ActualTech Media LIVE Megacast: AWS, Azure, and GCP Solutions

On-Demand

Transcription

Speaker 1:
All right. And with that, I’m excited to introduce today’s first presenter on the event. And that is Mr. Tim Woods, Vice President of Technology Alliances at FireMon. And now we’re going to go to ActualTech Media CEO, Scott Lowe, and Mr. Tim Woods of FireMon.

Scott Lowe:
Hi there, I’m Scott Lowe with ActualTech Media and I’m now joined by Tim Woods, who is the Vice President for Technology Alliances for FireMon. Tim, thank you for joining us for today’s event.

Tim Woods:
Thank you, Scott, it’s a pleasure to be here today.

Scott Lowe:
So, Tim, as I’m sure you’re aware of FireMon has been doing the security thing for a long time and you’ve seen a lot of industry trends come and a lot of industry trends go. What are some of the things you’re seeing today that are really important for people to understand?

Tim Woods:
Great question, Scott. I’ve been at FireMon myself for about 12 years, but FireMon has been doing this for a long time. We have a lot of deep, deep domain expertise, a better part of 15 years now. And we focus primarily on large enterprise, but we also have small, medium and large type clients across almost every single market sector. The challenges are not unique to any one sector either. But we’re seeing this rising complexity, challenging companies more and more, lack of visibility, especially as they’re embarking on their digital transformation journeys and cloud first strategies and they’re hitting this complexity wall that they haven’t really faced head on in the past. But it’s a real thing. It’s a real live breathing thing. You can’t really reach out and touch it or necessarily see it, but it’s there and companies are struggling with it today.

Scott Lowe:
And how is that complexity manifesting itself and impacting business operations and technology operations?

Tim Woods:
You see it in a number of different ways. And that is a great question because that really defines it. It’s hard to fix something if you don’t define what it is that you’re trying to fix, right? We see it manifest itself in a number of different ways. Rules. For example, security enforcement points. We’ve seen just the sheer volume of firewall rules just the last five years. I go back, and I’ll date myself here just a little bit, I go back say eight years ago, I remember when I saw my first firewall that had 10,000 rules on it. And I thought to myself, how could you possibly need 10,000 rules on a firewall? And today it’s not unusual for us to see firewalls with 40,000 and 50,000 rules on them. And so we see this, if you picture it, it’s like a hockey stick going up and to the right of this just sheer volume of rules growing. And that’s mergers and acquisitions and regulatory compliance initiatives and micro-segmentation. There’s all kinds of reasons. And going into the cloud, there’s all kinds of reasons for this volume growth.

Tim Woods:
But where the complexity comes into play, there are two parts here. One is the personnel needed to manage this rise in this sheer volume of rule growth, we’ll call it, has not also went up proportionate to the increase. So, they’re struggling with just managing this volume of rules manually. If you don’t have some type of automation to help you leverage this, it’s just humanly impossible to manage, to try to understand policy behavior. So that’s one type, just the sheer volume of enforcement rules.

Tim Woods:
Deployment of applications and assets, resources, and services into the cloud and not being tracked judiciously as well. We’re seeing that as a form of complexity, kind of organic growth. Sometimes organic growth is good. Sometimes organic growth is bad if you’re not tracking it along the way. And so we see some of that kind of manifest itself as well. So we’re seeing these things kind of grow within the organization, unused rules, duplicate rules, shadow rules. Probably the worst offender of all of them is overly permissive rules within the environment as well. We see too many headlines as a result of that, right? Due to misconfigurations within the various organizations as well.

Scott Lowe:
It would seem to me that when you don’t have something in an automated way helping address what I would call rule sprawl and for some historical parlance. It would result in potential security issues because organizations don’t know what they have. There’s something that happens and you have to have people combing through tens of thousands of rules to try to figure out what happened. Why something critical is being blocked. Why something non-critical is being enabled when it shouldn’t be. And it would seem like it would open the organization to additional risk, when it’s intended to have the opposite. Would that be an accurate statement?

Tim Woods:
You’re absolutely right. I mean, as complexity goes up, we’re absolutely convinced, as complexity goes up, the probability of human error creeping into the equation also goes up. The probability of risk being introduced into the equation also goes up. So if you’re not hitting that head on, you’re guaranteed to run into those two walls for sure.

