Security professionals have a tough time keeping pace with business demands, security risks, regulatory compliance and daily cyberattacks. This leaves little time to dissect the vendor claims hitting you from every direction.
So, let’s cut through the guff. FireMon created the Network Security Policy Management (NSPM) category. We started all this because security teams were adopting security technology without the means to effectively manage it. They needed a better, faster way to diagnose configuration problems, meet audit requirements and improve their security posture. Considering this was such a valuable area to automate, several others followed us.
When looking at Network Security Policy Management (NSPM), it is important to observe the capabilities of prospective vendors. These capabilities become the automated core competencies of network security teams, with the platform becoming the single-source-of-truth for configuration assurance. You should choose wisely.
Network security policy has been an essential discipline since the first time we let computers talk to one another in a network. This discipline became table stakes for security teams; just a part of the job. Security teams are answering the questions of how, when, who, why and under what circumstances these machines are permitted to communicate and trade information. That’s foundational to any network security program.
However, it can be a time suck. Often, we develop labor-intensive tasks to discover how network security devices are directing all that network traffic. Once all the data is assembled, security teams take a look and make adjustments. This time devoted to this manual effort has exploded with new regulations, internal standards and mutating networks.
Furthermore, there’s a shortage of skilled labor to do all this labor-intensive work. Let us call this The Complexity Gap. The gap is the distance between device rules/policies and the labor force needed to manage it all.
Network Security Policy Management (NSPM) appears on the stage to automate and orchestrate the manual work. How did FireMon become the leader? It must be more than just being the first solution to market, right?
Let’s take a look at each of the reasons FireMon continues to dominate NSPM.
Performance At Scale
When looking for any solution to close The Complexity Gap, it is important to acknowledge the methods and architecture used to scale with the enterprise. Scale is ultimately a relational model: one-to-many. Most importantly, scale needs to happen without any degradation in service. That can prove challenging to many NSPM providers. After all, we are talking about petabytes of data flowing from devices that literally cover the globe.
But superior NSPM begins with performance that can scale; working just as well with 1,000 firewalls as with 10. It all comes down to data ingest and normalization, with the ability to ingest billions of events, changes, traffic patterns and compliance violations. This can be a challenge – for some. The one-to-many scalable requirement is for purposing all that data. But how can I purpose any data that is incomplete? You can’t. Having portions of the story doesn’t really get us any closer to making the best decisions for our network security.
The FireMon Difference
FireMon accomplishes scale from a single console. NSPM laggards require separate instances and consoles. But isn’t the piece-meal approach to network security what we are trying to overcome?
Take one of your data centers…can you picture it? Good. Now, segment each of the firewalls by vendor. I know this may seem strange, but just stay with me. Poll each group of vendor-specific firewalls every 20 minutes, then take the results from Palo Alto and put those in one database, the results from Cisco in different database, Check Point? You got it, another database. What about the sea of Layer-3 devices…sorry, you still need a separate database for each manufacturer.
Still with me? Okay, now simply go to each NSPM console devoted to each device manufacturer. Got a clear picture yet? No? Well, try exporting the results from your separate consoles. You know how to use Excel, right? Put all those results into a single sheet. Trying really hard to ignore that the data from each console has a different timestamp – remember we’re polling, not streaming.
Now that you have stitched together your report (with an accuracy confidence of around 50%), go repeat this exercise for each of your other data centers. Note: the confidence level will go down with each stitched report.
Now, to be sure, it is not malice or sadism motivating this manual effort. It simply comes from a lack of user empathy. At FireMon, we put on the lens of our customers and developed an architecture that accommodates their fast-paced, ever-changing, demanding lives.
Network security personnel are the heroes of the enterprise. Do you really want our heroes running around from console-to-console, stitching reports together from various sources? Even with this kind of effort, they still wouldn’t be able to have the confidence needed to make the right decision.
FireMon achieves enterprise scale because of our distributed architecture. By shifting the work from the application to a data collector, the user has a web-GUI that distills the picture of all their network devices – processed and normalized by the data collector.
Then, at the data collector level, we use the big data capabilities of Elasticsearch for ingest. Talk about scale…some FireMon customers automate analysis for 1 billion events a day. Superior architecture is what makes this possible.
This foundational architecture is the source of all other good things at FireMon, including Performance At Scale. What’s in it for a FireMon customer? Faster, better answers in all areas of network security.
How does FireMon support live streaming data for real-time monitoring? Architecture.
How does FireMon ingest all that data without polling? Architecture.
How does FireMon support network evolution (cloud, SDN, virtualization)? Architecture.
How does FireMon normalize all that data from various firewall vendors? Architecture.
That’s Performance At Scale. We do this every day. And we do it for thousands of heroes slaying network dragons.
As this series continues, we will explore all the areas that makes FireMon the leader in NSPM.