Loading...

Follow FireMon - Firewall Management Blog on Feedspot

Continue with Google
Continue with Facebook
or

Valid

Every day, when I open LinkedIn or Twitter, I come across at least a handful of posts or articles on security automation. Some companies have taken the plunge, many are actively evaluating automation, and almost all security vendors are evangelizing it. In the network security policy management space, automating iterative and manual tasks into streamlined workflows is absolutely critical. It is simply a more efficient way of doing things. It releases pressure on expensive engineering resources, removes human error, and helps organizations reduce cost –  which is why enterprise adoption of policy automation is accelerating…quickly.

There is a flip side, of course. There are a number of examples of automation going wrong because of three things – excessive automation, automating the wrong processes, and automating without being mindful of the consequences.

To automate or not to automate?

Security decisions are very contextual. For example, automation of firewall configuration updates is very straightforward but not so much the access control rules that govern who and what should have access to which network resources. Enterprise networks have evolved into these dynamic, complex monsters that need to be governed across firewalls, applications, databases, data centers, cloud, and containers to manage risk, and ensure security and continuous compliance.

Unfortunately, a lot of vendor-speak today focuses on just two broad benefits of automation – ease of doing things and cost optimization. No vendor talks about the hidden costs of poorly planned automation and the huge financial implications in terms of non-compliance and data security breaches.

Automating Mindfully

FireMon’s approach to security policy automation has been one of mindfulness, ushering in a level of responsibility, intelligence, and control into the automation process. FireMon provides context around access requests to help system administrators and network engineers determine and implement change with keen foresight. Change that best enables the business without introducing new risk becomes very relevant when you are confronted with thousands of change requests daily. FireMon delivers intelligent and automated workflow that helps security administrators implement the right changes with absolute precision.

Automation and Compliance – Will the Twain Meet?

A 2018 CSO study showed that 69% of the surveyed companies saw compliance mandates driving spending and 88% of companies spent $1 million or more on GDPR compliance. Never before was the tyranny of compliance stronger and this has implications for security policy automation. Meeting compliance goals means that automation must take into account the risks associated with each of the computing platforms on the network as well as incorporate predictive analysis for every critical policy change that is being implemented.

Taking Automation Beyond Known Boundaries

As the market leader and innovator in network security policy management, we are setting the benchmark on automation, taking it beyond its current scope, to ensure that our customers automate fully mindful of compliance and security, making certain that we do not allow new risks to fall through the cracks. FireMon’s vision of automation pivots around:

  • Automation of security at scale across physical, virtual, cloud firewalls, applications, and users.
  • Guardrails and compliance incorporating industry best practices, compliance standards, and customer gold standards.
  • Integration with tools and workflows to support change management and tracking & audit.

Our approach spells a paradigm shift in policy automation as it is aligned to the needs and painpoints of key stakeholders of enterprise security – SecOps, Governance, Risk and Compliance (GRC) and DevOps. Our standards-based workflow engine injects automation and analysis at every stage of the change process, ensuring that engineers are able to design and approve the correct change quickly.

 If done well, automation makes enormous business sense and will deliver on its promises of consistency, cost optimization, ongoing visibility, assessment, and effective management of the organization’s risk security profile and proactive risk mitigation.

So let’s automate…mindfully!

The post What is Your Security Automation Strategy? Mindful or Mindless? appeared first on FireMon.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Christian Fairfax was hanging from the rigging off San Jose City Hall. It was a sunny day, 80 degrees and getting hotter by the minute. Christian, dressed in a business blazer, spent two and a half hours climbing, hanging and rappelling up and down the 20+ story building.

Christian is a professional rock and stunt climber and is the star of FireMon’s new corporate video. As the hero of the story, Christian represents the security and network professionals on the frontlines trying to protect their organizations from cybercriminals while maintaining a security compliance infrastructure in an ever-changing IT landscape. The journey our climber takes up the walls of San Jose City Hall mirrors the journey of our customers as they negotiate the challenges facing them on their IT journey—from on-premises to virtualized, software-defined and cloud-native platforms.

The location of the video, San Jose City Hall, is a gorgeous, post-modern building in the heart of Silicon Valley. It has been featured in several videos including the CBS television show, Unforgettable.

Preparing for The Climb

Like many security professionals, the day starts early. The shoot started with roll call at 6 am. To ensure Christian’s safety, professional riggers and climbers, Connor Jeffress, Andres De La Rosa, and Levi Weddingen, lay safety ropes and monitored Christian’s climbs throughout the day. Support staff file in to complete all paperwork and the production crew sets up the camera for the first shot. The Director, Andy Hill, is barking orders and ensuring people are in place and the shoot stays on time.

The opening scene of the video introduces us to our IT professional. The image of Christian standing still as the crowd moves around him represents the primary challenge security pros face today: speed. Business demands often move faster than the security teams’ ability to keep pace.

As Christian climbs, there is a deeper discussion of the challenges security organizations face with managing security policy across hundreds of firewalls and cloud security controls, many from different vendors. It is nearly impossible for organizations to manage tens of thousands of policies and ensure compliance with internal and regulatory standards.

As Christian makes his way to the top of the building, it’s mid-afternoon and the heat of the day is in full effect. A crowd gathers to watch Christian, trying to figure out what is being filmed. As we film the accompanying videos featuring Don Closser, FireMon’s Chief Product Officer, and Ofer Elzam, Vice President and General Manager for FireMon’s Global Policy Controller, we do multiple takes as the audio is ruined by passing airplanes landing at San Jose’s Norman Y. Mineta International Airport.

The final scene is located at the very top of the building on top of the elevator stack. The view is of Silicon Valley framed by the Santa Cruz mountains on the left and the edge of San Francisco Bay to the right. Drones aren’t allowed due to City Hall’s proximity to the San Jose airport. To capture the final image, a long crane had to be hauled by pulleys up to the top of the building.

The scene that shows Christian at the top of the mountain overlooking the valley represents a sense of accomplishment. However, we all know the job of a security professional is never done and they must remain ever-vigilant.

The shoot wraps up around 4 pm. Pancho, who interviewed Don and Ofer all day, goes into the rigging gear to close out the interview video. As the sun sets and the rigging comes down, the production team ensures that the place is all spruced up. After they were done, we could hardly see any evidence of all the hectic activity during the day.

Many thanks to the production team who made this possible. GB-Films (https://gb-films.com) is a Bay Area creative and production company that works with organizations to help them tell compelling stories with excitement and meaning. It was a lot of fun working through the creative process and doing this shoot with them.

Now that you have heard about how The Climb came to be, check out the full behind the scenes video and leave us your feedback. If you want to learn how FireMon can help your company with “The Climb” towards more manageable security policies for your hybrid environment, visit: https://www.firemon.com/products/.

The post The Climb: Securing the Hybrid Enterprise appeared first on FireMon.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Palo Alto Networks® is set to kick-off its flagship conference, Ignite ’19 USA, in Austin, Texas from Monday, June 3rd to Thursday, June 6th. The start of Ignite ’19 kicks off an exciting time in the calendar as Ignite has developed into one of the most influential, must-attend events for security professionals.

This is why we are especially thrilled to take the stage with Lucas Gallagher at this year’s confab. The session, From Security Bottleneck to Business Enabler: A Foot Locker Case Study, is a discussion of their journey moving from legacy systems to a hybrid environment featuring Palo Alto Network firewalls and Azure. Like many large enterprises, scalability and compliance top the list of challenges, so come hear Lucas discuss the roadmap to success for this venerable Fortune 500 retailer. The session is Monday, June 3 at 4:20 PM in Ballroom G, Level 4.

FireMon has a deep relationship with Palo Alto Networks. FireMon solutions help enterprises accelerate the adoption of Palo Alto Next-Generation firewalls and maximize the value of your Palo Alto Networks investment. Our Immediate Insight application integrates with the Palo Alto Networks Cortex XDR detection and response app. Immediate Insight is an analytics-enabled app that enables security teams to seamlessly combine and analyze cloud-resident and private infrastructure data to accelerate discovery and response to security threats.

Together, FireMon and Palo Alto Networks combine to bring configuration assurance, compliance and risk reduction:

  • Total support for next-gen access and compliance at the user and app layer
  • APIs for integration with Palo Alto Networks, non-Palo Alto Networks devices and the Panorama Management Platform
  • Real-time monitoring for instant network awareness and remediation steps
  • Sub-second rule and policy checks across 350+ controls for continuous compliance
  • Full change reporting with application and user; scoring rules for risk and compliance
  • Attack simulation based on vulnerabilities and network policy

To learn more about how FireMon and Palo Alto Networks can simplify the management and compliance of your complex hybrid architecture, attend our session with Foot Locker on Monday. Or, if you’d like to talk to someone on the FireMon team, you can find us in the Expo Hall at Booth #908.

When you stop by our booth, you may notice that we won’t have any traditional giveaways for you to take back home. Ignite ’19 is where we’ll kick-off our trade show bandage collection efforts for Noah’s Bandage Project. We’re collecting boxes of bandages in our booth and will also donate $2 for every badge that is scanned to Noah’s Bandage Project.

Noah’s Bandage Project seeks to end childhood cancer through awareness, support, and the gift of hope. They do this by collecting cool, fun bandages and giving them to kids that need them and raising money to fund pediatric cancer research. Over the last four years, this foundation has raised $700,000 – dollars given to Children’s Mercy Hospital for pediatric cancer research and 210,000 boxes of bandages collected and distributed around the world.

We look forward to seeing you in Austin and be sure to bring your bandages!