Scott Lowe:
And one of the things you mentioned was micro-segmentation, that just adds an additional layer of complexity to the whole thing, because people trying to do that manually are probably going to hurt themselves at some point.

Tim Woods:
And complexity in and of itself is not necessarily a bad thing. So when I talk about complexity or when I speak about complexity, I’m really talking about that unnecessary complexity that creeps into the equation over time. A really good security implementation and a good security architecture is going to have some inherent complexities, right? But I’m really talking about those unnecessary technical mistakes that creep into, as you called it out, firewall bloat or firewall sprawl over time that gets in there. If you’re not managing that, if there’s not good hygiene applied to those firewalls over time, that security just continues to deepen. And at some point that note is going to become due.

Scott Lowe:
And this also eventually has an impact on overall visibility into what’s happened on the network. And what are some of the examples, when you think about network visibility, that these kinds of issues are manifesting themselves and impacting the organization?

Tim Woods:
You know, I always say, and especially as we get into cloud, right, because things can change so rapidly in cloud. The frequency of change can be quite high, maybe more so than what we see when we’re on prem or in the data center or even the hyper-converged data center. But when change happens, you really have to answer that question. Was it good change or bad change? If you don’t see the change, you don’t even have the opportunity to answer that question. But you have to look at that and say something changed. Did that change have an impact to my security posture, my compliance posture, my business continuity.

Tim Woods:
But again, if you don’t have good visibility into your infrastructure to be able to track change, and almost any regulatory compliance initiative – I mean, just pick one of them – one of the first things they ask is are you monitoring for change? And if you say, no, you get a big red X right off the bat, right? If you say no to that question. But that’s just part of visibility. So detecting change, make sure that it’s change that we expected. Making sure that it’s change that’s documented. Making sure that it’s change that was performed during the period that we expected that change to take place as well. But again, it all starts with having good visibility within your infrastructure, hybrid infrastructure, both on prem and into the cloud. And so when that change happens, you need to be able to detect that change and be able to identify whether it was good or bad change.

Scott Lowe:
So before we continue, I think it’s important for the audience to understand how FireMon is helping them attack this complexity issue. Can you give us the 30,000 foot view of what FireMon brings to the table to help organizations wrangle their security organization into some level of improvement?

Tim Woods:
Yeah. As I said, we’ve been doing this a long time, but we do help extend your visibility across your hybrid environments. We help you to apply real-time compliance analyzation to those changes. Being able to apply good security hygiene to your firewall policies. Everything we do is real time. And we’re trying to not only identify when change happens, but answer that who, what, when, where – all those questions that need to be answered – and making sure that the correct documentation is applied also at the same time. Auditors love that kind of stuff anyway. Whenever you can tell them when was this rule changed? Why was it changed? Who does it belong to? When’s the next time that we have to review it? Things of that nature. So we track all of that.

Tim Woods:
But moreover right now we’re helping companies to automate some of the processes within their organizations too. As I talked about that sheer volume of rules going up and to the right and the resources necessary to manage that kind of remaining stagnant or remaining static. If you’re not adding people, you can have the best technology on the planet, but if it’s not managed correctly, then you’re not going to realize the return or the benefit out of that investment. Right? So we have to look for ways, if we’re not able to add resources or people, we have to look for ways to help our people work smarter. And we believe automation is the answer to part of that. So we’re trying to help organizations. And they have some incredibly smart people. And they tell me all the time, Tim, it’s not that I don’t know what to do. It’s having the time to do what I need to do. And so we need to empower them and we believe automation is definitely a way to do that.

Scott Lowe:
So when I deploy FireMon, am I deploying a new appliance? Am I deploying an overlay? What am I deploying when I deploy FireMon to help me achieve the goals you just outlined.

Tim Woods:
FireMon, physically, can be deployed, the entire solution itself can be deployed both as a physical appliance in a data center somewhere, but also it virtualizes our platform entire solution virtualizes quite well, whether it’s in the cloud or a virtualized instance somewhere in a data center as well. Ad it scales quite well, too. We scale to whatever the size, as I said earlier, we focus pretty much on the very large, large, large enterprise type environments. And that’s where you’re going to find a lot of large complexity as well. And that’s really where our value proposition is amplified, when you have these really complex hybrid type networks. But we can scale to any size necessary to meet the requirements of the environment as well. So easily deployed, like I said, either physical or virtual, and we try to make that deployment aspect of it as easy and as simple as possible.

