Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!
My years of experience managing security programs, across a broad spectrum of industries, has given me a greater understanding of how technology and people both play a critical role in influencing the overall security posture of any organization.
There’s no question that one of the most significant challenges facing today’s IT and network security practitioners is the continued adoption of cloud-based services, along with the concurrent evolution of related networking methodologies including Software Defined Networking (SDN) and DevOps.
For those of you who followed the FireMon State of the Firewall Report released in March, you’ll recall that one of the key findings of our survey of 700+ respondents was that – contrary to some opinions – traditional network security infrastructure will play a significant role in emerging cloud, SDN and DevOps environments.
In fact, the “Emerging Paradigms” segment of the report found 87% of respondents attesting that traditional or NGFW devices currently play a valuable role in securing virtualized environments. Another 60% indicated that those mechanisms already play a valuable role in securing cloud platforms.
One of the related issues that we’ve heard from analysts such as Gartner’s Greg Young is that many organizations have taken the all too familiar “adopt first, secure later” approach to the cloud. The most common scenario finds IT organizations spinning up instances to suit emerging business requirements, then deducing after the fact that additional security controls are required.
The involved work is typically acquitted slowly and piecemeal, based largely on a lack of dedicated funding. A good deal of effort goes into migration of existing network security infrastructure, and more importantly network security policies, to support cloud services.
This week, longtime industry analyst Jon Oltsik of Enterprise Security Group published additional research supporting these conclusions based on a survey of 150 IT security professionals about “challenges associated with enforcing security policies in public and private clouds.”
According to ESG’s survey, 32% of respondents said their organizations use multiple public/private cloud offerings and find it “difficult to coordinate security operations consistently across all areas.” Additionally, Oltsik notes that 31% of respondents believe “cloud computing exacerbates communications and collaboration problems” between operations and other IT groups.
Other key findings identify issues applying existing security policies to the cloud, troubleshooting cloud security problems and managing security controls that span both physical and cloud-based infrastructure.
The fact is, when you add it all up, a set of complex security management issues related to the evolution of networking is rapidly formalizing, and organizations are struggling to address them. At FireMon, we’ve not only encountered this in our research, but more importantly among our customers, mostly large enterprises.
As this scenario plays out, more effective best practices and technological solutions will clearly need to emerge as well. We’re already moving to address that opportunity, as evidenced by FireMon’s support for Amazon AWS and OpenStack Icehouse.
The new FireMon security architecture group is also working actively to help push our solutions ahead of the curve so that we’re there to support customer use of these rapidly maturing networking paradigms and the inherent security management issues they create.
And we’re just getting started on the next State of the Firewall Report which will seek to further outline many of these trends. If you have specific issues you’d like to see covered, .
So you’ve purchased a new firewall. Now what?
You’ve got to decide which access is allowed, which isn’t allowed and whether or not rules are compliant with internal and regulatory standards.
Things are running along smoothly and then the dreaded “change.” A user submits a new access request and the fun begins. Is this access necessary? Safe? Compliant? And what happens when it’s time to retire unused rules?
How Effective Security Management Can Help Teams Cover the Exponentially Increasing Gap between Technology & the Resources Available to Manage It
Security teams today are under tremendous pressure due to the rising frequency and impact of breaches and a business that wants to move faster and faster. The answer to both of these challenges has always been to add more technology and staff resources.
However, each new technology added creates complexity. More rules are created and more data is generated. As networks continue to evolve, this complexity will only grow. And while staff resources may increase, they will never match the exponential growth of technology.
FireMon calls this phenomenon The Complexity Gap and has set out to help security teams close it.
Join us for this webinar with Frost & Sullivan where we’ll explore the causes of “The Gap” and how workforce multipliers such as intelligence and automation help staff manage their security more efficiently and more effectively.
En la actualidad, uno de los retos principales es preparar las redes de seguridad, no sólo para enfrentar las amenazas, sino también para enfrentar los cumplimientos. El día 26 de enero se publicó en el Diario Oficial la LEY GENERAL DE PROTECCIÓN DE DATOS PERSONALES EN POSESIÓN DE SUJETOS OBLIGADOS.
¿Está tu red preparada?
¿Cuentas con los procesos necesarios para el cumplimiento?
En esta era digital los datos personales de nuestros clientes y proveedores pasan por una red y se almacenan en una base de datos. Éstos, por ley, deben protegerse por medio de sistemas y procesos. Uno de los objetivos de esta ley es establecer las condiciones de tratamiento de datos personales y fomentar la cultura de protección.
La Ley de protección de datos es mucho más que un simple aviso de privacidad; esta ley describe derechos y obligaciones que de incumplirse pueden ser penalizados. Asiste a este Webinar para conocer más y prepararte. Te mostraremos:
In the fall of 2016, we sought the answer to a very simple question: What benefits do users who have a firewall management tool deployed with their firewalls see over nonusers? To find out, we commissioned Forrester Consulting to survey 188 IT security decision makers.
In their study, “Automate Zero Trust Policy & Enforcement,” Forrester Consulting found that organizations with firewall auditing and configuration tools realize more benefits that those without, including:
In this webinar, guest Speaker Josh Zelonis, Senior Analyst with Forrester, will review and discuss the results of the study with FireMon CTO Paul Calatayud who will bring his own experiences and best practices for deploying firewall management tools to improve productivity and reduce risk.
Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Risk Exposure
Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.