FireMon at Ignite ‘19
  • Come Say Hi: Find us at Booth #908
  • Hear from Foot Locker: Monday, June 3 at 4:20 PM in Ballroom G, Level 4
  • Have Fun: Join #TeamFireMon at Urban Axes for our exclusive axe-throwing event, Tuesday, June 4: http://bit.ly/2X78qbf
  • Schedule a Meeting at Ignite ‘19: http://bit.ly/2X78pEd
  • Download the Data Sheet: FireMon + Palo Alto Networks Integration: http://bit.ly/2XbX99v

The post From Security Bottleneck to Business Enabler: Foot Locker Joins FireMon in Austin appeared first on FireMon.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Lumeta CloudVisibility Community Edition – Free Trial Now Available


There are things known and there are things unknown, and in between are the doors of perception. – Aldous Huxley

Wise words. But it might sound terrifying to a security team, especially as their applications, assets, and associated enterprise data spread to the cloud. In a world where network perimeters are blurring, achieving visibility into all your networking elements, applications and devices across a variety of deployment options is becoming a daunting task. More importantly, as artificial intelligence gains a bigger foothold in the enterprise, accidents are beginning to happen. There are already reports of AI chatbots being breached and going rogue, impacting customers of large companies such as Sears, Delta Airlines and Kmart.

Going back to Huxley’s quote, today’s security and networking teams simply cannot afford to have unknown elements in their environment, be it on-premise, in the cloud, virtual, software-defined networking (SDN) or a hybrid real estate. Many organizations at least try to do a fairly decent job of discovering what assets are in their physical networks, but things get really fuzzy when we move into the cloud. Cloud environments are dynamic, elastic and in constant flux – and often times siloed – which makes visibility an ongoing challenge.

Relax, it is not the end of the world, at least not yet!

FireMon’s Lumeta CloudVisibility Community Edition is now available. The most powerful tool yet to drive situational awareness in the cloud, Lumeta CloudVisibility Community Edition is a free evaluation version that will deliver an initial baseline of visibility for your hybrid environment. Current Lumeta users can upgrade to version 3.3.3 to expand the on-premise capabilities of Lumeta to Amazon Web Services (AWS) for complete visibility of your hybrid cloud environment. You do have the option of upgrading to the full-fledged Enterprise Edition.

So how does it work?

Consistent Cloud Visibility

There is a growing number of organizations that are adopting multiple cloud platforms, especially AWS and Microsoft Azure. There is no single solution out there that offers consistent and uniform  visibility in complex, multi-cloud environments.

Our 2019 State of Hybrid Cloud Security Report found that lack of visibility is the #1 challenge for security practitioners in securing their public cloud environments. Lumeta CloudVisibility addresses this challenge by using a combination of recursive network indexing techniques along with multiple crawling methods. This includesnetwork, host, enhanced perimeter and leak-path discovery – and now cloud API attachment, to discover all of the assets in your hybrid network. Result? A comprehensive and real-time view of the entire enterprise and private cloud infrastructure, including previously unknown / undetected VPCs, instances, endpoints, connections and network paths.

Intelligent Threat Hunting

Lumeta CloudVisibility integrates with host vulnerability management scanners like Tenable, Qualys and now AWS Inspector, to allow continuous identification of unknown and unmanaged endpoints and instances. But it doesn’t stop there. Identifying leak paths—the unknown and unidentified entry points to your network—allows organizations to take quick remedial actions such as adjusting a permissive security group rule or risky TCP/UDP port. Without this intelligence, malicious attackers could use leak paths to infiltrate your hybrid cloud infrastructure, compromise instances or endpoints, shuttle additional malware, install encryption software for ransomware, move laterally to find sensitive data, and even take over additional systems through more infections. Armageddon!

Visual Mapping, Your Network’s Third Eye!

Lumeta CloudVisibility reinvents network mapping from a mere visualization of your network to providing intrinsic intelligence and awareness through cloud and network topology visualizations and maps with nodes, paths/edges and endpoints displayed. It supports user-defined operational overview of zones, notifications, cyber threats and network anomalies, and dashboards, driving comprehensive visibility into the entire network infrastructure – including data about network connections and devices.

When new devices connect to the network, IT professionals are notified via the dashboard, in real-time. What’s more, the topology visualization is—at the cost of sounding repetitive—real-time, allowing administrators to gain extraordinary visibility, right from high-level views to a drill-down of specific devices and paths in between.

Many Clouds, One Platform

Lumeta CloudVisibility can work across a number of hybrid cloud environments, consisting of public and private clouds – including AWS, Microsoft Azure (soon), with Google Cloud Platform, Kubernetes containers, Cisco ACI, VMWare NSX under development. There are very few comparable products that offer consistent and uniform visibility across cloud-mesh networks. Combining FireMon’s Lumeta CloudVisibility with Security Manager, enterprises with complex hybrid clouds can combine extraordinary visibility with event correlation and policy management to drive effective and uniform controls across the enterprise.

