see more

Resources

Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy! 

Untitled-64

Blog

May 19, 2017 A Practical History of the Firewall - Part 1: Early Days
As a practitioner in the relatively early days of the mass adoption of the Internet (mid to late 90s), I saw the rapid adoption and evolution of firewall technology. I had a limited view, and certainly have an imperfect memory, of this history. As such, over the next few posts, I welcome your comments to help me fill in the missing pieces of this story.
Read more
May 02, 2017 Breaking down the 2017 Verizon Data Breach Investigation Report
Verizon’s infamous Data Breach Investigations Report (DBIR) came out last week. It’s a testament to the diverse data Verizon now has that this year’s report is separated out by industry. In other words, more industries are seeing attacks and it allows the data to be divided and still hold merit. A few findings stood out to me as worthy of a deeper look...
Read more

Events

Webinars

Upcoming Webinars

Jun 06, 2017 2:00 pm - 3:00 pm PDT Top 5 Risks of "Dirty" Firewalls
Firewall rules are notoriously complex and voluminous in nature. Even small organizations have multiple firewalls and significant complexity. But large organizations are overwhelmed.
Register
May 23, 2017 Der Countdown läuft, noch 365 Tage bis zur DSGVO (GDPR): Machen Sie Ihr Netzwerk fit für Compliance
Netzwerksicherheit ist deutlich mehr als Cyberbedrohungen nur zu stoppen. Es geht auch darum für das Unvermeidliche gerüstet zu sein. Nämlich einen Datenschutzvorfall, den die Technik allein nicht hat verhindern können. Die EU Datenschutz-Grundverordnung (kurz DSGVO GDPR) ist, neben anderen mehr, ein solches Compliance-Rahmenwerk mit dem Unternehmen sich auseinandersetzen müssen und das im Mai des kommenden Jahres in Kraft tritt. Dann sind Unternehmen beispielsweise verpflichtet innerhalb von 72 Stunden nach einem Datenschutzvorfall darüber zu informieren.
View
May 04, 2017 Threat Hunting: Beyond Alerts & IOCs
Organizations are taking a more active role in detecting and responding to advanced attacks – Threat Hunting. In this webinar, you’ll discover the steps you can take to launch your threat hunting capabilities.
View
Apr 27, 2017 The Life of a Firewall: Seamless, Automated Rule Lifecycle Management

So you’ve purchased a new firewall. Now what?

You’ve got to decide which access is allowed, which isn’t allowed and whether or not rules are compliant with internal and regulatory standards.

Things are running along smoothly and then the dreaded “change.” A user submits a new access request and the fun begins. Is this access necessary? Safe? Compliant? And what happens when it’s time to retire unused rules?

View
Apr 19, 2017 Closing the Complexity Gap

How Effective Security Management Can Help Teams Cover the Exponentially Increasing Gap between Technology & the Resources Available to Manage It

Security teams today are under tremendous pressure due to the rising frequency and impact of breaches and a business that wants to move faster and faster. The answer to both of these challenges has always been to add more technology and staff resources.

However, each new technology added creates complexity. More rules are created and more data is generated. As networks continue to evolve, this complexity will only grow. And while staff resources may increase, they will never match the exponential growth of technology.

FireMon calls this phenomenon The Complexity Gap and has set out to help security teams close it.

Join us for this webinar with Frost & Sullivan where we’ll explore the causes of “The Gap” and how workforce multipliers such as intelligence and automation help staff manage their security more efficiently and more effectively.

View

News




Apr 15, 2014
More than Half of Organizations Filter Out Negative Facts Before Communicating Security Risk to C-Level Executives

New Ponemon Study, Sponsored by FireMon, Finds Massive Overconfidence in Enterprise Security Strength; Ineffective Communications, Inability to Measure and Accommodate Change Drive Substantial Risk

OVERLAND PARK, Kan., April 15, 2014

FireMon, the leading provider of proactive security intelligence solutions, today announced the results of a new study by the Ponemon Institute that exposes a severe gap in security visibility and perception between C-level executives and IT security staff – due in part to an organizational inability and lack of real-time intelligence to adapt to, and understand the impact of, change. The starkest findings are that in nearly 60 percent of the organizations participating, responsibility for managing the impact of business or technology change on security posture resides with C-Level executives (CSO, CISO, CIO, CTO, etc.), and in 66 percent of the organizations surveyed, executive and Board perception of security is “high.” However, the information on which that perception is based is disturbingly incomplete, with 60 percent of IT security staff informing executives of specific risks only when the risk is deemed “serious,” or not at all – and in more than half of the cases, actively omitting negative facts.

The study surveyed 597 individuals who work in IT, IT security, compliance, risk management and other related fields at Fortune 500 class organizations with 1,000 or more employees. All respondents are involved in IT security management activities in their organizations. They also are involved in assessing or managing the impact of change on their organization’s IT security operations.

