FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments. Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the entire IT landscape to automate policy changes, meet compliance standards, to minimize policy-related risk. Since creating their policy management solution in 2004, FireMon states they've helped…
N/A
Symantec Advanced Threat Protection
Score 9.0 out of 10
N/A
Symantec Advanced Threat Protection is a single unified solution that uncovers, prioritizes, and
remediates advanced attacks. The product fuses intelligence from endpoint, network, and email
control points, as well as Symantec’s massive global sensor network, to stop threats that evade
individual security products. It leverages existing Symantec Endpoint Protection and
Symantec Email Security.cloud investments, so it does not require the deployment of any new
agents. It includes functionality…
FireMon is best used in a large environment (for example, I have >100 firewalls in my environment). It's best used when trying to improve security posture and showing changes in firewall security over time. It might not be the best choice for smaller environments or those that aren't concerned about security management.
I think Symantec ATP is more of a medium or large-scale product where a company has a lot of endpoints. It is burdensome for smaller companies with limited IT support to try and get the product up and running. In addition I feel the new own, Broadcomm, is also trying to angle their product more to the large customer base. A medium or large scale customer in the need of end-to-end protection for their network really cannot go wrong with the product once configured correctly.
PCI Reporting - After identifying which firewalls and rulesets are in scope, producing a report artifact to satisfy PCI requirements on Firewall reviews is literally a two-click operation.
Storing Rule Metadata - FireMon stores metadata (prefilled fields, standard fields, and custom fields) for each rule in each policy which is valuable for context during firewall reviews in particular
API - FireMon exposes most if not all of its functionality via REST API
It was easy to install on machines in an active directory environment, and maintain/update whenever we needed without having to physically go to clients.
The interface was pretty well locked down for clients, which was good in order to stop accidental meddling.
Symantec has good online resources for current threats, including messages or warning signs and what to do/where to find them on a machine in case SATP cannot deal with it on its own.
Supplier support - Really dire. Technical support off shore was passable, but account management was non existent. Really reflects on Symantec poorly given our spend per annum with them.
Cost per annum. At the upper end of protection systems. With little or no account support this was poor value.
Once all the customization has been completed, the business is starting to see the return on investment. The visibility it provides into the network gear that is owned by other IT groups is immeasurable and has allowed us to apply standards across the board. The only thing I have concern with is their support documentation.
Symantec Advanced Threat Protection has done a sufficient job at identifying true positives. However, the UI could be improved and the amount of false positives is a little too frequent for my liking
FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.
I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.
FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.
I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them
Proofpoint Advanced Threat Protection is a software with a high potential to detect and respond quickly to threats that target email, however Symantec Advanced Threat Protection provides a more complete protection that protects the entire network or devices and endpoints that are managed on a daily basis and has incredible ease of use. While Proofpoint Advanced Threat Protection is not a software that is very easy to use, it requires high maintenance and its protection is based on attacks that enter through email; this is why Symantec Advanced Threat Protection was finally chosen.
Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.
It helps us save us time in determining what change was made and by whom.
Real time alerting is a great convenience in helping us know if something went wrong, we can immediately review the last report to determine what has changed.
Allows us to determine what rules are not used and if said rules are still required.