Versatile Use-Cases

Irrespective of the kind of changes happening in enterprises, an integrated solution that ushers in end-to-end visibility and helps enforce the right policy changes becomes very relevant. Organizations that already have the FireMon Security Manager for policy management can use Lumeta CloudVisibility to exercise complete cloud control across a variety of scenarios:

  • Realtime risk / vulnerability management program
  • Security data lake creation
  • System of record for network state, endpoint census
  • Mergers and acquisitions / Spin-outs
  • Data center migration to the cloud
  • Network segmentation (e.g. NERC –CIP)
  • Manufacturing OT visibility
  • Healthcare – IoT/Medical devices

All the technologies that are catalyzing these changes—cloud, virtualization, Internet of Things, mobility—are network-centric. This means that any network failure will inevitably break these transformative projects, something that organizations can ill-afford. A borderless network architecture calls for keen visibility, conscious vigilance and intelligent defense and remediation.

To prepare for this transformation, download FireMon’s Lumeta CloudVisibility Community Edition to evaluate your environment today.

The post Five Ways to Achieve Real-Time Visibility of Your Cloud Infrastructure appeared first on FireMon.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This is the second post in a series examining compliance. Read the first post here.

Here is a quiz. What is the one thing common between Facebook, Yahoo!, Uber and Twitter?

They all suffered huge data breaches in recent years, compromising information relating to millions of customers. In fact, for Yahoo! there was a double whammy – once in 2013 impacting 3 billion accounts and again in 2014 affecting 500 million, something that the company kept under wraps until the Verizon acquisition closed in 2017. The 2018 IBM Cost of Data Breach Study says that the average cost of resolving a data breach is $3.9 million globally and $7.9 million in the US. The highest cost of data breach is in the healthcare industry, at $408 per record, almost double that of the financial services industry (at $206), which came in as the second highest.

Enough of statistics. The one thing that stands out from the study is that companies that suffer a data breach have a 28% chance of facing a second breach within the next two years. Why?

This is because the window of vulnerability for an average organization is rather large: an average of around 1,500 days! This is the time taken to identify and secure against a breach, which has a significant impact not just on the vulnerability front but also in terms of costs. What can organizations do, not reactively but proactively, to anticipate and to protect?

Invest in Compliance

I know, compliance to many is like going back to the draconian times. On a more serious note, spending on compliance is probably cheaper than spending on non-compliance and managing its repercussions. For proof, just look at what happened in 2017 and the number of breaches that the financial industry suffered during that year. Non-compliance with PCI-DSS resulted in cardholder data being stolen for an average length of 284 days during that year. According to compliance consulting organization securityMETRICS, 85% of organizations did not have comprehensive methods to restrict access to their networks. Now, with IoT and your smart refrigerator connecting to the office network, the threat surface has become explosive. In such a scenario, it is not just important to monitor the edge devices connecting to the network but also recursively index and discover all network assets.

Enter Lumeta

The issue with current vulnerability management solutions is that they cannot enable protection to devices that they don’t see. Our Lumeta solution routinely finds an average of around 40% more devices than what is typically known on any network. Lumeta has its roots in the Internet Mapping Project, mapping every network connection, host, and active IP on the network. The accurate and real-time intelligence Lumeta provides on hybrid network architecture, network segmentation and cybersecurity analytics allows our clients to validate IT policies, analyze the connectivity between assets and networks, uncover risk patterns and policy weaknesses, and proactively secure their critical assets.

Lumeta’s network-level discovery data includes:

  • Discovered devices
  • Unknown IPs
  • Non-responding networks
  • Leak paths

Lumeta Keeps You Compliant

Today, organizations grapple with multiple compliance requirements, depending on the industry they are in – EU’s Global Data Protection and Regulation (GDPR), HIPAA, FISMA, SOX, GLBA, PCI-DSS and a number of country- and state-specific laws. If you read many of these, rule #1 is to know what you have on your network – at all times.  Something that is easier said than done. This requires constant monitoring and compliance audits. Lumeta supports a wide range of compliance regulations by helping organizations:

  • Maintain compliance amid network and regulatory change
  • Optimize vulnerability management and incident response
  • Eliminate audit surprises
  • Gain “fact-based” compliance reporting
  • Show protective measures are in place around sensitive customer & personnel data
  • Provide continuous monitoring
  • Automate audit reporting on network infrastructure

Lumeta aligns with the ISACA approach to auditing network security, with a focus on determining the extent of the network. Lumeta will identify exactly what comprises the network, including any connections to external networks.

