FireMon Review

Helps us clean up our firewall rules and has reduced our overall audit time significantly


What is our primary use case?

We use it to go through unused rules, for cleaning up stuff. We have a bi-weekly meeting where we go through firewalls and look for any unused rules or any rules that are redundant and any high ports that are being used that we're not supposed to use. 

How has it helped my organization?

We want to eliminate all firewall rules that have FTP access on them. We don't want to use FTP any longer. With the help of FireMon, we were able to go in and check all the firewalls that have rules with FTP on them and we opened up a project with the network team so we could eliminate all those rules.

FireMon has been very helpful with closing visibility gaps we previously had. Since I got here, it has helped us dig into stuff. And whatever help we need, any projects we have that we haven't been able to figure out by ourselves, they have gone in and helped us out.

I called them once because I wanted to see if they had a report that I could run for rules that have not been used in 365 days. With their help, I was able to run that report and provide it to the network team so they could eliminate those rules that had not been hit in a year. The list I gave to the network team had 7,917 rules.

Finally, the solution has helped to reduce our overall audit time by about 50 percent. That's awesome.

What is most valuable?

I'm working mostly with the Security Manager part of FireMon. It gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong.

We also use FireMon to conduct a full inventory of our assets so that we can secure everything. For example, our parent company has three retail brands. The other day, my director asked me for an inventory of all brands: every firewall, Cisco device, whatever we are using, and to give him a break down. I was able to go to FireMon, grab everything, put it in an Excel sheet, and break it down by brand and by DMZ and PCI environment as well.

In addition, it's very easy to navigate. Very easy.

What needs improvement?

We're working on implementing FireMon with our ticketing system service now. Having that would be an improvement. I believe they said that they are working on that for the future. That would help us out a lot. For example, when somebody wants to open a request for a firewall change, we'll go through ServiceNow, and then go through FireMon, make the changes, and make sure everything is recorded, who did it, etc.

For how long have I used the solution?

I started at my current company in January 2018. That's when I started using FireMon. But the company has had it since 2014.

What do I think about the stability of the solution?

The stability is very good.

What do I think about the scalability of the solution?

The scalability is great.

How are customer service and technical support?

Technical support is very helpful. On a scale from one to ten, I give them a high ten. You can either use their User Center and open up a ticket via the web, they're pretty quick about it, or you can call them directly. They have a number to call their Help Desk and they pretty much pick up right away. 

They'll go into your machine right away if you need help. I have hardly escalated anything to a Level 2 or Level 3 because right away, whoever picks up the phone is knowledgeable and will resolve it.

What was our ROI?

I'm not sure if FireMon has saved us money, but I know it has saved time in cleaning up the whole company and has helped reduce all that ugliness that we had.

What's my experience with pricing, setup cost, and licensing?

We pay on a yearly basis but my manager takes care of it. Regarding additional costs, if you want things like Policy Optimizer, extra features, that's extra.

Which other solutions did I evaluate?

Before the parent company bought us, we used to have another product - I don't want to say its name - but it wasn't like FireMon. FireMon is way out there. It has all these features. I'm still learning it and I have almost a year-and-a-half of experience using it. It just has a lot of stuff that my other tool did not have at all. There's so much visibility in it and stuff to play with that my other tool did not have. I really like FireMon.

One of the products I used was Tufin. It wasn't like anything like FireMon. You couldn't do the stuff you can do with FireMon, in terms of the Policy Planner option and the Policy Optimizer. All you could do in Tufin was view the rules, how many hits; basic stuff.

What other advice do I have?

In terms of what I've used so far in my career, FireMon is one of the best. Try it out, it won't hurt. Give it a shot. It's the best, for me. It has everything that any company would need. It's easy to navigate, there is a lot of helpful stuff in their User Center, in their Knowledge Base. Everything's there. You don't really need to bother them a lot. If you want to know something, they have documents in their User Center. It's a very good product.

In terms of FireMon's cloud support automation for public cloud platforms, we did ask for that. We are actually going to the cloud in a few months. We just asked that question last week. They did say that they do support that, but that's all we've talked about in terms of cloud.

We use FireMon every day. And we have plans to increase usage. Where I came from, we only have regular firewalls in there right now. We're looking to implement our retail stores' firewall devices as well, which is about 200 stores. We're definitely going to implement that so we can see our retail stores' environments in it.

We do have Policy Planner, but I haven't started playing with it yet. We're also looking to get Policy Optimizer, but we still haven't gotten the license for it. Security Manager is the one I mostly play with.

When I came to this company, I have to say, they were very sloppy. That's why they gave me this role, to focus on stuff like this.  We have cleaned out a lot in a year-and-a-half and we're still cleaning. It's so big, so many firewalls out there.

We have the network team as read-only users. There are about six of them on that team. The network team members are the ones who handle the firewall; they're the ones that make the actual changes. So sometimes they go into FireMon and run reports to view things. I don't know what types of reports they run, but we gave them the read-only access for that. In addition, there are three admins: me, as an InfoSec ops technician, my coworker, and my manager. My director is also a user. For deployment and maintenance of FireMon, it's just me and my coworker.

I rate FireMon at ten out of ten. I am very happy with the tool.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email