FireMon Security Manager was created to address the problem of managing security infrastructure in enterprise, service provider and government environments – which are often large, complex and difficult to manage.
To meet the needs of a network, the system must be able to scale to its size. Security Manager is built to be the most scalable, fast, extensible and capable solution on the market. It simplifies complex environments, performs rapid analyses, and integrates seamlessly into networks.
Security Manager supports distributed environments with the Data Collector design. Data Collectors can be deployed anywhere in the network. A typical deployment model will have one or more Data Collectors in each data center.
Security Manager deploys multiple Data Collectors to scale horizontally, monitoring all devices in real-time for changes, configuration retrieval and log data collection. Also, much of the complex and intensive log analysis is distributed to the Data Collectors. This distribution off-loads expensive and time-consuming continuous log processing from the application server to free up resources.
Security Manager was designed with real-time change alerting in mind. Every device can be monitored using either vendor-supplied API’s or SYSLOG for real-time change event notification. Rather than polling a device or manually scheduling configuration retrieval, Security Manager is always monitoring for change events. This means the data is always up to date and analysis is always accurate.
Single Pane of Glass View
Security Manager can scale and be distributed throughout the network with the Data Collector design, but all the data and analysis is available in a central Application Server. This means one pane of glass manages the entire infrastructure. By off-loading much of the continuous processing to the distributed Data Collectors, the Application Server is free to perform event-based, scheduled or on-demand reporting.
Security Manager’s Application Server is built for speed. Using a high-performance database and advanced data structures for analysis, the Application Server is capable of analyzing very large data sets and very large device configurations extremely efficiently. Analysis such as Traffic Flow Analysis and Risk Analysis requires significant processing effort to produce usable results. Brute force analysis is nearly impossible within typical processor and memory constraints.
To overcome this, Security Manager uses patented analysis data structures and strategies to reduce the computational effort and perform complex analysis quickly. Other reports, such as usage-based reports, must process a very large amount of data. The analysis is not overly complicated, but the amount of data can overwhelm the system’s storage requirements and report processing time. Using an efficient aggregation strategy – without losing any data – Security Manager is able to maintain years of usage data without significantly affecting storage requirements. In addition, reports for 30 days of data or 3 years of data will return in nearly the same amount of time.
Controlling the sensitive data collected and stored in Security Manager is critical. Security Manager implements a flexible role-based access control system that allows control of what actions a user may perform and what devices a user has access to. Particularly in MSP environments, the device-group/user-group mapping permits easy and effective separation of data between customers.
Security Manager is part of a larger security management ecosystem at every enterprise. Understanding this, FireMon developed Security Manager with integration in mind. With an open API and many pre-built integration capabilities, Security Manager readily integrates into the enterprise network and processes. It can be integrated with provisioning systems, existing reporting portals, authentication systems, existing log servers, workflow systems, GRC systems and more.