Tufin Technologies has unveiled its vision for Security Policy Orchestration and launched version R13-3 of the Tufin Orchestration Suite. Security Policy Orchestration defines a new paradigm for the automated implementation of network infrastructure changes. With Security Policy Orchestration, Tufin customers can automate network layer change processes, enabling them to accelerate service and application delivery and increase IT agility, while maintaining security and compliance throughout the network. Tufin’s broader vision has been formulated following in-depth analysis of industry trends, input from its wide customer base, and input from its growing partner program.
“Security Policy Orchestration goes far beyond the traditional configuration and risk assessment of individual firewalls. Interoperability between systems and integration with different network security devices is essential," said Ruvi Kitov, CEO of Tufin. "Over time, our solution has evolved into a centralized platform that enables organizations to automate end-to-end policy management for firewalls, switches, routers, and load balancers."
“The Tufin Orchestration Suite has been a huge asset to our business, enabling us to implement network changes up to 80% faster,” said Fritz Steinmann, Director and Head of Network Engineering at SIX Group Services AG. “Because the vast majority of firewall changes are application related, Tufin actually enables us to roll out applications faster, with best practices for security and compliance baked into the change process itself. So not only are we more efficient and agile, but as our requirements continue to evolve, Tufin ensures we can adjust our Network Security Policy accordingly.”
Evolution from Policy Management to Policy Orchestration
Tufin has identified a number of recent industry developments in network security operations which necessitate the transition from management to orchestration:
* Virtualization has enabled acceleration of the change process at the server level – this, in turn, is creating an increased demand for automation across IT and, specifically, at the network layer
* IT organizations are under pressure to match the speed, convenience and self-service provisioning of Cloud environments for internal application deployment
* Enterprise networks are becoming larger and more complex with numerous traffic routing and shaping technologies and multiple data centres
* Widespread use of stateful and next-gen firewalls for external and internal network segmentation has significantly increased the size of enterprise firewall estates and evolved security policy into complex rule sets that map how business is conducted over the network
The collective impact of these developments on network and security operations tasks has had a profound impact on people, processes and technology. Security Policy Orchestration is a necessity in order to keep up with the demands of the business while ensuring security and preventing an outage or a breach.
The Tufin Orchestration Suite reflects the evolution of Tufin’s development strategy over the last several years. Tufin’s product suite consists of three modules: Firewall Management (SecureTrack), Network Change Automation (SecureChange) and Application Connectivity Management (SecureApp), and features:
* Orchestration of network connectivity changes across distributed data centers and heterogeneous networks
- Central management of enterprise firewalls, routers and load-balancers from all major vendors
- Network path simulation and automatic identification of the relevant network devices
- Automatic verification and documentation of every change
- Impact analysis of every network change, before and after it is made
- Automatic change provisioning
* Orchestration of change processes across business units
- Multiple, customizable workflows that automate best practices and organizational processes
- Automatic translation of application connectivity needs to technical network requirements
- A comprehensive audit trail for every network configuration change within its business context
- Continuous compliance and instant audit reports for corporate and regulatory standards
* Orchestration of network changes across management systems
- A RESTful API framework for integration with systems such as ITSM tools (e.g., BMC Remedy), self-service portals, home grown management systems etc.
- Ability to submit network access requests using one simple REST API call across complex, multi-vendor networks
- A uniform way to retrieve information about firewall policies and rule sets
- APIs for network connectivity management of application and server operations including deployment, migrations and decommissioning
Version R13-3 of the Tufin Orchestration Suite has expanded its device support across a wider set of enterprise firewalls and network infrastructure, including Stonesoft, McAfee Firewall Enterprise, and F5 Load balancers. It includes enhanced change provisioning and IPv6 support for Juniper firewalls. R13-3 also significantly expands Tufin’s already large library of RESTful APIs, allowing for fast integrations of external systems.
Industry Support for Security Policy Orchestration:
“Check Point and Tufin’s joint network security management solution enables our customers to operate fully-automated Data Centers and Cloud instances,” said Alon Kantor, vice president of business development at Check Point Software Technologies. “Over the past 8 years, Check Point has worked closely with Tufin on their security product suite and we are excited to be part of the company’s new offering for virtual environment management.”
“Tufin solutions extend and build upon FortiManager to improve the operational and managerial efficiency of our network security platform,” said John Maddison, vice president of marketing for Fortinet. “Maintaining a high level integration and compatibility with the Tufin Orchestration Suite enables our joint customers to extract maximum value from their Fortinet deployments.”
“The most effective method to deploy network security will be via automation and orchestration systems and the ability to integrate these systems will become the key foundational feature for network security,” said Danelle Au of Palo Alto Networks in a recent Security Week column titled "The Next Big Thing for Network Security: Automation and Orchestration".
“Stonesoft and Tufin are both known for delivering innovative solutions that add business value, and are both committed to delivering solutions that provide efficient management, excellent situational awareness and operational cost savings,” said Antti Kuvaja, director of product management, Stonesoft. “Our partnership with Tufin will further increase our ability to deliver these benefits, and we look forward to our continued efforts to innovate network security.”