In the shadow of the historic Target breach, and the revelation that Target management ignored security alerts, the findings could not be more telling, and they go to the core of what appears to be an endemic issue across every industry. Study author, Dr. Larry Ponemon, stated, “What is most concerning is that it would seem security in many organizations is based on perception and ‘gut feel,’ versus hard data. The stakeholders with the highest responsibility seem to be the least informed – a view that is amplified externally. We also found that executive perception of security ‘strength’ had a virtually identical percentage (63 percent) in external partners, and we know that third-party failings also had a hand in the Target breach.”

Diving more deeply into the specific numbers, it quickly becomes apparent that the root causes of the broken communication and resulting vulnerability lie in an organizational inability to accommodate change and accurately set, measure and improve metrics to manage its impact, specifically:

While a vast majority (74 percent) sees security metrics as important, 69 percent see an issue of metrics conflicting with business goals and 62 percent feel that current metrics don’t provide enough information.

  • More than 40 percent see Cloud and mobility/BYOD as the technologies with the greatest impact on security effectiveness. Yet, specific to Cloud, 46 percent say that current metrics can’t quantify the full security impact of Cloud models.
  • This inexact measurement of change leads IT security staff to rate their agility (57 percent) and effectiveness (56 percent) to accommodate change as “low.” As a result, 64 percent rate their organization’s overall security posture as “moderate” or “low.”

“The biggest issue is that IT security teams are flying blind,” said Jody Brazil, president and CTO of FireMon. “Networks are becoming more complex and expansive, while we freeze or reduce the resources tasked with managing them. The fact that the study shows 60 percent performing manual auditing or none at all is alarming. In a threat environment that is ‘always on’ and aggressive, teams must have the ability to automate and continuously monitor and assess dynamic network environments, and be equipped with proactive tools to provide predictive and prioritized intelligence on an ever-shifting risk profile.”

A copy of the report detailing the Ponemon survey findings, methodology and questionnaire can be downloaded at http://content.firemon.com/PonemonSecurityMetricsAndChangeSurveyResults

Mr. Brazil and Dr. Ponemon will also host a webcast to discuss the key results from the research study. The webcast, titled “Security Metrics to Manage Change: Which Matter, Which Can Be Measured?” will take place Thursday, April 17 at 2:00 p.m. EDT. To register or to learn more about this webcast please visit: https://www.brighttalk.com/webcast/11115/107789?autoclick=true.

About FireMon

FireMon is the industry leader in proactive security intelligence solutions that deliver continuous control of infrastructure, policy and IT risk for large organizations. The FireMon Security Intelligence Platform is a massively scalable, high performance foundation for network risk detection, change workflow automation, firewall rule base clean-up, compliance audit assessment and security operations cost reduction. For more information, visit http://www.firemon.com.

Resource Library

Audit Compliance

Datasheets

Policy Change

Solution Briefs

Policy Change

White Papers

Visibility Monitoring Management

Analyst Reports

Security Manager
Overview of FireMon’s Flagship Firewall Management Solution
Policy Planner
Overview of FireMon’s Change Automation Solution
Policy Optimizer
Overview of FireMon’s Rule Recertification Automation Solution
Risk Analyzer
Overview of FireMon’s Attack Simulation and Risk Measurement Solution
Immediate Insight
Overview of FireMon’s Immediate Insight Solution
Intelligent Security Management
Delivering next-generation security management that boosts productivity and accelerates the agility of business
Intelligent Policy Automation
Intelligent Policy Automation: Orchestrating Change Management with Speed and Security.
Hybrid Cloud Management
Visibility into and control over Cloud Services, including AWS and OpenStack Platforms
Accelerated Incident Response
Immediate Insight in action - Orchestration, automation and analytics for data assembly and discovery
Change Simulation & Risk Scoring
Proactively reduce risk based upon network exposure and host accessibility
2017 State of the Firewall
Networking continues to evolve, yet the firewall remains critical to securing today’s enterprises. FireMon is proud to present its 3rd Annual State of the Firewall Report
Firewall Cleanup
The implications of firewall policy complexity, why it remains a problem today and how to resolve it.
Real-Time Risk Analysis
Risk analysis with real-time change configuration is key to managing security risks in your IT infrastructure.
Real-Time Data Triage
Our Immediate Insight platform from FireMon can help organizations overcome the limitations and gaps inherent to the current analytic market.
Bridging the SIEM Alert Triage Gap
Immediate Insight enables security teams to improve event triage and incident response, extending the value of your existing full-featured SIEM.
Intelligent Policy Automation
Automation Isn’t One-Size-Fits-All
Intelligent Security Management

Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Risk Exposure

2016 State of the Firewall
2nd Annual State of the Firewall Report based on survey of 600 IT security practitioners.
The Top 5 Myths of Data Breaches
Five of the biggest myths that exist about data breaches, and explain how and why they occur.
Firewall Sprawl: Top Four Security Gaps Exposed

Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.

Firewall Sprawl: How Complexity Is Adding Cost & Increasing Risk
Aberdeen
Quantifying the value of Intelligent Security Management
Aberdeen
Security Analytics Brings Data-Driven Security Into the 21st Century
Forrester
Automate Zero Trust Policy And Enforcement
Forrester
The Return on Security analysis for FireMon’s Security Manager
IANS