Automating Change Management

The Challenge: Move Fast, Stay Secure

With a more digital world, comes an explosion of changes. These changes must be implemented across all platforms - whether on-prem, cloud or hybrid – to get users access to the right technology. Most of these changes are still a manual process from request and design to commit and push.

Security teams are under pressure to balance business needs with security and compliance at warp speed. If an access request is denied, even for security reasons, it can stop everything in its tracks.

The Solution: FireMon Intelligent Policy Automation (IPA)

FireMon Intelligent Policy Automation (IPA) creates a standard, automated framework for change management that ensures an organization’s automation needs are met while reducing the overall risk posture.

END-TO-END ORCHESTRATION
Process Automation
Rule Automation
Compliance Automation
Push Automation
Mgmt. Automation
Request
Ticket
Integration
Design
Identity
Build
Review
What-If Analysis
Rule Scoring
Implement
Stage
Execute
Validate
Document
Assess
Manage

Collecting Access Requirements

  • Customizable ticket templates
  • Multiple ticket templates with unique workflows supported
  • Attachment support
  • Integration with enterprise ticketing systems

Designing the Rule

  • What devices would this traffic route across?
  • Does the access already exist?
  • Is there a rule that can be modified?
  • Does a new rule need to be created?
  • Where should the rule be placed?

Reviewing and Assessing the Rule

  • What controls will be violated if this rule is implemented?
  • What happens to compliance, risk, and complexity scores should this rule be implemented?
  • Automate review for low-risk rules

Enforcing the Rule

  • Manual or automated rule staging and implementation

Validating the Rule

  • Does the design match what was implemented?
  • Manual and auto verification supported
  • Documentation from original request added to our centralized rule documentation repository

Ongoing Monitoring of the Rule

  • Rule usage and traffic flow analysis
  • Change monitoring and alerting
  • Event triggers for rule review and recertification/removal
REMOVE / MODIFY RULE
Download the Infographic >>

The FireMon Difference

Performance At Scale - FireMon is the only solution with distributed architecture to truly scale with any enterprise. From a single console, you get total visibility into your network policies to improve any security posture.

Comprehensive Automation - FireMon is the only solution with end-to-end automation to help enterprises with speed and flexibility to improve network security. From policy design to implementation, automate your network policy management.

Real-Time Monitoring - FireMon is the only solution with true real-time monitoring. Our architecture doesn’t just take periodic polls from your security devices. It actively analyzes your environment in real-time, helping you make decisions with confidence.

Data-Driven Rule Analysis - FireMon is the only solution that takes the guesswork out of policy management with Traffic Flow Analysis. See what’s happening in real-time brings some intelligence to rule design.

Tailored Access for All Users - FireMon is the only solution that provides each user with customized views and relevant analysis. Security is a group effort, shouldn’t your reporting be tailored to each team member?



Put Security Changes on the Fast Track with FireMon IPA:

  • Make network changes in minutes instead of days
  • Remove risk with automated analysis
  • Avoid security and compliance violations
  • Customize automated workflows to integrate with your ITSM
  • Single-console, enterprise-wide control for network firewalls, SDN and cloud platforms
  • Automate access requests and provisioning in any environment (e.g., AWS, Check Point, Cisco, Fortinet, Juniper, Palo Alto Networks)
  • Take out human error and complexity
  • Automate your audit readiness with ongoing compliance checks
  • Automate change documentation
  • Automate provisioning and access, troubleshoot and remediate connection problems
  • Automate removal of redundant, unused and shadowed rules
  • Automate group objects and speed up modifications