Anyone who attended the RSA Conference 2015 last week in San Francisco likely found themselves overwhelmed by the presence of security intelligence.
Whether it was the palpable human intellect present in the Moscone or all the security solutions positioned around the term “intelligence” on the show floor, one thing was certainly clear – the industry isn’t lacking in this area.
People smarts aside, many providers including FireMon have leveraged “intelligence” to articulate the value of their solutions for some time. The rise of the formal “threat intelligence” segment –the aggregation, analysis and delivery of information regarding emerging attacks – has only served to further popularize use of the term.
But let’s face it, no matter what type of intel you sell, the degree to which that information is actually actionable to its intended audience is the only real measurement of its value. This assertion is emphasized in the recently published Verizon 2015 Data Breach Investigations Report, which calls out threat intelligence in particular, citing the need for application of such data within a detailed context.
At FireMon, we’d argue that our solutions generate a particularly valuable breed of intelligence in providing continuous visibility into a wide range of critical aspects of network security management. Nowhere is this more evident than in the dashboard interface of Security Manager 8.0, which presents the user with a number of related Key Performance Indicators (KPIs).
Made possible through a re-engineered horizontal architecture, which my colleagues will address in subsequent posts, Security Manager 8.0 KPIs flip the management model on its head. Users are no longer required to seek out specific indicators of device and policy management on their own. Instead, that crucial information is provided to them in the dashboard.
What are some of the KPIs that Security Manager 8.0 generates? Among the most important are measurements including:
- Average Security Complexity Index (SCI) – the current level of firewall policy complexity present throughout the existing infrastructure. This helps drive overall improvement.
- Devices by SCI & Devices with Critical SCI – the most complex network security devices and which of those represent critical security management issues
- Rules with Critical Control Failures – the rules in your policies that actually represent significant issues and result in real world gaps in security. This helps prioritize follow-up.
- Redundant Rules & Unused Rules – rules currently implemented within your policies that are non-essential, obsolete and problematic. This allows for cleanup and removal.
- Rules Identified for Improvement – firewall rules and resulting policies that can immediately be adapted to bolster security and drive down unnecessary complexity.
Continuous delivery of this data via the Security Manager 8.0 interface advances our flagship solution from one that allows practitioners to hunt down information around complexity, change and overall network security effectiveness, to one that proactively arms them with that actionable information.
For more on FireMon see: http://www.firemon.com/