Network security devices are only as good as their configurations. The security we expect and the risks that we’ve positioned the network to mitigate will be sustained only if those configurations are correct. Unlike networking devices, where correctness is easily measured by service availability and performance, security correctness is difficult to determine. The proper way to measure correctness is a risk-based approach which balances the need for access with the potential for compromise.
Our networks are incredibly complex and extremely volatile. The explosion of systems from the virtual data center has given rise to a nearly constant stream of new access requests. To keep pace, network security teams are often adding access rules without the ability to properly analyze their impact on the risk to the network.
This pace of daily operations cause the configurations of our security devices to become so large and overrun with complexity that determining correctness is impossible with manual techniques. The typical response when the network becomes that complex is that we shift our security management strategy to rely too heavily on SIEM technologies to detect inappropriate access attempts.
The result of this cycle is that our organization has taken a defensive posture in daily operations, waiting on attempts to be detected through the SIEM before taking any action to improve our posture and reduce our risk.
Security policy and risk management can help us overcome the challenges outlined above and shift our posture from defensive to proactive. The approach has two distinct outcomes. First, the solution will make our security team more efficient in their daily tasks freeing up more time for other security activities that aren’t currently being accomplished. Second, the analysis provided by security policy and risk management will give us previously unattainable insight into our network security posture enabling immediate and ongoing improvement in our security posture.
The security policy and risk management solutions from FireMon are well-accepted tools that can help us overcome the complex challenges of managing large network security environments.
Based on the expert analysis from the FireMon team, the other outcomes that we can expect are:
The recommendation to solve these issues is to implement the FireMon Security Manager product. The alternatives to this product are more costly and don’t provide the complete benefits. For example, using a consultant to review our rule base can provide part of the analysis of the Security Manager product, but that analysis subject to human error and will be a point-in-time assessment as opposed to continuous improvement.
The issues outlined above are costing more than we realize and they have the potential to drastically impact the company should the network security infrastructure not protect the company from an attack. In addition, there are network security activities that we can’t accomplish because of the time and resources we spend in security operations, given the current overhead.
The cost of the FireMon Security Manager product is not dramatic. It is priced to cost approximately an additional 10%-20% of the existing network security infrastructure devices that it monitors. That’s a small price to pay to ensure they are correctly enforcing our policies. In addition, we expect that improved daily operations and reduced audit costs will quickly pay for this solution.