FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments. Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the entire IT landscape to automate policy changes, meet compliance standards, to minimize policy-related risk. Since creating their policy management solution in 2004, FireMon states they've helped…
N/A
Salt
Score 6.2 out of 10
N/A
Built on Python, Salt is an event-driven automation tool and framework to deploy, configure, and manage complex IT systems. Salt is used to automate common infrastructure administration tasks and ensure that all the components of infrastructure are operating in a consistent desired state.
FireMon is best used in a large environment (for example, I have >100 firewalls in my environment). It's best used when trying to improve security posture and showing changes in firewall security over time. It might not be the best choice for smaller environments or those that aren't concerned about security management.
Managing heterogeneous environments of large numbers of nodes, especially nodes which may need sudden changes (security updates, for instance), or frequent replacement, is a strength for Saltstack. Simplicity is not a strength for Saltstack. In a homogenous environment (all CentOS 7, for example, with no Debian or Windows) I might recommend using Ansible instead - it is less flexible and granular, but simpler to configure.
PCI Reporting - After identifying which firewalls and rulesets are in scope, producing a report artifact to satisfy PCI requirements on Firewall reviews is literally a two-click operation.
Storing Rule Metadata - FireMon stores metadata (prefilled fields, standard fields, and custom fields) for each rule in each policy which is valuable for context during firewall reviews in particular
API - FireMon exposes most if not all of its functionality via REST API
A superb remote execution framework! SaltStack allows us to easily program numerous functions on top of it. For example, we developed a fast parallel asynchronous deployment tool that handles all software deployment, including interdependent service management.
Configuration management is now easy. We take advantage of this to automate (in tandem with AWS tools) the stand-up of all servers and services. It is also relatively easy to create new configuration management states for software not yet supported by the community (e.g. Grafana).
Flexibility. Numerous small utilities have been built which simply wrap around SaltStack to allow tedious tasks to become easy.
Once all the customization has been completed, the business is starting to see the return on investment. The visibility it provides into the network gear that is owned by other IT groups is immeasurable and has allowed us to apply standards across the board. The only thing I have concern with is their support documentation.
FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.
I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.
FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.
We haven't had to spend a lot of time talking to support, and we've only had one issue, which, when dealing with other vendors is actually not that bad of an experience.
I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them
I've used shell scripts over ssh, custom in-house deployment tools, Chef, and SaltStack. I've evaluated Ansible, but I was never happy with performance over SSH. Chef's loose configuration data model and lack of philosophy and conventions around use makes it difficult for a team to share responsibility for configuration code. Needing to use additional tools to do orchestration for cross-host/agent dependency relationships made me look for more. SaltStack, while not as mature when I first tried it, impressed me with its speed and elegant design
Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.
It helps us save us time in determining what change was made and by whom.
Real time alerting is a great convenience in helping us know if something went wrong, we can immediately review the last report to determine what has changed.
Allows us to determine what rules are not used and if said rules are still required.