It is a Dark World without Lumeta

It has been proven, time and again, that organizations need to actively invest in threat intelligence, device and network discovery, access governance, and cyber analytics. Monitoring and reporting have to happen in real-time, not in spurts of time lapses. Enterprises need to discover threats irrespective of the geographies that they originate in… ahem, this is especially important as the specter of state-sponsored attacks looms large. How can even highly regulated verticals such as Finance and Healthcare protect themselves from malignant intrusions and attacks if 35% – 50% of their networks is dark, invisible and undiscovered?

Detection is a pre-requisite for deterrence and response, which is why Lumeta is the first line of defense for agencies that protect our national security. As almost all industries face the Gideon’s Sword of compliance, the proliferation of IoT and BYOD, cyber threats, and breaches, the business case for Lumeta has never been a more powerful one.

Learn more about how you can apply Lumeta in your hybrid and multi-cloud environment here: http://bit.ly/2vvsgkc.

The post Pssst… Look Who’s in Your Network! appeared first on FireMon.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

When your lines of business pick their own public cloud platform for the task at hand, it’s not always clear who’s responsible for security.

FireMon’s 2019 State of Hybrid Cloud Security survey found nearly 30 percent of respondents use the cloud for Software-as-a-Service (SaaS), while use of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) are both a close second with just over 26 percent. Overall, 39 percent of respondents said they’re using all three “as-a-Service” models.

These adoption rates show respondents are comfortable putting more workloads in the public cloud and sharing responsibility for security. This is particularly true for the 23 percent of respondents who indicated they’re using IaaS and PaaS, where more responsibility for certain items such as applications and data falls on them rather than their public cloud provider.

But even as organizations get used to sharing security responsibility for the cloud, comprehensive visibility into what needs to be secured is essential. In addition, different cloud providers delivering the same type of application or service may have a different model for sharing security responsibility.

Digital transformation drives shared security responsibility

The adoption of multi-cloud is driven by digital transformation efforts. It’s what I like to call “cloud for strategies,” as companies let business objectives guide their cloud choices. But it does muddy the waters because you must be clear on who’s responsible for security.

Shared security responsibility models differ for each cloud platform even if the application or service is similar.  You might pick Microsoft Azure as your preferred PaaS, while I might go with Amazon Web Service (AWS). You must understand what part of security you’re responsible for and what Microsoft provides within that infrastructure, while my responsibilities may be different because I chose AWS.

The types of applications and services you deploy can influence how security responsibility is defined internally—elastic storage versus a CRM suite. Right now, it’s still a little like the Wild West. Traditional IT security teams take care of physical firewalls and must work with infrastructure and networking teams, but adding just one public cloud provider, let alone multiple providers, adds a new group of people to the mix. For example, the marketing department may spin up a cloud service workload instance without fully understanding the organization’s responsibility for securing that workload. They may fail to enlist IT because they assume security is up to the public cloud provider. There may not even be a precedent set at the company for who should take ownership for the security controls around the applications that are being deployed in the cloud.

This shared responsibility is also present within the organization.  Many large organizations I talk to said they’ve had to rework their DevOps processes so they can honor the speed of business demands. Shared security responsibility is the outcome of this accelerated pace. As a security professional, you can’t simply say “no” to a line of business; they’ll just go around you. These users view security as a barrier, not an enabler, spinning up cloud instances and configuring security (or not) themselves. These “as-a-service” deployments can add up quickly along with ad-hoc security policies and temporary firewall rules that outstay their welcome.

Meanwhile, new cloud security teams are forming separate from traditional on-premise IT security staff. Best case scenario, these siloed groups all assume everyone is taking responsibility for their share of security because they’ve deployed it.

And that’s the problem. Different parts of the organization are sharing responsibility for security along with multiple cloud platform providers, but it’s in a haphazard way. There’s no unity, and that means when something goes wrong, there’s going to be a lot of finger pointing.

One policy to rule them all?

Because we have different parts of the business engaging with different public clouds that confuse who’s responsible for security, we’ve moved away from having a central security policy everyone supports.

It used to be clearly laid out for the entire organization. It might have been called the “security policy,” “standard operating procedures,” or “application port guidelines,” but it always boiled down to someone, or a core group, articulating all the acceptable scenarios for the business with a process in place to make changes.

Obviously, this took time. But because a cloud instance can be enabled so quickly, the speed of business has people circumventing these security policies—they’re rolling their own, so to speak, without any guiding principle or a security rule book to govern these ad-hoc configurations.

Shared security responsibility needs complete visibility

Some organizations are handling shared security responsibility better than others by trying to align some of their best practices and policies as various groups spin up their own cloud instances from different providers. The formation of cloud security teams is an excellent example, while DevOps teams are weaving security into application development.

While there are nuances between different public cloud providers and their respective shared security models, what matters most is there’s a unified rallying point of cloud deployments in general. Ultimately, shared security responsibility isn’t good or bad, but it must be governed by a global security policy. We must clearly define what we can and can’t do. Governance must also be supported with a collaborative platform where all stakeholders can orchestrate policy that aligns with business, compliance, and security intent.

