Virtualization Technology News and Information
RSA Conference 2023 Q&A: Find Out What FireMon Has Planned as They Showcase New Products, Cloud Defense and Policy Analyzer


Are you getting ready for the upcoming RSA Conference, the world's leading information security conference and exposition?  The event is quickly approaching, taking place April 24-27, 2023 at the Moscone Center in San Francisco.  This year's theme: Stronger Together.  In the cybersecurity industry, no one goes it alone. Instead, we build on each other’s diverse knowledge to create the next breakthrough—exchanging ideas, sharing our success stories, and bravely examining our failures.

Ahead of the show, VMblog received an exclusive interview with Jody Brazil, CEO and Co-Founder of FireMon, a leading network security policy management company that brings visibility, control, agility, and automation to enterprise cloud and hybrid network infrastructure.



VMblog: To kick things off, give VMblog readers a quick overview of the company.

Jody Brazil:  FireMon's mission is to improve security operations to bring better security outcomes for our customers. We deliver industry-leading security policy management, cloud security operations, and cybersecurity asset management solutions to over 1,700 enterprises in nearly 70 countries.

FireMon has been at the forefront of the security management category, delivering first-ever functionality such as firewall behavior testing, workflow integration, traffic flow analysis, and rule recertification. Our security policy management platform is the only real-time solution that reduces firewall and cloud security policy-related risks, manages policy changes, and enforces compliance.

FireMon is the only distributed cloud security operations offering that detects and responds to issues in fast-paced public cloud environments. Finally, our cloud-based Asset Management solution can scan an entire enterprise infrastructure, from on-premises networks to the cloud, to identify everything in the environment and provide valuable insights into how it's all connected.

VMblog: Does your company have any speaking slots at RSA? If so, can you tell us more about those sessions so people can get them on their schedules?

Brazil:  FireMon will be at Booth #6365 in the North Expo Hall.

Additionally, we will have two of our executives speaking at the RSA Conference. The first sees our VP of Technology Alliances, Tim Woods, talk about ‘Fighting Complexity Across the Hybrid Landscape.' His talk will occur at the Briefing Center on Wednesday, April 26th, at 4:00 PM PDT. Tim will also attend a Guest Speaking Session at the Fortinet Booth (#5855) on Tuesday, April 25th, at 1:30 PM PDT.

Our second speaker is Rich Mogull, the FireMon SVP of Cloud Security. Rich will discuss 'The Hacker's Guide to Cloud Governance', on Tuesday, April 25th at 9:40 AM PDT. The speaking location is TBA.

VMblog: What made you sponsor RSA this year? Is this a must-sponsor event for your company?

Brazil:  The RSA Conference is a key date in the calendar of many organizations globally that want to keep updated on all the latest cybersecurity approaches, solutions, technologies, and trends. As one of the world's leading cybersecurity conferences and exhibitions, RSA Conference is where the industry convenes and participates in those critical conversations essential to secure businesses, employees, and customers.

As one of the pioneers in the cybersecurity industry, FireMon is passionate about contributing to meaningful discussions in the market. Being a sponsor of the RSA Conference ensures we reinforce the awareness people have of our organization in the market while playing a part in strengthening the cybersecurity landscape.

VMblog: What are some key takeaways of your solution that RSA conference-goers should be aware of? And what sets you apart from the competition?

Brazil:  FireMon enables organizations to monitor security policy information in real-time for them to have continuous visibility across their entire network real estate. This reduces the attack surface and eliminates leak paths while ensuring compliance. FireMon delivers the industry's broadest support for firewalls, devices, and cloud security groups. It offers business and technology leaders a robust and flexible API that integrates compliance checks and policy automation into existing systems and processes.

The FireMon environment dynamically and continuously responds as business requirements evolve even after policies have been deployed. This is thanks to its robust and flexible architecture that can secure even the largest and most complex networks while maintaining desired workflows. FireMon's real-time search, ongoing security assessments, and automatic policy violation detection give enterprises the tools essential to manage network security policies across the entire environment, from on-premises data centers to the cloud.

VMblog: What market needs or problems are you addressing in the security space?

Brazil:  Cloud adoption is growing tremendously not only in North America but in the rest of the world as well. More companies than ever rely on the cloud to maintain business operations for their hybrid workforces. It's therefore become imperative for organizations across industry sectors to achieve seamless security at scale.

However, with misconfigurations still the leading cause of network breaches, simple human error at scale is no longer a simple problem. The work FireMon has done to align with the right industry partners across the cloud is paying dividends now as we inject more robust cloud security automation capabilities into our security management platform to deliver the security operations environment of the future.

Since September 2021, FireMon has introduced more than 200 product enhancements to reflect the cloud security requirements of today's digitally-driven organizations.

VMblog: What will you be showing off at the show this year?

Brazil:  In addition to our industry-leading security policy management, cloud security operations, and asset management solutions, we'll showcase several enhancements to our solutions at RSA Conference this year.

