FireMon customers who have Release 8.15 and have Check Point R80.10 will be able to take advantage of Check Point’s Inline Layer Policy Management. Inline Layers allow a security organization to give more engineers more access to more rules while minimizing the risk of giving these engineers access to all of the rules in a policy. For example, a network administrator can create different policies for different users.
In the picture below, a network administrator has divided Rule 4 in to several inline layers.
With Release 8.15, FireMon customers can use Security Manager to perform change detection and notification for their Check Point R80 device rules as well as normalization of text-based configurations. This support includes configuration comparisons in a normalized display, the display of the device in the network map, insight and FMQL queries, Policy Test, Hidden Rules, Assessment and Controls and Firewall Complexity Reports.
With Security Manager’s customized assessments, Check Point R80 users can perform automated, continuous and real-time assessment of the entire network security infrastructure according to customer-defined requirements. Customers can also create their own controls to match their intellectual property using one of a seven predefined control types (Rule Search, Allowed Services, Service Risk Analysis, Usage Analysis, Regex, Multi Pattern Regex, Device Property).
Our patented assessment engine is unrivaled in its ability to analyze and map network firewall infrastructure, from single devices to the entire environment, typically returning results in mere seconds. Assessments can be granularly applied to specific device, devices, device groups or all devices. Controls can be created to match custom requirements and re-used as part of multiple reports if needed. Competitors cannot scale to provide rapid, in-depth assessment across large enterprise security device infrastructure.
Current customers may access the latest release in the User Center.
To request a demo of Security Manager’s Check Point capabilities, click here.