Adapt to changes: Network Policy Change Management | The 5 critical success factors for agile NSPM


In this series, FireMon covers the five most important features a network operator must incorporate into their management practices to keep their environments secure, compliant, and ready for expansion. Here’s the third one: adapting to change.

Pillar 3 – adapting to changes

To err is human, and with many companies managing 100 or more firewalls, there are many opportunities for people to be wrong. Almost two in three companies still use manual processes to manage firewall changes despite the growing change requests. And, as if manual processes weren’t vulnerable enough, nearly three in four companies have two or more teams involved in their change request process.

The speed with which environments change is increasing and companies that continue to rely on manual processes are facing a bumpy ride. A large company may have more than 2 million rules in use, and most still use spreadsheets for at least part of their change process. It’s easy to see why 69 percent of organizations find it difficult or even impossible to maintain standardized and synchronized policies across their firewalls. Manual processes prevent them from dealing with the growing complexity of their firewall rule sets, compliance assessment requirements, and next-generation devices, and do not help them predict the impact of policy changes.

So these companies remain in the guessing game What did I just break? Misconfigurations lead to unplanned downtime, compliance risks and security risks. And exposure points are often overlooked because no one can identify new leak paths or break through. With such massive changes, particularly in cloud apps and DevOps, policy enforcement can never catch up.

Fast time to market is the biggest signal that a company can innovate, and manual processes are usually the biggest obstacle to fast time to market. Companies that are committed to growth in a dynamic market need to modernize their change management processes.

FireMon simplifies the complex

Companies need security-friendly functions to prevent misconfigurations and rule errors from creeping into the network and remaining undetected and not resolved for an indefinite period of time.

FireMon’s automated change management meets these needs by reacting dynamically and continuously to changing requirements and environments, even after policies have been deployed.

The strategic benefits of automated firewall change management impact the entire company. Network policies can be optimized with actionable recommendations, changes to the attack surface can be detected and responded to in real time, and pre-change risk, compliance assessments, and what-if analyzes can be performed before changes are actually made.

Despite the obvious benefits of automated network change management, not all organizations are ready to dive headfirst into the deep end of the automation pond, and that’s fine. Organizations don’t need to automate all of them at once, and in fact, automate most at a pace they find comfortable, and do more as their confidence grows.

The economy of adaptability

The cost of managing firewalls is often hidden. In addition to CAPEX and OPEX, there are costs for audits, vulnerability assessments, risk assessments, penetration tests, remote access, balancing controls, etc. Any reduction in these costs benefits the entire organization, and automated network policy management lowers costs significantly.

In one case, a FireMon customer who spent 625 days per year creating and modifying rules prior to FireMon was implemented reduced that time to 121 days per year after implementation. Overall, FireMon customers report 400 percent shorter policy review times and 90 percent shorter firewall rule creation times. In addition, removing all of these unnecessary firewall rules can reduce complexity by 40 percent, which not only saves money, but also allows for greater flexibility.

With FireMon’s Agile Network Security Management you are always in control

FireMon solutions provide intelligent, automated workflows and deployments that enable network security and operations teams to implement the right changes with absolute precision.

  • Automated change management This feature allows you to manage each stage of the change management process with custom workflows that meet your unique goals and standards.
  • Real-time risk assessment Immediately identify the risks associated with new access requests, investigate the potential impact of proposed changes, and streamline the access request approval process.
  • Vulnerability management Not only does it show which assets are at risk, but it also turns that information into a prioritized plan for patch efforts.
  • Analysis of the rule set behavior examines the current behavior of rule sets and determines the necessary changes in real time.
  • Continuous compliance Achieved when newly added rules or configuration changes are compared to compliance guidelines during the rule planning phase. The test results can be viewed before changes are made to ensure that the requirements are met.

See for yourself how FireMon can help you automate your policy management, manage your firewalls, and protect your cloud. If you spend 30 minutes on a FireMon demo today, you can save hundreds of man hours every year.

Adapt to Change: Network Policy Change Management | The 5 Critical Success Factors for Agile NSPM were first published on FireMon.

*** This is a FireMon Security Bloggers Network blog, written by FireMon. Read the original post at: