About FireMon Insights

FireMon Insights is a cloud-based application that delivers powerful data analysis, peer benchmarking, and AI chatbot for cybersecurity data. It securely interfaces with the FireMon Security Intelligence Platform (SIP) while maintaining industry-standard security and privacy standards. We prioritize limited access to customer resources, applying best security practices to safeguard data while retaining only what is necessary to provide an exceptional user experience.

Integration

Insights maintains a continuous connection to you instance of SIP, and only you can initiate this connection. The registration process begins in the SIP Administration module, and is thereafter authenticated, authorized, and maintained securely according to industry best practices. Only data sets required to support the user experience are sent to Insights.

The data sets are:

  • Daily measurements from SIP key performance indicators (KPI). This is not actual policy data but rather a daily snapshot of the status of that data, such as the count of unused rules and the count of failed security controls. In the example of unused rules, the data stored does not identify those actual unused rules, rather, just the actual integer, which is the count of unused rules. This data is kept for the duration of your registration as it is used for trending over time.

  • Information requested from chatbot questions, including firewall policy SIQL query responses (policy rule data) and network APA responses (questions about network access between individual IP addresses and ports). This data is interpreted by the chatbot LLM (Large Language Model), then the interpreted information is sent to the user. Chatbot conversations (questions and answers) are kept for five days. The raw data from SIP is not retained after being interpreted and sent to the user. Only specific queries and commands are supported and enforced in SIP. Insights does not support any free-form information access.

Authentication and Access Control

Insights employs secure key exchange for authentication with SIP, eliminating the need to store long-lived keys. You can revoke access and disconnect Insights from SIP at any time.

Data Security

Encryption

  • All data in transit is encrypted using TLS with SHA-256 and RSA encryption.

  • Data at rest is encrypted using industry-standard encryption protocols.

  • User credentials are hashed and salted before storage.

Infrastructure Security

Insights operates on AWS servers in the United States using server-less technologies. AWS assurance programs include:

  • SOC 1/ISAE 3402, SOC 2, SOC 3

  • FISMA, DIACAP, and FedRAMP

  • PCI DSS Level 1

  • ISO 9001, ISO 27001, ISO 27017, ISO 27018

For more information about AWS security and compliance, refer to: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html

Insights integrates with OpenAI Enterprise for LLM portions of the AI chat and KPI Insights features. OpenAI has a number of security and privacy commitments, including:

  • SOC 2 Type 2

  • CSA STAR Level 1

OpenAI Security Portal can be found at: https://trust.openai.com/