FireMon Policy Optimizer
As networks evolve and access requirements shift, security controls can become outdated, potentially compromising compliance and increasing risk. See how you can automate policy review to improve your security posture and achieve continuous compliance.
About Policy Optimizer
Policy Optimizer automates the change review process and streamlines rule justification and clean-up efforts to optimize performance and ensure continuous compliance with internal and external standards.
Automate Policy Review
Policy Optimizer automates the change review process to help you tame out-of-control, outdated or undocumented rules. You can assign review tasks based on existing properties and documentation, and streamline your workflows that fit your standard practices to document, recertify, decommission and report on every policy.
Review Event-Driven Rules
Policy Optimizer enables you to automatically identify rules that require immediate analysis based on real-world events. Event-driven rules are analyzed on criteria including time-frame expiration, critical security control failure, periodic review or ad-hoc query to determine the appropriate remediation.
Policy Optimizer enables you to customize the built-in workflow and integrate with your existing management systems (e.g. ServiceNow, BMC Remedy, etc.) to meet your unique requirements. When integrated with FireMon Policy Planner, Policy Optimizer can be extended to create change tickets for removable rules and invoke application-level recommendations.
Improve Performance and Best Practices
Policy Optimizer pulls detailed information regarding each reviewed rule with the option to approve or reject current rule configurations. You can work with your business teams to remove non-compliant rules that can impede firewall performance and cause service interruptions to establish a baseline for best practices.
Maintain Continuous Compliance
Policy Optimizer makes it easy to ensure your internal compliance effort, as well as external compliance with regulatory standards including PCI DSS, NERC-CIP, HIPAA and SOX. You can produce reports detailing rule review decisions for auditors, customize reports to suit your specific requirements and maintain a repository of change documentation.