What is most valuable?
The most valuable feature is more or less the ability to look for the shadowed-based rules or rules that are being used, and also for change management, i.e., getting alerts from the system. This helps us to determine who is making the changes and have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."
The ability for spotting the shadowed-based rules helps us to eliminate overlapping rules that may not be otherwise needed or maybe under-used. It helps us to identify that stuff and gives us the ability to go back and audit the firewalls.
On the whole, it gives us the ability to determine what our security architecture looks like, so as to help secure our company better.
How has it helped my organization?
It's kind of a two-fold type thing for us. We were in the middle of a project, where we were migrating from one set of firewalls that were old to a newer set. So, this tool has allowed us to go through and identify rules that we could get rid off and allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls, so as to understand what's being used and what's not.
It helps us to just do a research into what rules are already in place, so that way we don't have to add anything and it is a quick lookup for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked at." This is a feature that we like to use and it helps us save time.
What needs improvement?
So far, we're not too much into the product yet. However, we're not really liking the web interface. We enjoy the so-called fat client a lot better because it just gives a bit more of the opportunities to work with the software faster, whereas there's been a huge learning curve for us to use the web interface. Then, we also have to learn their query language or define the details that we need.
Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.
For how long have I used the solution?
It's going on for at least three years now, if not more.
What do I think about the stability of the solution?
There were a few issues with stability initially, but luckily FireMon is very supportive in terms of their support staff. They have been able to identify the issues that we've been having, and in turn implement some kind of compensating mechanism or come up with a solution in order to fix it, so as to help us resolve our issues. Overall, we've been pretty happy with the support team.
What do I think about the scalability of the solution?
We have not had any scalability issues and I've been very impressed in that aspect. At one point, we had a single server and we overloaded it pretty quickly, with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as syslog goes. So, I had to out-size our environment to compensate for the additional logs and had to deploy to a couple of other different sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.
How are customer service and technical support?
Overall, I would give the technical support team a 10/10. There have been maybe a few issues, here and there. Unfortunately, it has taken some time for them to resolve and it goes back to them, i.e., asking for updates, and working with myself and the team to understand what issues we're having. They try to help us resolve issues either through training or going back to the development team and asking for a feature.
Which solution did I use previously and why did I switch?
We didn't previously use any other solution. This was definitely one of the best of its breed that we researched. Eventually, this tool is what we selected to go with.
How was the initial setup?
The setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things, so that it could go out and fetch the configurations/settings. Thus, it was relatively easy.
Which other solutions did I evaluate?
I believe the other option that we looked at was Infoblox and maybe one other tool. However, Infoblox was just too cumbersome and didn't offer a lot of features. In comparison, we felt that FireMon had those out-of-the-box features built-in.
What other advice do I have?
Definitely, you should look into how many syslogs you're getting because there is a limitation on how many syslog messages it can handle per second. We felt in a more distributed environment, it allowed us to support our network more adequately. So even with our main data centers, we had to usually have three or more collectors in order to deal with the amount of syslogs we're sending. We also had to include a few different offices needing their own implementation of data collectors.
This company does a pretty solid job and they're always constantly wanting to improve their products.