FireMon Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

FireMon

Without automation, security gets harder during a business disruption

960 640 Guest Post

FireMon’s 2020 State of Hybrid Cloud Security Survey found that 69.5 percent of respondents have a security team of just 10 people or fewer.  And  most manage both on-premise network security and cloud security.  

These teams are already bogged down with manual tasks at the best of times, so when a crisis  hits, it magnifies the risks of manual processes. Not only is it difficult to maintain essential network operations, but the number of misconfigurations that threaten compliance go up dramatically. 

Worse still, if unexpected interruptions to business continuity lead to team members being out of commission, security and compliance is further compromised because there’s not enough people to execute even the most basic steps of the business continuity plan — forget security configuration and compliance! An unexpected disaster scenario that already threatens data and compliance is further magnified, and so is the risk to the business, including the greater likelihood of lost revenues. 

IT’S ALREADY WAY TOO HARD TO KEEP UP ON A NORMAL DAY 

If you’re already short on people on a regular day, it’s going to be even harder to keep on top of everything that needs to be done when disaster strikes. Some of those manual tasks such as firewall rule updates may simply not get done, or if they do, they’re rushed and are more prone to human errors that lead to misconfigurations. Instead, the priority is to keep the business running and security teams must shift their focus to exceptional, specific user access issues that are cropping up, which are also being done in a hurry without enough attention to compliance because there’s no foundational best practices in place. 

Disruptions also mean some security team members are no longer available, so you’re even further short-staffed at a time when you need all hands on deck. Without automation and logs that provide insight into how and why things are done, you’re dependent on the knowledge of people who may no longer be available to share it.  

AUTOMATE WHAT YOU CAN SO YOU CAN MANAGE WHAT YOU CAN’T 

You can’t control everything, and it’s not a matter of if disaster strikes, it’s when.  Regardless of the cause, a “black swan” event tends to throw a lot of curve balls at security teams. However, if you’ve already automated most cloud configurations and global security policy, your team is in a much better position to deal with the expected.  

There are many things security teams can automate, including: 

  • Identity and access management, including cloud configuration 
  • Updates and patches 
  • Detection and monitoring 
  • Firewall rule updates 

Knowledge transfer through documentation also means you’re not dependent on specific team members to maintain compliance. 

You can’t automate everything at once, but if you start with low-hanging fruit, you’ll see immediate benefits. By establishing a global security policy and making it a baseline for any access configurations, including cloud services, you can be responsive to the lines of business change requests. Organizational knowledge is also quickly accessible, even when disaster strikes and if team members become unavailable. 

There are times when business isn’t as usual – it happens. However, it’s important to learn and adapt while things unfold during those times. In this case, many organizations will decide to lean into cloud migrations and automation to blunt the impacts of future black swan events. 

Digital Transformation and Cloud Migration Initiatives Shouldn’t Leave Security Behind

960 640 Guest Post

Digital transformation can be a nebulous term, but for FireMon customers, it typically means shifting workloads to the cloud and streamlining business processes. 

This transformation should emanate from the inside out and is not simply adding transformational technology at the edge or remotely. Strategic initiatives around digital transformation should contribute to as many of the below areas as possible:   

  • Corporate cost savings 
  • People efficiency 
  • Customer satisfaction 
  • Infrastructure security posture 
  • Driver for meaningful innovation 

Most enterprises are on the journey now, albeit at different places. The destination is a cloud-first, more profitable, responsive, efficient and customer-centric organization. But the road ahead has obstacles. To avoid these, enterprises need complete visibility into the infrastructure they are transforming so they don’t replicate and automate inefficient processes. Empowering their people to be more productive should be top of mind.  

All this must be done with security at the forefront and not as an afterthought. Proper configuration of cloud deployments and automation of security policy management can move digital transformation efforts forward. 

Digital transformation needs a map 

If enterprises are to fully benefit from a cloud-first strategy, they not only need complete visibility into the IT they’re adding, but also their existing environments.  

Without a clear picture of what you already have, you risk lifting and shifting outdated processes and non-compliant security to the cloud. And you’re not necessarily going to move everything, so your digital transformation should move you toward a complete view of your infrastructure. 

