Policy Optimizer - Product Datasheet

Policy Optimizer
Continuous compliance with automated rule
review, recertification and decommissioning
THE CHALLENGE: Stay compliant, document everything, do it automatically.
Rules get outdated. That’s just what they do. As networks change and access requirements shift,
security controls have knock-on effects on other rules, policies and access controls. Security teams
must detect these network dynamics and recertify rules to ensure airtight compliance.

The manual process of decommissioning and recertification leaves enterprises with a bag full of
outdated, redundant, overly permissive and risky rules that lead to compliance failures and increased
risk.

FireMon’s Policy Optimizer puts an end to the suffering.

THE SOLUTION: Continuous Compliance through Automated Review and Change

Management
FireMon’s Policy Optimizer keeps firewalls squeaky clean by automating your review process and
instantly decommissioning access that could lead to a compliance failure.

Policy Optimizer communicates to everyone involved with the rules, giving you a central hub for
security teams, policy owners, application admins and business teams to validate rules, check for
compliance and recertify.

Orchestration kicks into gear to decommission or recertify rules with complete documentation for
every last statement in the rule syntax.

Policy Optimizer Puts Reviews on Rails

Instantly queue Coordinate reviews Leave nothing Calibrate security Be audit-ready

critical security with security, to chance with controls with with sub-second
rules for severity application and automatic rule FireMon’s rule reporting for every
and timing business teams documentation recommendations policy and rule

©2018 FireMon, LLC. All rights reserved.

022118
PRODUCT OVERVIEW
AUTOMATED POLICY REVIEW WHY POLICY OPTIMIZER?
Assign review based on rule and policy properties and dictate removal of
troublesome, outdated or undocumented rules. The integrated policy review Automate review for all firewall
platform eliminates inefficient, error-prone manual processes and ensures rules and instantly document,
network operations’ ability to improve protection and compliance. recertify, decommission and report
every policy.

• Validate access with business

EVENT-DRIVEN ENROLLMENT
and application teams
Automatically identify rules that demand immediate analysis as determined
by real-world events such as time-frame expiration, critical security control • Find overly permissive rules,
failure, periodic review or ad-hoc query. pull back compliance drift

• Continuous compliance: PCI

DSS, HIPAA, ISO, NIST, SOX
TARGETED INTELLIGENCE FOR RULE IMPROVEMENT
and others
Get detailed information regarding each reviewed rule with the option to
approve or reject current rule configurations. • Automate workflows and
communication for all teams
It also assists with:
• Instantly document all access
• Best Practices Adoption – Quickly confer with business stakeholders
policies and rules
and remove rules that are expired, undocumented, hidden or unused, as
well as those that have been modified from their original purpose.
• Performance Improvement – Avoid the service interruptions that can
FEATURES:
happen due to unnecessary rules reducing the productive life of a
firewall. Single-console, global visibility
across the enterprise

MAINTAIN COMPLIANT STATUS Event-driven rule review

Interact directly with compliance and audit staff to ensure that any
Custom workflows tailored to your
modifications retain alignment with required controls and maintain a
compliance and audit requirements
repository of change documentation for use during mandated assessments
and audits.

CUSTOMIZED WORKFLOW
Easily change the built-in workflow to meet your custom needs. Because it
is built on BPMN 2.0 task types, you can utilize a workflow specific to your
environment. When integrated with the FireMon Policy Planner module,
Policy Optimizer can be extended to create change tickets for removable
rules and invoke application-level recommendations. This integration closes
the loop on the rule lifecycle in that rules are effectively removed when
they’re at the end of their useful life.

For more information or a free 30-day product evaluation, visit www.firemon.com