We encourage delegates to come to our stand and see the following exciting new products in action:

  • FireMon Cloud Defense: A real-time cloud compliance, inventory, misconfiguration, and threat detection solution, now with proactive IAM defense. It provides visibility and control over cloud infrastructure, services, and applications, allowing organizations to proactively identify and address security risks.
  • FireMon Policy Analyzer: A complimentary firewall security posture assessment solution that provides best practices and rule suggestions to reduce policy-related risk. Within minutes, Policy Analyzer shares a diagnostic report outlining the health of a single firewall in your environment, complete with key areas of interest and remediation recommendations.

VMblog: What are some top priorities for security leaders at RSA to consider this year?

Brazil:  In today's fast-paced world, network security must be a top priority for organizations of all sizes.

It has been said that cybersecurity is an asymmetric game where the attackers have an advantage. An attacker must only be right once, while the defender must be right all the time. One simple mistake can have devastating consequences, including data breaches, business disruptions, service outages, and ransomware infections. But getting security "right" is hard. Security challenges grow exponentially as the complexity of the network expands. Every new device, user, and service requiring connectivity to other resources increases the complexity of the environment.

Patching one system may be an easy task. However, patching 10,000 systems with 1000 or more configurations is next to impossible. So how do security leaders meet these challenges growing exponentially with resources that, at best, are only growing linearly?

At FireMon, we believe in rethinking the simple. Closing the complexity gap at scale requires the automation of network security functions to replace manual, error-prone processes, maintain regulatory and internal compliance, and reduce overall security risk. This will increase the efficiency and efficacy of security teams, drive business innovation, enable business agility, and improve the bottom line.

FireMon enables security teams to streamline operations and automate workflows by delivering complete visibility and control across the entire IT environment. Deploying a network security policy management platform that automates manual functions and simplifies workflows will reduce misconfiguration errors and risk exposure and enable greater productivity for resource-strapped security teams. With automation, DevOps and SecOps can work in tandem to meet and maintain compliance requirements, strengthen their security posture, and keep up with the growing demands of their business.

VMblog: What are some of the security best practices you would deem critical?

Brazil:  The most common threat to business security is accidental firewall policy misconfigurations. Manual rule and policy management of complex ground-to-cloud networks introduces countless opportunities for error, and most breaches are attackers taking advantage of this low-hanging fruit. Manual rule and policy management is time-consuming, not to mention the fragmented ownership and policy clutter that arises in hybrid environments, each contributing to poor policy hygiene. But poor policy hygiene creates vulnerable paths the bad actors can use to gain access. 

Good policy hygiene relegates access to only what is necessary to meet the needs of the business: nothing more and nothing less. Centralizing and automating change management across all resources is key to preventing misconfigurations that can lead to massive breaches. Network Security Policy Management (NSPM) platforms offer such centralized change management that are critical to helping prevent misconfigurations and rule errors from creeping into the network.

FireMon centralizes all data and automates policy management. No matter how many firewalls, cloud security groups, and other policy-control devices organizations may have on their network, FireMon knows every detail of every device and intelligently designs rule changes optimized for the environment. FireMon's automated change management dynamically and continuously responds to evolving requirements and environments, even after policies have been deployed.

Changing firewall rules and security policies isn't a glamorous task, but the consequences of getting it wrong can be quite severe. A simple misconfiguration can block legitimate user's access to mission-critical services or can let the wrong folks in, exposing the organization to attack. Good policy hygiene starts at the beginning, minimizing the opportunity for error and drastically increasing the speed with security policy orchestration across the entire rule creation and change management process.

VMblog: The keynote stage will be talking about major themes this year. But what trends is your company seeing that we should be aware of in 2023 and beyond?

Brazil:  The increasing digitalization of the world has resulted in cybercrime becoming one of the most significant threats that organizations face. Environments are expanding rapidly, and cybercriminals are always looking for new ways to exploit vulnerabilities in computer systems and networks, making security hygiene a high priority for preventing attacks.

One of the key trends this year is the emergence of asset visibility as a core component of good cybersecurity hygiene. Think of asset visibility as seeing everything connected to a network, from servers and workstations to Shadow IT and IoT devices. It involves collecting data about each device, including what it is, where it is, and what it is interconnected with. Business and technology leaders must, therefore, fully understand their environment and all that needs to be secured.

You cannot protect what you cannot see. It sounds simple enough, but mergers and acquisitions, divestitures, and even onboarding remote new hires can significantly and rapidly expand the security team's responsibilities. If an organization is not equipped to properly identify, manage, and secure its new assets, they become an immediate liability.

Having a complete site of organizational assets enable the business to identify unknown assets, improve response times, ensure compliance, achieve continuous monitoring, and strengthen its security posture. Without asset visibility, a company is at risk of cyberattacks that could lead to data breaches, reputational damage, and financial losses.

VMblog: As a show sponsor, do you have any tips for attendees to better prepare or handle the conference?

Brazil:  Given the size of the RSA Conference, attendees need to understand the conference schedule and plan accordingly. Attending presentations and discussions must always be balanced with visiting and networking with exhibitors. In this way, they'll be sure to discover new technologies and solutions while also understanding how these can integrate into their existing operational environments.

RSA Conference is an exciting event where delegates can see what's hot in the cybersecurity industry and how their organizations must adapt to rapidly evolving market needs to safeguard data, workloads, and applications in the cloud.


Published Monday, April 17, 2023 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2023>