Next-Generation Management for NGFW Policies

Jody Brazil

At FireMon, our core value lies in the intelligent interpretation of the configurations and events from devices on the network that apply policies. Understanding these concepts gives our customers a better picture of the true state of security in their environment. From that interpretation, we make specific recommendations to resolve issues that arise from normal operation of policy-based devices over time.

Speaking of policy and operations, over the last several years, many of our customers have migrated their firewall devices from traditional, stateful-inspection systems to devices with next-generation capabilities. This isn’t to say that they’ve all actually migrated to next-generation policies. With adoption of NGFWs, a whole new range of distinct capabilities exist, but we often continue to operate these devices with standard stateful-inspection policies – not fully leveraging the advanced security features that take management of network security to the proposed next-gen level.

This is where Security Manager 8.0 comes in. Regardless of the stage of your migration efforts – whether planned, initiated or completed – we can use next-gen-aware features to adapt policies and maximize the potential of these advanced devices.

A few examples of these capabilities include:

    • Policy Optimization – encompassing the cleanup and improvement of next-gen policies

    • NGFW Migration – evolving policies to account for and enable NGFW features

    • Applications Mapping – advancing policies to address specific policy items and/or flows

    FireMon’s insight into both the configured policy and, just as importantly, the policy that is actually in use – and yes, these are often two different things – allows you to optimize your next-gen configuration to match how you actually plan to utilize the firewall in your network.

    And once the next-generation firewall is in place, you can use FireMon’s Traffic Flow Analysis (TFA) feature to apply applications and user intelligence to these updated NGFW policies. This can be done either on a collection of security rules within your policy or based on a selection of source and destination networks. This can enable both firewall migration and policy conversion to an app-aware design.

    As it was highlighted in the State of the Firewall Report, the vast majority of organizations have already deployed some level of NGFW systems, though only a very few count NGFWs among the majority of their firewalls. This clearly points out that the importance of NGFW policy migration will continue to grow as a critical capability within security management.

    In a sense, FireMon Security Manager 8.0 represents the next-generation of management systems for network security device infrastructure based on its NGFW-specific capabilities. If you’re interested in seeing the product at work, just request an evaluation.