Most of all, this consensual security policy must be technically enforceable. That requires complete visibility because it’s hard—even impossible—to secure what you can’t see or manage what you don’t know. Returning to a global policy means having complete visibility so you know it’s being honored, even if security responsibility is shared.

Special thanks to Director of Product Marketing, Elisa Lippincott, for contributing to this post.

The post Solving the Security Responsibility Dilemma in the Public Cloud: What’s Your Role? appeared first on FireMon.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The stage for Fortinet Accelerate 2019 was set at the beautiful Walt Disney Dolphin resort and convention center making it a magical experience.

Attendance was equally magical as over 4000 people attended more than doubling attendance from the year before. We had the pleasure of engaging with people from across the globe as attendees from 40 different countries took part in this annual Fortinet event. I took note of representation from networking teams, security teams, c-level executives, compliance, DevOps, and business owners. For me, this underscored the growing awareness and interest in technology driving digital transformation. Across the board, as people visited the FireMon expo booth, our conversations consistently took us into concerns around cloud visibility, cloud adoption, and cloud migrations.  Not only were people expressing a need for greater visibility in the cloud but also for extended visibility at the edge of their cloud architectures.

It was abundantly clear that Fortinet CEO Ken Xie has his eye on the proverbial cloud ball ahead.  The show themes I observed revolved around 3 primary pillars.

The first was a focus on education in cybersecurity. It’s known there is a significant cybersecurity skills shortage with more jobs available than people to fill them. Fortinet plans to do their part by making education a primary focus in their business plan. At the Accelerate 2019 conference, every attendee was given a free voucher to take the Fortinet Network Security Expert (NSE) exam. The opportunity to earn this certification was backed up by pre-conference workshops, fast track workshops, and breakout sessions all to help attendees prepare and pass exams from NSE 4 to NSE 7.

Secondly, echoed across many sessions, was the message of continued commitment to the Fortinet ecosystem of “Fabric Ready” partners which FireMon has been a participant of for many years.  Fortinet is constantly expanding its APIs, fabric connectors, and development tools adding additional value to partner integrations.

Lastly, but certainly not least, was the promised pursuit of technology innovation to support the digital transformation and cloud-first strategies of businesses ahead.  One prominent example of this was Fortinet’s announcement of an industry first SD-WAN ASIC to accelerate and secure the WAN Edge. Fortinet is claiming a 10X performance increase with the FortiGate 100F SD-WAN ASIC Appliance. No doubt organizations are adopting SD-WAN for faster and more cost-effective connectivity, but security must be an integral component of any selected solution. This announcement was received well by Fortinet customers as SDN hardware with capacity and integrated security is what customers want.  Given this new technology is hosted on FortiGate hardware with FortiManager support, you can bet FireMon has “Fabric Ready” arms wide open to embrace as soon as possible!

What about AI? Funny you should ask. I spent some time on the EXPO floor with the folks at the FortiGuard Labs booth. This team gathers and analyses over one hundred billion security events every day, yep that is 100,000,000,000. How do you look at that much data? The FortiGuard Labs uses a proprietary machine learning and artificial intelligence program called “Self-Evolving Detection System” (SEDS). SEDS employs a continuous training model to collect, analyze, and classify threats autonomously. This form of automation leads to the development of new defensive signatures that distribute across the connected Fortinet Security Fabric in real time. There was much more to explore, the Fortinet product portfolio covers a full spectrum of solutions, from VoIP systems, video surveillance, Next-Generation Firewalls, SIEM, email, IoT, wireless LAN, and much more.

All of this magic was available to see first-hand alongside the many partner solutions also displayed in the EXPO hall. Click here to download information about our integration with Fortinet. If you’re ready to learn more about FireMon’s “Fabric Ready” support for Fortinet, then give us a shout. We would love to show you.

The post Talking Cloud and a Dose of Magic at Fortinet Accelerate 2019 appeared first on FireMon.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Change. The regulatory environment is always changing and staying on top of it with an IT landscape that is growing and evolving into hybrid cloud mishmashes is a daunting task.  In this two-part blog series, we intend to show you how with FireMon Security Manager and Lumeta you can not only get better visibility into the state of your security policy compliance but audit your security posture to ensure compliance as your environment changes.

FireMon helps you address the following:

  • Maintain continuous compliance with industry standards
  • Continuously monitor security enforcement point changes that could lead to unnecessary exposure, misconfiguration, unauthorized change and unacceptable risk
  • Generate detailed reports for all periodic assessments
  • Capture valuable policy documentation to meet compliance assessment requirements
  • Ensure that policy changes adhere to existing requirements
  • Recertify all mandated firewall rules and configurations
  • Identify threats and security holes in security policies that could be exploited by hackers
  • Help detect and mitigate security vulnerabilities
  • Provide actionable intelligence for remediation guidance

What does continuous compliance mean? With FireMon, continuous compliance takes seconds with automated audit reporting and alerts you when you start to drift. Only FireMon can offer continuous compliance, because it is the only solution with real-time monitoring, traffic flow analysis, and custom controls to give you a 360-view of the entire network.