At FireMon, we have been driving innovation that allows customers see their cloud deployments the same way they see their on-premise infrastructures, even though security configurations can differ widely. Digital transformation is an opportunity to create a dashboard that can travel with you down the road far into the future, even as the horizon changes — in this case, it’s wherever you decide to put workloads and digital assets. 

Clean before you automate 

Before you can embrace automation, there’s one key step you need to take in your digital transformation journey: ingesting and aggregating information to improve security posture. 

Visibility through FireMon Lumeta enables to you to see all the devices and endpoints in your existing environment, including what you’ve already put in the cloud, and every rule that’s attached to them. Before you decide what to automate, make sure it’s worth automating. Digital transformation is an opportunity to look at what you’re already doing and a chance to clean up or fix broken processes.  

Make sure your security controls go with you; you should have the same level of confidence in the cloud as you did on premise, and the same visibility, if not better. It’s also an opportunity to align teams responsible for security, especially if on-premise and cloud security duties are divided. Better still, bridge that gap and unify your team as so security is better positioned as part of your overall design process.  

Once you can see everything you have and have shored up your security policy, you can automate what should be automated and replicate the appropriate on-premise controls in your cloud environment. It’s a chance to discard redundant firewall rules and processes, just as you would have a garage sale before moving a new house — why take unnecessary junk with you? 

Digital transformation is more than making the business more efficient through cloud-first strategies; it’s a cultural shift for the entire organization. It means not doing things the same way just because they’ve always been done that way, but it also empowers people to take on new responsibilities by freeing them up through smart automation.  

And remember, there’s no point embarking on the digital transformation journey unless you take security with you.   

Find out more at www.Firemon.com

Visibility and control in the public cloud is possible – And it must be unified and contextual

960 640 Stuart O'Brien

By Josh WIlliams, Senior Sales Engineer, Cloud and Automation Solutions at FireMon

Anyone who works in enterprise technology has heard the joke that the cloud is just someone else’s computer. But if we’re being serious, there’s some logic to letting security professionals see cloud instances as just another computer to be viewed as part of their growing network infrastructure. 

We also know the public cloud is different when it comes to security. A key theme from our annual State of Hybrid Cloud Security survey two years running is there’s a lack of clarity around shared security responsibility for public cloud platforms that are being rapidly adopted at the pace of business. Every platform, including Amazon Web Services (AWS), Microsoft Azure or Google Cloud, does security configuration differently, and every FireMon customer is unique when it comes to what they opt to put in the cloud — computing, storage and networking — and what they keep on-premise. 

For the foreseeable future, most enterprises are going to have a hybrid environment, and security professionals want to see any public cloud instance as a piece of the overall puzzle, not a separate puzzle, or worse yet, several puzzles. They need complete visibility, especially as hybrid clouds continue to scale, so they can keep a handle on complexity. 

Public cloud adds security pain points that must be solved 

Extending FireMon’s capabilities to the cloud is a necessary and inevitable next step for addressing the pain points security executives must address as organizations embrace cloud-first strategies and their own digital transformation agenda.  

Security professionals are tasked with applying controls and enforcing governance in public clouds to meet compliance obligations and mitigate risk just as they do with legacy and on-premise infrastructure. Security teams are also expected to enable access to cloud applications without becoming a barrier to the business while still maintaining network and security hygiene. The frequent and rapid changes that are today’s norm must also be managed and documented within budget and resources constraints, including staff that are often stretched too thin. 

These pain points impact several members of the C-suite, including CISOs and CIOs focused on security and compliance in the public cloud, CIOs focused on network infrastructure and operations, and the Chief Digital Officer driving digital transformation efforts. More broadly, the growing complexity and scale of hybrid clouds affect network operations leaders, DevOps, application teams and lines of business, who all face pressure to increase their speed of delivery. 

The proliferation of public cloud instances adds even more complexity and diversity to an infrastructure that now encompasses on-premise data centers, virtualized environments, software defined networks and the public cloud. Visibility across this dynamic environment is paramount if security teams are to enforce policy-driven control continuously across the entire hybrid environment as frequent changes are made. 

