Introducing FireMon Policy Analyzer Learn More


Policy Optimizer

Automate workflows to review and recertify existing firewall and cloud security group rules

Rules Change. Maintaining Compliance Can’t.

Maintaining and removing policies rarely receives as much attention as their creation. Old policies clutter the network with expired, unused, and overly permissive rules expanding the threat surface. This sends security impacts rippling across the organization and makes meeting compliance standards nearly impossible.

Policy Optimizer for FireMon Security Manager

The Policy Optimizer module for Security Manager provides automatic workflow management to review then recertify or decertify existing firewall rules in accordance with compliance, business, or security policies. Using event-based triggers or search query results generated within Security Manager, Policy Optimizer automatically creates then sends tickets to policy owners to take action.

  • Continuous compliance by ensuring existing rules are reviewed regularly and when violations occur
  • Streamlined and accurate compliance audits with historical documentation on all rule certifications
  • Automated PCI DSS 3.2.1 compliance for requirement 1.1.7
  • Rapid and more accurate rule reviews with integration into existing business processes
Policy Optimizer Features
    Add a header to begin generating the table of contents

    Automatic Ticket Creation and Routing

    Flexible workflows that can be adapted to nearly any business process.

    • Event-based triggers including policy violations, rule expiration dates, dormancy over time, control failures, and periodically scheduled reviews
    • Send rule search query results from Security Manager to create new workflows
    • Rules automatically assigned to owner by email with relevant attachments for review and treatment
    • Highly customizable workflows can be tailored to business or regulatory requirements

    Rule Treatment Options

    Allow each rule owner to select how each rule should be processed.

    • Certify rules to keep active
    • Decertify rules that need to be revised or decommissioned
    • Automate rule decommissioning when used with Policy Planner

    Centralized Audit Tracking

    A single source of truth for security policies across the entire environment.

    • Audit trails automatically register all actions performed on the rule over time
    • Details on review stage, reviewer, start/end dates, completion, and duration captured for each ticket
    • Tamper-proof audit data ensures accurate compliance reporting

    Administration and Reporting

    Complete suite of tools to manage the entire policy recertification process.

    • Easy-to-understand dashboard of all workflows in progress
    • Color-coded severity to prioritize mitigation
    • Find any Policy Optimizer ticket quickly using FireMon’s SIQL search tools
    • Role-based workflow permissions


    Trusted by the Global 2000

    Deemed critical to National Security
    by the United States Treasury

    Learn more about Policy Optimizer

    Get 9X Better

    See how to get:

    90% Efficiency Gain by automating firewall support operations

    90%+ Faster time to globally block malicious actors to a new line

    90% Reduction in FTE hours to implement firewalls

    Schedule a Demo