Changes have moment by moment implications for security. With FireMon’s real-time monitoring you get to see what’s happening instantly, take corrective actions and continue to meet the security policies you’ve defined.

Traffic flow analysis monitors traffic patterns and assess their effects on your state of security. It’s not enough to have a well-written firewall rule, you need to see the result from rules, the traffic they produce and act when compliance with security controls drifts.

FireMon Security Manager delivers more than 350 preloaded controls – with the ability to customize and create your own – to mix and match to your specific compliance needs. Customized controls can work together in any combination, tailoring compliance for internal or regulatory standards including: PCI DSS 3.2, NERC CIP, Federal DHS CDM, NIST and many others. Security Manager is also pre-loaded with a number of assessments, like FireMon Best Practices, DISA STIG, NIST (SP) 800-41, PCI, Palo Alto Firewall Security Configuration, etc. The Security Concern Index (SCI) is a metric that provides an audit score so you can easily keep track of your compliance posture.

An assessment is a set of controls you assign to a device or devicegroup that notifies you when a change occurs in the device or device group. Instead of running an audit on each device or device group, assessments allow you to proactively monitor device trends.

You can assign one or more assessments to a device group. Once your assessment is assigned, Security Manager monitors the status of assigned devices against that assessment. You can set up email notifications to notify you when there is a change to a device or device group.

Security Manager also comes with a number of reports that can be used for compliance right out of the box. For example, Check Point users can access the Multi-Domain Report to receive granular results in the Multi-Domain Administrator audit check for a selected Check Point device. FireMon is continuous compliance, so we provide the Compliance and Assessment Report that provides continuous monitoring of a device or device group whereby a report is generated every time there is a change on the selected device.

The Control Report displays the single compliance control results against a device or device group. Security Manager also ensures PCI-DSS v3 validation with the PCI DSS Payment Card Industry Data Security Report.

This is just a snapshot of the reporting capabilities you get out-of-the-box with FireMon Security Manager.

Now you know why FireMon Security Manager is the defacto standard for network security policy management. Stay tuned, in our next review of compliance, we’ll detail the network-level discovery data and security auditing available in our Lumeta solution.

Special thanks to Director of Technical Services, Ron Miller and Knowledge & Instructional Content Manager, Mark Maxwell for their assistance with this post.

The post Demonstrating Continuous Compliance Across the Hybrid Enterprise appeared first on FireMon.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Change. The regulatory environment is always changing and staying on top of it with an IT landscape that is growing and evolving into hybrid cloud mishmashes is a daunting task.  In this two-part blog series, we intend to show you how with FireMon Security Manager and Lumeta you can not only get better visibility into the state of your security policy compliance but audit your security posture to ensure compliance as your environment changes.

FireMon helps you address the following:

  • Maintain continuous compliance with industry standards
  • Continuously monitor security enforcement point changes that could lead to unnecessary exposure, misconfiguration, unauthorized change and unacceptable risk
  • Generate detailed reports for all periodic assessments
  • Capture valuable policy documentation to meet compliance assessment requirements
  • Ensure that policy changes adhere to existing requirements
  • Recertify all mandated firewall rules and configurations
  • Identify threats and security holes in security policies that could be exploited by hackers
  • Help detect and mitigate security vulnerabilities
  • Provide actionable intelligence for remediation guidance

What does continuous compliance mean? With FireMon, continuous compliance takes seconds with automated audit reporting and alerts you when you start to drift. Only FireMon can offer continuous compliance, because it is the only solution with real-time monitoring, traffic flow analysis, and custom controls to give you a 360-view of the entire network.

Changes have moment by moment implications for security. With FireMon’s real-time monitoring you get to see what’s happening instantly, take corrective actions and continue to meet the security policies you’ve defined.

Traffic flow analysis monitors traffic patterns and assess their effects on your state of security. It’s not enough to have a well-written firewall rule, you need to see the result from rules, the traffic they produce and act when compliance with security controls drifts.

FireMon Security Manager delivers more than 350 preloaded controls – with the ability to customize and create your own – to mix and match to your specific compliance needs. Customized controls can work together in any combination, tailoring compliance for internal or regulatory standards including: PCI DSS 3.2, NERC CIP, Federal DHS CDM, NIST and many others. Security Manager is also pre-loaded with a number of assessments, like FireMon Best Practices, DISA STIG, NIST (SP) 800-41, PCI, Palo Alto Firewall Security Configuration, etc. The Security Concern Index (SCI) is a metric that provides an audit score so you can easily keep track of your compliance posture.

An assessment is a set of controls you assign to a device or devicegroup that notifies you when a change occurs in the device or device group. Instead of running an audit on each device or device group, assessments allow you to proactively monitor device trends.

