FireMon
Policy Optimizer
Automate workflows to review and recertify existing firewall and cloud security group rules
Rules Change. Maintaining Compliance Can’t.
Maintaining and removing policies rarely receives as much attention as their creation. Old policies clutter the network with expired, unused, and overly permissive rules expanding the threat surface. This sends security impacts rippling across the organization and makes meeting compliance standards nearly impossible.
Policy Optimizer for FireMon Security Manager
The Policy Optimizer module for Security Manager provides automatic workflow management to review then recertify or decertify existing firewall rules in accordance with compliance, business, or security policies. Using event-based triggers or search query results generated within Security Manager, Policy Optimizer automatically creates then sends tickets to policy owners to take action.
- Continuous compliance by ensuring existing rules are reviewed regularly and when violations occur
- Streamlined and accurate compliance audits with historical documentation on all rule certifications
- Automated PCI DSS 3.2.1 compliance for requirement 1.1.7
- Rapid and more accurate rule reviews with integration into existing business processes
There is a list of built-in compliance controls that are missing in the competition.
Gives you an enterprise dashboard with percentages that you can drill down to the devices - as the rules are constantly changing to fit business needs this helps reduce security flaws a human will miss.
With FireMon, we are able to continually audit our firewalls and flag any issues that would cause a problem with a security audit.
FireMon does a great job in validating firewall policies against our regulatory requirements and in the utility business there is a lot of regulation to comply to. I think this is a great strength because it's getting harder and harder to follow-up on all regulation that applies.
After identifying which firewalls and rulesets are in scope, producing a report artifact to satisfy PCI requirements on firewall reviews is literally a two-click operation
A flexible interface allows for granular information to be generated, exported, and manipulated. Want to export a list of expired rules? Done. Rules that allow traffic but don't have logging enabled? Done. Find a change that took place outside of your change window and identify who's manager to speak to? Done.
Previous
Next
Policy Optimizer Features
Add a header to begin generating the table of contents
Automatic Ticket Creation and Routing
Flexible workflows that can be adapted to nearly any business process.
- Event-based triggers including policy violations, rule expiration dates, dormancy over time, control failures, and periodically scheduled reviews
- Send rule search query results from Security Manager to create new workflows
- Rules automatically assigned to owner by email with relevant attachments for review and treatment
- Highly customizable workflows can be tailored to business or regulatory requirements
Rule Treatment Options
Allow each rule owner to select how each rule should be processed.
- Certify rules to keep active
- Decertify rules that need to be revised or decommissioned
- Automate rule decommissioning when used with Policy Planner
Centralized Audit Tracking
A single source of truth for security policies across the entire environment.
- Audit trails automatically register all actions performed on the rule over time
- Details on review stage, reviewer, start/end dates, completion, and duration captured for each ticket
- Tamper-proof audit data ensures accurate compliance reporting
Administration and Reporting
Complete suite of tools to manage the entire policy recertification process.
- Easy-to-understand dashboard of all workflows in progress
- Color-coded severity to prioritize mitigation
- Find any Policy Optimizer ticket quickly using FireMon’s SIQL search tools
- Role-based workflow permissions
Use
Cases
- Rule Recertification Workflows
- Centralized Audit Trails
Data Sheet
FireMon Policy Optimizer Datasheet
Automate policy change review processes and streamline rule justification and clean-up efforts to optimize performance and ensure continuous compliance with industry regulations and best practices.
Trusted by the Global 2000
Deemed critical to National Security
by the United States Treasury
by the United States Treasury
Learn more about Policy Optimizer
Get 9X Better
See how to get:
90% Efficiency Gain by automating firewall support operations
90%+ Faster time to globally block malicious actors to a new line
90% Reduction in FTE hours to implement firewalls