Right now, customers find themselves doing all this with multiple tools with no unified user interface for managing different deployments, and little to no automation. They are constantly having to find the right piece to a puzzle that’s always changing as workloads migrate to the public cloud, often quickly and without the proper guardrails in place because it’s so easy for business users to spin up a new application. Even with automation, checks and balances must be put in place to make sure the organization isn’t exposed to new security risks. Most of all, applying security can’t be an afterthought; customers are looking to automate their entire policy management workflow continuum, not just the last mile policy push. 

View public cloud security with context 

FireMon’s solution to the pain points amplified by the growing scale and complexity of hybrid cloud doesn’t mean we’re shifting our focus to cloud only, nor is it to introduce products specifically for cloud platforms. Rather, our strategy is to extend visibility to the commonly deployed public cloud platforms our customers need to see and manage. In all seriousness, a public cloud instance must be seen as just someone else’s computer on the network, but with the context security teams need. 

FireMon is essentially extending intelligent security automation so customers can see the cloud the way they’ve been able to see their on-premise infrastructure. But because each public cloud is different when it comes to configuring security, we’ve done the necessary remodeling work behind the scenes to give customers the visibility they want with the context they need. We support workload migrations to public cloud platforms such as Azure and AWS by normalizing and unifying security policies, so customers are compliant throughout any change process. 

FireMon didn’t need to become a cloud vendor to offer a single, infrastructure-agnostic platform to design, implement, and validate security policies across the environment. Not only does extending our security management platform for on-premises and the data center to public cloud make it unique, it also negates the need for customers to license multiple products for different deployment models.  

Make the Most of Your People with the Benefits of Automation

960 640 Guest Post

By Ofer Elzam, Vice President & GM, FireMon GPC

Gone are the days when IT leaders fretted that the benefits of automation would shove people out of jobs. If anything, it’s the opposite: 74% of cybersecurity professionals say that a skills shortage has affected their organizations, continuing a trend of concern over the past few years, according to the report “The Life and Times of Cybersecurity Professionals 2018.”

While the story around the labor shortage is more complex than it may appear, the current narrative around the advantages of automation has shifted away from labor concerns. But in a way, that erstwhile concern is a direct link to the underlying current of all the benefits of automation: the human factor.

Heightened productivity, consistency and keeping up with increasingly complex security needs are solid advantages of automation, but there’s more to the story. Here’s how all of those benefits of automation (and more) ladder up to protecting your company’s most precious resource—your people.

Ready to use automation to protect your team? Request a demo of FireMon Automation today.

Automation Allows People to Do What People Do Best

Machines can be rapid, agile and comprehensive. What they can’t be: creative. When security processes are automated, the flesh-and-blood members of your team are freed up to deploy their creativity to solve problems and build more robust security measures.

The current state of security operations (SecOps) teams doesn’t allow that creativity to thrive. FireMon’s 2019 State of the Firewall report revealed that 30.9% of survey respondents had an ad hoc or manual change management process. This exposes two critical issues: an underutilization of humans’ unique abilities and the inevitability of human error.

One of the top benefits of automation is that it gives your team members more time to focus on other security issues. At the same time, it’s an opportunity for your team to map out the very processes that enable successful automation. For example, in most companies automation works best when the processes behind them are strategically planned beforehandThis is the work that humans can do better than algorithms, as it requires judgment, creativity and insight.

As automation enables human capital to thrive, it also eliminates human risk. Through 2023, 99% of firewall breaches will be caused by misconfigurations, not firewall flaws, according to Gartner—something automation helps prevent. Human error also throws a wrench when integrating security systems. A comprehensive approach like FireMon Automation offers persistent security across networks while minimizing the potential for human error.

Learn more about FireMon Automation.

Automation Allows Your People to Work Better Together

IT teams frequently work in silos, leading to redundancy and opportunistic, one-off approaches to security. With a comprehensive system, companies can depart from the “hero culture” of employees writing automation scripts to solve an issue without looking at the holistic picture.

Amid worries that automation inhibits agility and innovation, decision makers sometimes hedge on implementing automation. But one of the benefits of automation in the workplace is how it organically supports both development operations and security operations, eliminating the friction that can exist between the needs of these groups. Planning for automation requires both teams to work together and understand the priorities of the other, leading to better communication—for the automation plan and beyond.

Automation Supports Your Company’s Ability to Work With—and Against—Third Parties

“Hackers today—they’re not even hacking, they’re using automation tools,” said FireMon’s Tim Woods, vice president of technology alliances, in the talk “Automation: One Giant Leap for Security.”

When criminals are exploiting the benefits of automation, security teams have an obligation to outpace them. Using automated systems frees up SecOps teams to anticipate and proactively develop rules to protect against hackers—again, leveraging the human creativity and critical thinking that successful crime prevention entails.

On the flip side, automation allows your team to work with the people who have your customers’ best interests at heart. Compliance regulations are changing quicker than you can say “GDPR,” and with the California Consumer Privacy Act coming into play January 1, 2020, security rules continue to be in flux.

Only 13.8% of survey respondents in FireMon’s State of the Firewall report say they’re 90% to 100% prepared for a compliance audit. Confidence is even lower among key decision-makers: Just 45.3% of C-level respondents said they felt 60% to 80% ready for an audit. In other words, one of the benefits of building an automation system is building faith among your company’s C-suite—consider it another form of security.

ABOUT THE AUTHOR

Ofer Elzam is responsible for the continued development of FireMon GPC, the industry’s first and only solution to deliver persistent policy enforcement for complex, hybrid network environments. Before joining FireMon, Elzam was VP of product at Dome9 Security. Under his headship, Dome9 became the leader in securing multi-cloud deployments, which led to its acquisition by Check Point Software. Prior to Dome9, Elzam was the director of Sophos’ network security product line, where he led the company’s transition to the next-generation XG Firewall platform. Earlier, Elzam worked at Cisco serving as both a strategic architect of security technologies and executive director of product management, where he led ScanSafe, which was acquired by Cisco in December 2009. Elzam also spent 10 years serving in a variety of product leadership positions, including as CTO at Gemalto.

Four Steps to Security Automation Success

960 640 Guest Post

By Ofer Elzam, VP and GM, FireMon Cloud & Automation Solutions

Security automation projects are making headlines, with everyone looking to automate at least some portion of the policy management process. Usually, the goal is to save time and money by automating firewall administration and policy management.

However, these two categories have grown exponentially in scope and complexity in recent years, so automation projects often become much larger and time-consuming than originally intended and produce varied results.  In some less-than-stellar cases, they even collapse all together, and people revert to the original manual processes they were seeking to automate.

How can this situation be avoided? There are four steps security organizations can take to dramatically increase the likelihood of success in security automation projects, we’ll cover the first two now:

  1. Have a clear goal. Almost everyone automates to save money and improve efficiency.  But you must define more functional requirements than that – after all, there are many approaches for saving money. Focusing on a clearly defined operational goal is the key to determining the right approach, which, in turn, defines how much and where you will realize cost savings and efficiency gains. 

    What if you defined your goal to achieve a standard security process to meet a service level agreement (SLA) of 24 hours instead of the week or so it takes now? You could do this by analyzing the existing process and mitigating inefficiencies through the surgical application of automation, or even simply improving on existing manual processes.  

    Other projects like micro-segmentation, Zero Trust implementations, on-prem-to-cloud migrations, will necessitate their own functional requirements and SLAs. It is important to set goals for these projects that are realistic, while also delivering substantial cost and efficiency improvements. 
  2. Don’t try to automate everything.  Automation projects succeed when there is a clear set of success criteria and a clearly defined and achievable scope. They often fail when trying to implement a process that will work in every scenario. A good example of this is in the change-request workflow. There are two places where time and resources can be saved in a change-request workflow: better requirements (less refinement of inputs) and reducing the wait time between individuals. Better requirements are generally achieved by focused training and more intuitive system design for a select group of users. 

    User and requirement creep tends to happen when relatively infrequent processes are folded into the project. This puts security organizations in a position where they spend significant time, effort and budget on automating processes that may only be encountered once or twice a month. This can delay the overall automation project and reduce ROI once it is complete, since significant resources will be invested for only marginal gains.

    Consuming project time to customize the workflow or software for a task that takes 10 minutes twice a month not only delays the overall project, but also causes stakeholders to question the overall value of the project. 

Let’s be honest: You’re almost certainly exploring automation to save money and time. Follow our next blog, for the last two steps to build your security policy automation roadmap.