You can assign one or more assessments to a device group. Once your assessment is assigned, Security Manager monitors the status of assigned devices against that assessment. You can set up email notifications to notify you when there is a change to a device or device group.

Security Manager also comes with a number of reports that can be used for compliance right out of the box. For example, Check Point users can access the Multi-Domain Report to receive granular results in the Multi-Domain Administrator audit check for a selected Check Point device. FireMon is continuous compliance, so we provide the Compliance and Assessment Report that provides continuous monitoring of a device or device group whereby a report is generated every time there is a change on the selected device.

The Control Report displays the single compliance control results against a device or device group. Security Manager also ensures PCI-DSS v3 validation with the PCI DSS Payment Card Industry Data Security Report.

This is just a snapshot of the reporting capabilities you get out-of-the-box with FireMon Security Manager.

Now you know why FireMon Security Manager is the defacto standard for network security policy management. Stay tuned, in our next review of compliance, we’ll detail the network-level discovery data and security auditing available in our Lumeta solution.

Special thanks to Director of Technical Services, Ron Miller and Knowledge & Instructional Content Manager, Mark Maxwell for their assistance with this post.

The post Demonstrating Continuous Compliance Across the Hybrid Enterprise appeared first on FireMon.

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

“Do more with less.”

Most IT professionals probably can’t recall a time when this edict wasn’t in full force. FireMon’s 2019 State of Hybrid Cloud Security survey found security professionals still live this daily as they attempt to effectively safeguard data and applications in their hybrid clouds.

And it’s only getting worse with the trend toward multi-cloud environments made up of various Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) instances to meet the needs of various lines of businesses. As security professionals try to keep pace with multi-cloud platform adoption, they’re hard-pressed to find time to proactively apply the ideal security policies.

Not enough visibility, not enough eyeballs

Our latest survey found 60 percent of respondents concluding that their organization’s deployment of business services in the cloud outpaces their ability to adequately secure them in a timely manner. And despite growth of cloud service adoption, nearly 58 percent say they spend less than a quarter of their security budget on the cloud.

This limited spending impacts the technology available to security professionals. Only 28 percent of respondents use tools that work across multiple environments to manage network security across their hybrid environment, while almost 36 percent of respondents either use native tools for each environment or manual processes. It affects the C-suite too, as they said the biggest challenge in managing network security tools across hybrid cloud environments was that they had “no centralized or global view of information from the tools.” This suggests resources are strained across the board no matter the size of the company.

It’s both a technology and people problem as overall, a “lack of integration across tools” and “lack of qualified personnel or insufficient training on the tools” were the top two biggest challenges in managing network security tools across hybrid cloud environments.

The survey also found 52 percent of respondents have a security team of 10 people or less, with 54 percent of respondents managing both on-premise network security and cloud security. Although the potential exists for DevOps teams to help improve an organization’s security posture by baking it in when developing apps—with almost 44 percent of respondents saying the acceleration of DevOps has positively impacted security operations—30 percent said their relationship with the DevOps/Application team is either complicated, contentious, not worth mentioning, or non-existent.

There are signs some organizations are prioritizing security operations, but clearly many enterprises have a lot to do to get everyone on the same page. It includes having the right people and the right tools.

Work smarter by automating where possible

So, what does a security team with limited staff and resources do when faced with the reality of scaling complexity and multi-cloud environments?

You could spend a lot of time manually cleaning up your security policies, such as unused and redundant firewall rules that have built up over time. But as the survey says, there’s a shortage of people. What you must do is make your people more efficient. Better still, what if some tasks just took care of themselves?

That’s where automation comes into play. A common refrain we hear from security directors and CISOs is they have great people saddled with mundane tasks such as ticket punching or repetitive firewall change requests when a line of business asks them to enable access to an application. These tasks greedily eat up business cycles, so if you’re not adding people to the team, you must take some of these repeating tasks off their plate. It’s the only way to scale security while tackling growing complexity.

Better processes help people work smarter too. If you give them the visibility and information they need, spinning up another service workload or adding a user at the request of the business doesn’t turn into a long, arduous journey. Think about it—no need to make a firewall change request manually when the marketing department hires an intern because the business manager can self-service the task without violating security policy.

By establishing sound policies and automating, you’ll gain efficiencies, but be sure you automate where it makes sense. Evaluate your current process, interview the people involved and understand the business demands that impact security policy enforcement and management. You don’t want to spend an enormous amount of time trying to automate something if it doesn’t save you time every day that you can apply elsewhere.

Successful automation will empower your team and enable them to gain greater efficiencies in their daily tasks within your existing resource constraints. Better still, it frees them from mundane tasks so they can focus on the higher skill tasks they were brought on board to do.

The post Why Automation is a Security Pro’s Best Friend appeared first on FireMon.

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview