New Release HigHligHts – secuRity MaNageR V7.0aNd Policy PlaNNeR V3.0

Continuous Network Security Assessment and Business Process Integration

Without continuous visibility into current alignment of security infrastructure, even the best network defenses yield to the forces of complexity and

change within today’s large, multi-vendor environments.

The combination of everyday management challenges – including compliance and migration to emerging technologies like next-generation

firewalls, data center firewalls, and virtualization – and ever-evolving business demands result in countless opportunities for misconfiguration and

resulting exposure. The key to policy enforcement mechanisms delivering optimal protection is frequent, comprehensive assessment.

FireMon’s new Security Manager V7.0 and Policy Planner V3.0 solutions provide advanced functionality ensuring consistent, up-to-date

management of complex enterprise security infrastructure, including firewalls, routers, and switches.

continuous assessmentAudit results derived months or even days ago rarely reflect the current

state of network protection. In the worst case, even minor post audit

alterations significantly diminish effectiveness of layered defenses. To

maintain continuous awareness of current IT risk exposure amid daily

operational change, outdated audit results cannot provide the necessary

visibility into real-time enforcement.

Most organizations spend significant time preparing for mandated

security audits – time better spent addressing current, real-world

conditions and adopting proven security best practices.

FireMon’s highly scalable analytics engine offers truly continuous

assessment with actionable results, empowering staff to improve

protection and address audit requirements simultaneously – combining

best practice checks and ongoing policy compliance validation for up-to-

the-minute insight into defenses.

Leveraging its onboard library of pre-defined controls alongside the

flexibility to create custom controls and policies, assessments are tailored

to address unique corporate security policies, track previous audit

mitigations, or analyze environment-specific risks. Select the desired form

of assessment and the device or group of devices to monitor – FireMon

does the rest:

� Detailed reports are delivered via personal notifications and

Web-based dashboards

� Powerful management features allow whitelisted findings

with approved exemptions

� Reports highlight common control failures by device,

assessment, or severity trending results over time

With Security Manager V7.0, empirical evidence demonstrates how the

environment is becoming more secure over time.

Continuous Assessment Provides On-going Real-time Audit Status

Detailed Analysis, Rule Management and White Listing

Integration with Existing Processes

Assess Potential Design Changes

Detailed Rule Recommendations

advanced Business Process integrationEvery organization has unique security demands and established

management procedures. At the same time proven industry standards

help build operational consistency – streamlining critical processes to

deliver assessment result intelligence to decision makers.

FireMon Policy Planner 3.0 combines automated network enforcement

analysis with support for the Object Management Group’s (OMG)

Business Process Model and Notation (BPMN) standard, leveraging

integrated workflow to facilitate rapid integration with existing business

process management solutions.

Via inclusion of BPMN 2.0 best practices throughout analysis and rules

recommendation, FireMon Policy Planner provides targeted results

crucial to both business and technical users, solving one of the most

significant management challenges for security teams.

Multiple teams including audit staff can also create customized

workflows using Policy Planner BPMN 2.0-compliant templates –

including forks for parallel approval paths, resulting decisions, status

notifications, pre-set timers to escalate delayed tickets, and related user

inputs. Workflow is delivered in industry-standard modeling notation

with queue-specific templates and customized ticketing flows, providing

the ability to submit requests based on the nature of proposed changes,

current enforcement, or user access level.

Spearheaded by technology leaders including Accenture, IBM, Oracle,

SAP and Unisys BPMN methodologies permit rapid deployment of Policy

Planner alongside those companies’ solutions, among many others.

Using FireMon’s unique Access Path Analysis, the solution automatically

selects all the relevant devices for a specific assessment and then

recommends how rules should be modified along a selected path.

This greatly extends the Continuous Assessment to validate network

access policy changes BEFORE implementation, ensuring that resulting

configurations offer optimal protection.

In addition to full-text search capabilities, FireMon Policy Planner

Version 3.0 ties directly into FireMon Insight platform, lending native

ability to write ad-hoc queries based on any ticketing requirements.

enhanced domain supportToday’s Managed Service Providers must offer the most flexible,

comprehensive offerings to their clients while retaining all the

protection and multi-tenant control necessary to meet unique

requirements.

Using FireMon Security Manger 7.0, Managed Service Providers

appreciate even broader support for multi-domain environments. By

enabling new Domain configurations, MSPs can maintain segregated,

parallel environments – with vulnerability data, custom assessments,

zone definitions, and device configurations segmented across accounts.

Users with permission across multiple domains can now share “global”

Assessments, with custom values inside each domain hidden from

other environments. Users and User Groups can be limited to a single

domain allowing customers the access necessary to manage their own

installations. All FireMon Security Manager features – including the

network map, policy testing, behavior modeling, and Insight portal

queries – inherit these domains automatically, restricting access to any

selected groups.

ldaP authorizationWhether customers demand full-time, hands-off management by

their MSPs or seek a balance of oversight with flexible controls to play

a continuous role in operations, Security Manager offers the control

necessary to meet their specific demands.

� Advanced multi-domain support for MSSPs

� New authorization via LDAP support for accurate

authentication

� LDAP authorization

Authorization via LDAP extends FireMon’s Security Manager’s

longstanding flexible authentication capabilities. Once approved, the

system applies the configured LDAP group to Security Manager group

mappings to assign remote user permissions correctly. Allow LDAP

do what it does best – manage users and group memberships – then

quickly enable access to an entire group by simply mapping permissions

to existing roles.

Automation is the name of the game, saving time and making the

most of efforts to optimize policy and process. With extended support

for LDAP and greater ability to leverage resources already devoted to

network access policy management, FireMon Security Manager 7.0

raises the bar for automated enterprise security assessment and

policy validation.

Advanced Multi-Domain Support for MSSPs

New Authorization via LDAP support for accurate authentication

additional capabilities � Direct integration with Vulnerability Managers:

− Qualys QualysGuard

− Tenable Nessus

� Behavior-based rule recommendations

� Packet trace enhancements

� New device support

− AhnLab TrusGuard

− Hillstone SG-6000

− Huawei Eudemon

− Palo Alto Panorama

− Positive Technologies MaxPatrol

− SECUI NXG

For information on all FireMon supported platforms and integrations please visit our website at http://www.firemon.com/products/supported_platforms

Ready to try FireMon? http://www.firemon.com/demo

Follow us on twitter @FireMon

like us on Facebook: www.facebook.com/firemon

8400 W. 110th Street, Suite 400 • Overland Park, KS 66210 USA • Phone: 1.913.948.9570 • E-mail: info@firemon.com • www.firemon.com

FireMon and the FireMon logo are registered trademarks of FireMon, LLC. All other product or company names mentioned herein are trademarks or registered trademarks of their respective owners.

© Copyright FireMon, LLC 2013

rev 111513