As its name suggests, FireMon Security Intelligence Platform is focused on monitoring and managing firewalls. That puts it squarely on the technology-driven side of GRC. It runs on a purpose-built platform and it mixes GRC and enterprise security, an excellent mix in our view. The architecture is such that it can be distributed easily and can be deployed from one or multiple platforms.
The premise behind the tool is that by managing communications devices and predominantly firewalls, security and good GRC can be maintained. Sprinkle in some really good reporting and searching and you've got a pretty good mix. We really liked the contextual approach that FireMon takes. It watches the flows in the network and, using vulnerabilities reported from scanners, such as Qualys and such things as vulnerability reachability, it figures the relative risk for any device under any set of conditions. This gets played against policies and standards to get a contextual picture of the IT risks in the enterprise.
The agents that sit on the monitored devices are very lightweight and FireMon supports more than forty different devices. We dropped into the system through the security manager dashboard. This is a bare-bones dashboard with just the picture that the administrator or analyst needs to get started. There is a series of key performance indicators and several good starting points for analysis, such as a look at the top 10 devices recently revised - they monitor for change in real-time. From here you can drill down and get to anywhere you need to be within the tool.
For example, you can drill down on a device and see its configuration against policy, the activity on the device and lots of other useful information. Connection to the system by outside devices is straightforward due to the tool's abundant APIs. Everything in the FireMon system is associated with an API. Rather than using REST, FireMon has opted to write explicit APIs and then make them public.
We then moved to the Security and Compliance dashboard. It was similarly spartan. However, thinking about it, there is nothing that I would want in the dashboard that I couldn't get to either directly or by drill-down. Drilling down we reached the enterprise policy and security rules screen. This gave a good picture of the policy posture of the network being monitored.
One unique capability that we particularly liked is the traffic flow analysis report. This lets us see how traffic is flowing on the network. Configurations dictate data flows, so watching data flows provides an indicator of network security health. Playing all of this against FireMon's reporting and analysis tools gets you to a good view of risk and compliance. This is enabled by the database architecture of the system. The database uses FireMon's SiQL. Searching is via omni search and it is very simple and Boolean-based.
Firewalls can have hundreds of thousands of rules and many of those rules are not often needed. So what do you do if you have a hundred firewalls throughout your widely distributed enterprise? How do you keep all of them running at top efficiency without doing something that breaks security? FireMon addresses that with its Removable Rules report. This tells what rules on what devices can or should be removed. Prior to making these decisions FireMon has considered the impact of removing the rule. Rule cleanup is a big part of what makes this solution unique. Other tools perform the same function, but the contextual nature of FireMon has real impact on doing rule cleanup without breaking something elsewhere in the enterprise. The connection between network security and GRC is plain in this tool. Such features as whitelisting rules, where management has opted to accept the risk of violation, address the reality of today's business drivers.
Pricing on the system is reasonable and there is a good customer portal. Support is free for the first 30 days and can purchased in two levels.