FireMon Other Advice

Daniel James
Security Engineer at a transportation company with 10,001+ employees
The best advice that I could give, honestly, would be not to look at a product for a short-term goal. Speak with the vendor about the maturity model that you want to go down and the roadmap that you have for your organization. They have a lot of different components and products that complement each other. I'm still waiting to do stuff now or next year that I wish I could have gotten funding for three years ago. If you're going to engage and move forward with something, try to future-proof what you're signing yourself up for. Take into consideration where your roadmap is taking you. If there is something you know you're going to do in two years, and they have this other product that supports that effort and can provide greater ROI between now and then, go ahead and lump that into it. As far as the solution's cloud support automation for public cloud platforms goes, I have used it and looked at it enough to ensure that it aligns with our roadmap. I feel it's there, but we're not currently utilizing the functionality. The solution would provide us with a single pane of glass for on-premise and cloud environments, but we're not using a production cloud environment at this time. However, I have made sure that whenever that does become a bigger footprint in our infrastructure, everything's going to be in place for us, as far as FireMon as a solution is concerned. The solution provides us with the option to have comprehensive visibility of all devices, but a prerequisite to it being able to provide that information is that the owners of the solution have to optimize and educate FireMon. That has not necessarily been a high concern of ours. It hasn't been a primary responsibility over the years for me to take my network map and input it into the device. For me, it doesn't fulfill that function, but that's not necessarily a reflection of the tool's abilities. In terms of using the solution to conduct a full inventory of our assets to secure everything, the Security Manager portion of it, alone, won't be able to perform that function. I think that there are a couple of other options that the vendor provides which address that need, but it's not something that we've invested in. Immediate Insight is the tool that associates itself with that kind of task. It's not something that we currently have the plugin for. End-to-end change automation for the entire rule lifecycle is something we're moving towards. It is something we have on our roadmap and that we've worked out with the vendor, to make sure we'll be getting funding for that integration. Integration is required to create that full automation. FireMon does support that and it's something that we're actively pursuing, but we have not submitted funding for it yet. I would certainly give it a nine out of ten because there's always room for improvement. Also, once I'm happy with a vendor, I'm not necessarily interested in whatever their competitors are doing. If I was sitting down with FireMon and all of their competitors every year, I might be able to say, "Hey, Tufin is doing this, why aren't you guys doing this?" But I don't do that. I would only feel comfortable giving a ten if I went through that process. I'm very happy with the solution for what it is, for how much it reduces my overhead, and how much it allows me to do things that, otherwise, I just wouldn't have the option of doing. View full review »
Orlando Paulino
Information Security Analyst at a retailer with 10,001+ employees
In terms of what I've used so far in my career, FireMon is one of the best. Try it out, it won't hurt. Give it a shot. It's the best, for me. It has everything that any company would need. It's easy to navigate, there is a lot of helpful stuff in their User Center, in their Knowledge Base. Everything's there. You don't really need to bother them a lot. If you want to know something, they have documents in their User Center. It's a very good product. In terms of FireMon's cloud support automation for public cloud platforms, we did ask for that. We are actually going to the cloud in a few months. We just asked that question last week. They did say that they do support that, but that's all we've talked about in terms of cloud. We use FireMon every day. And we have plans to increase usage. Where I came from, we only have regular firewalls in there right now. We're looking to implement our retail stores' firewall devices as well, which is about 200 stores. We're definitely going to implement that so we can see our retail stores' environments in it. We do have Policy Planner, but I haven't started playing with it yet. We're also looking to get Policy Optimizer, but we still haven't gotten the license for it. Security Manager is the one I mostly play with. When I came to this company, I have to say, they were very sloppy. That's why they gave me this role, to focus on stuff like this. We have cleaned out a lot in a year-and-a-half and we're still cleaning. It's so big, so many firewalls out there. We have the network team as read-only users. There are about six of them on that team. The network team members are the ones who handle the firewall; they're the ones that make the actual changes. So sometimes they go into FireMon and run reports to view things. I don't know what types of reports they run, but we gave them the read-only access for that. In addition, there are three admins: me, as an InfoSec ops technician, my coworker, and my manager. My director is also a user. For deployment and maintenance of FireMon, it's just me and my coworker. I rate FireMon at ten out of ten. I am very happy with the tool. View full review »
Network Security Engineer- Senior at a financial services firm with 1,001-5,000 employees
Make sure that you get the correct hardware for whatever size environment you have. End-to-end change automation for the entire rule lifecycle is not something we're using yet. It's something that I'm looking to get a beta for. There are about 20 people currently using the solution. However, the functionality allows us to extend the information that FireMon can gather out to hundreds of people, if not more. In some ways, there are hundreds consuming the information that FireMon gathers, and using it in some way. Network security engineers are the primary consumers, and network engineers are another consumer. In addition, anything related to our audit teams means those guys consume the data. Two people could do deployment and maintenance, although I tend to do it by myself. I'd put FireMon at an eight out of ten right now. To me, ten is something you only get if have no bugs or have very few bugs, and everything works perfectly. If you want a ten you've got to be perfect. I don't think any product would get a ten from me. View full review »
Find out what your peers are saying about FireMon, Tufin, AlgoSec and others in Firewall Security Management. Updated: February 2020.
398,567 professionals have used our research since 2012.
Info Assurance Engineer at a aerospace/defense firm with 1,001-5,000 employees
Each deployment scenario will be unique. A robust proof of concept is key to make sure it will meet all of your intended use cases. The solution is managing 25 percent of our firewalls right now. We probably won't increase usage until we can get the required features for firewall change rule management to work correctly. We probably will not increase usage until that works. I would rate it as a six (out of ten). We need the end-to-end mapping feature working to make it a ten. That is just our next phase. I don't know what other problems that we will run into. There is a lot to deploy before we can give all the details of what we need to make it a ten. There is integration with ServiceNow and some of our other tools. We have to make sure all that is working before we could give it a ten. View full review »
Chris Goodrich
IT Security Architect at a financial services firm with 1,001-5,000 employees
It is fairly straightforward to use, and I haven't really had a whole lot of issues with it. This solution provide us with end-to-end change automation for the entire rule lifecycle of firewalls. It does it from the request, then all the way through the approval cycle. We really haven't done much with this solution’s cloud support automation for public cloud platforms. We are just doing on-premise. View full review »
Shabeer Chundaparambil
Manager Security Solutions with 10,001+ employees
The version is an important choice for the product. View full review »
Find out what your peers are saying about FireMon, Tufin, AlgoSec and others in Firewall Security Management. Updated: February 2020.
398,567 professionals have used our research since 2012.