New Continuous Assessment, Best Practice Models and Industry-First BPMN 2.0 Support Improve Ability to Visualize and Manage Changes in Security Posture OVERLAND PARK, Kan. — Feb. 20, 2013 FireMon
, the leading provider of security management and risk analysis solutions, today announced important new capabilities in Security Manager Version 7.0
that greatly improve organizational ability to identify, understand and manage changes in security posture – in real-time. The new capabilities apply best practice models from FireMon’s deep knowledge base in security infrastructure management, with increased automation, customization and analytical capabilities. As a result, customers can more rapidly and effectively identify, assess and prioritize configuration and compliance issues – and understand and address higher-level business risk. Organizations live in a constant state of change – from infrastructure evolution and device sprawl, to business and personnel upheaval. While point-in-time security and vulnerability assessments can provide a current snapshot of exposure, one employee addition/departure, a new VM or a change to a firewall rule can immediately render an assessment moot. To address this need for greater agility in security posture and risk assessment, the three main enhancements to Security Manager 7.0 include:
- Continuous Assessment – Offers active and continuous assessment of compliance and security posture to analyze and trend the effects of – and, if necessary, alert on – administrative and environmental changes in the enterprise.
- Best Practice Modeling – Moves from primarily device-centric to control-centric monitoring via prepackaged assessments from the FireMon knowledge base, or custom assessment definition. Provides a higher-level view of data for quicker, more comprehensive assessments and a better understanding of the implications of change over time.
- Business Process Standardization – The first security and policy management platform to support the latest version of the Object Management Group's (OMG) Business Process Model and Notation (BPMN) standard. Building on the BPMN 2.0 standard enables easy integration to existing business processes and solutions of FireMon’s powerful firewall tools such as rule recommendation and analysis.
Security and operational teams are stuck between a rock and a hard place, said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. On one side they face attackers that are highly skilled and automated, while the other side features a dynamic business environment where requirements for change are immediate and intolerant of extensive delays to accommodate security processes. Add in increasing external oversight and regulation, and the need for constant and granular monitoring of security state is imperative for security protection and risk management. Security Manager 7.0 represents the latest innovative step from FireMon over the past year to fuse risk and posture management and to increase the intelligence and awareness provided to customers. The company was the first in the market last year to fully integrate real-time risk analysis with configuration, policy and change management, and then expanded that with a greater ability to analyze and visualize the behavior of network traffic. The introduction of continuous assessment into Security Manager greatly enhances organizational ability to quickly and efficiently manage changes, assess configurations and measure associated risks in real-time. While the old adage of 'learn from your mistakes' holds true in every job, the implications of even minor mistakes in security can have far reaching consequences – and moreso the longer they go undetected, said Jody Brazil, president and CTO of FireMon. And dangerous mistakes aren't limited to misconfiguration. Small, even valid, changes can have unexpected and unpredictable cascading effects farther along a network path. Additionally, overt focus on previous device and configuration errors can create tunnel vision that prevents oversight of other devices. Our goal with 7.0 was to provide a continuous and real-time posture 'reality check' that prevents errors in oversight by continuously assessing the infrastructure based on best practices.
Improving Organizational Posture
Security Manager 7.0 is about taking the power, intelligence and insight of the platform, and making it more immediate and actionable for both security and operations staff. By adding best practice-driven, continuous assessment, customers have a prioritized, single pane view of up-to-the-minute security posture that calls out issues to be addressed and their relative criticality. Additionally, with historical trending, operational ability to more effectively visualize, benchmark and manage change is greatly improved. Leveraging FireMon's experience and expertise, the best practice knowledge base comprises a library of hundreds of assessment controls to evaluate device configurations and network access policies. Security Manager 7.0 comes with a set of predefined assessments evaluating devices and networks against best practice and standard compliance regulations, as well as the ability for customer-defined assessments. FireMon has further enhanced security and operations coordination with Policy Planner Version 3.0. It is the first product in the policy and risk management market to support the BPMN 2.0 standard, which has been adopted by industry leaders including Accenture, Capgemini, France Telecom, IBM, Oracle, Red Hat Software, SAP AG and Unisys. Enabling security management to be more easily integrated into business critical processes is vital for large organizations doing battle daily with deliberate and unintentional cyber attacks on their assets and information.
FireMon provides enterprises and government with security management software that gives them deeper visibility and tighter control over their network security infrastructure. The FireMon solution set - Security Manager, Policy Planner and Risk Analyzer - enables customers to identify network risk, proactively eliminate those vulnerabilities and strengthen security throughout the organization, and reduce the cost of security operations and compliance. Together, they create a highly-effective and consistent solution for efficiently managing security operations. For more information, visit http://www.firemon.com. Follow us on Facebook, Twitter, or LinkedIn, or on our blog.