log details.
  • Ability to model and test the impact of all changes prior to implementation to ensure that they do not create additional IT risks, reducing time and increasing efficiency while fully documenting all changes for compliance purposes.
  • Continuous assessment of all security device configurations in real time, compared to detailed federal enforcement standards via a knowledge base of required criteria, allowing for audit of any device against those measures.