Tim Woods:
But once deployed, then we’re helping to monitor your security implementations. When a change happens, identifying that change, alerting you to that change. Proposed changes, we want to sand box those and identify in advance. So instead of reacting to a change, we want to be able to proactively assess, to say this change that you’ve proposed, that you’ve approved, because we’re seeing a large number of approved changes cause an impact to the environment after they’ve been implemented, right? And they’ve already went through the approval process. They weren’t necessarily sand boxed in the context of the policy that they’re targeted for. So we want to help assess the validity of that proposed change prior to implementation to say is this going to have an impact on my compliance posture? Is this going to introduce unacceptable risks into my environment as well? Because at the end of the day, we’re trying to manage risk to a level that’s acceptable by the business, right?

Scott Lowe:
Absolutely. And one of the things that we’re seeing here at the Reinvent Show this week, there’s obviously organizations that are deploying cloud and hybrid cloud and multi-cloud and whatever cloud they want to do these days. So it increases opportunity for intrusion. And as companies are continuing to embrace cloud adoption, it doesn’t look like the threat landscape is ever going to shrink. So what would you say to these companies that are embarking on a digital cloud journey or even those that have already made the leap? What advice could you give them to help them do better?

Tim Woods:
Yeah, that’s probably the best summation, it’s not going to slow down. Right? The threat landscape is growing. The business is not going to stop. Here’s what we think is happening. We believe that the business has accelerated past our ability to consistently secure it in a timely manner. If you can’t honor those business requests on a timely basis, what’s the business going to do? They’re going to go ahead. They’re not going to wait. They’re not going to stop. You tell somebody no, they’re going to look for a way around. You tell somebody to wait long enough, they’re going to look for a way around you. So I would say that from an organizational perspective, if I was talking to a CIO or a CISO, I would say, look for a way to ensure that your security has parity with the speed of your business. Make sure that security is embedded in the deployment process. Make sure that in your agile development teams, that security is a component of the process.

Tim Woods:
And if you look at those processes, if you look at your individual organizations, make sure that they’re not siloed and that they’re collaborative in nature. Whether that’s compliance and the business teams and the infrastructure security or new cloud security teams that are evolving as well. Because right now, we’re seeing a lot of individuals take responsibilities – business owners, stakeholders, dev ops – taking responsibility for the configurations of their own data security controls, as they’re deploying their applications, assets, and resources services into the cloud. And they’re not necessarily getting it right. Not that they’re not smart people. It’s not their forte. It’s not what they’re well-grounded in. It’s not where they came from.

Scott Lowe:
And that’s a different beast.

Tim Woods:
It is a different beast. And so we need to ensure that security has parity with the speed of the business at the end of the day. We need a centralized policy that can be technically enforced.

Scott Lowe:
And that’s where FireMon can help them understand, bring this all together into a single place and say, here’s where you need to be looking to make sure that you don’t unnecessarily expose yourself to something you didn’t anticipate.

Tim Woods:
We do. We give you a collaborative platform that gives you that central pane of glass that combines all those security policies in one central location that can be centrally managed, centrally viewed, and centrally collaborated with across the team.

Scott Lowe:
So Tim, if people want to learn more about FireMon, what can they do? Where can they go next?

Tim Woods:
They can go to our site obviously FireMon.com. There’s a ton of resources out there. We just finished our 2019 state of the firewall, our sixth annual state of the firewall report. We also do state of the hybrid cloud. That information is out there. There’s just a lot of material in our resource section there that I would solicit our listening audience to go and look at. I think they’ll find it very valuable and very timely information that they can use in their day-to-day jobs.

Scott Lowe:
And we would also recommend that people go get your cutting through the haze, three steps to gain control of cloud security. Where can they go to get that? The FireMon website?

Tim Woods:
It’s at the FireMon resource website, too. And it’ll direct you there. So just released, hot off the presses. So go get that today.

Scott Lowe:
They should. We will make sure we encourage people to do that. Tim, thank you so much for your time and your insight. It’s appreciated.

Tim Woods:
Scott. Thank you very much. I appreciate the time. Love to do it again.

Read more

Get 90% Better. See How to Get:

  • 90% EFFICIENCY GAIN by automating firewall support operations
  • 90%+ FASTER time to globally block malicious actors to a new line
  • 90% REDUCTION in FTE hours to implement firewalls

SCHEDULE A DEMO