enterprisesecuritymag

Tufin: Toward Firewall Optimization

Ruvi Kitov, CEO & Co-Founder, TufinRuvi Kitov, CEO & Co-Founder
Today, businesses are investing heavily in security techniques and firewall solutions to safeguard their data. However, over time, these have become obsolete as hackers have found innovative and sophisticated means of data breaching. Most companies counter this through a multi-tiered firewall, but managing security policies for multiple firewalls can be burdensome and adds to network complexity. Frequent changes to the security policy configuration can also make it extremely complex to manage, over a period. On the other hand, replacing an entire firewall policy in a single stage is never feasible, for doing so poses a huge risk to the data. What is truly essential is a single security configuration policy that is easily manageable and guarantees the confidentiality of enterprise data. “Application related firewall policies need to be designed and implemented in a way that does not expose organizations to unnecessary risk or cause application downtime—both of which happen all the time due to inefficient application connectivity management,” says Ruvi Kitov, Co- Founder and CEO, Tufin. The company’s flagship product, Tufin Orchestration Suite (TOS), addresses this challenge through a comprehensive automated firewall optimization solution, sans major complexities.

TOS uses the Next Generation Firewalls (NGFW) technology that relies on App-ID and User-ID security policies, meaning access to the network is provided on the basis of whether or not a user is authorized to access an application. This is a departure from the earlier trend of allowing traffic on the basis of port numbers and IP addresses. TOS analyses the actual rule to be used and the apps or objects being used at multiple time slots. Besides cleaning up the unused rules, it also helps in the removal of access to objects that are redundant and duplicated.

Tufin Orchestration Suite R16-2 represents a giant step forward for orchestrating security policies across physical networks and hybrid cloud platforms


Over-permissive rules that need to be replaced are also identified. Compliance for industrial standards and enterprise policies can be automatically enforced.

Juniper Networks, one of the pleased customers of Tufin, states that the automation features for both design and implementation in the product, significantly shortens the time previously required to make network security changes. Forcepoint, which uses TOS, states that the product provides a closed-loop process for enforcing, verifying and documenting compliance with industry standards such as PCI DSS, NERC CIP and SOX. It also mentions that every firewall policy change is monitored in real-time to identify and address potential violations and provide an accurate, updated audit reports.

While customers continue to appreciate Tufin and its product, the company has gone ahead and added more features to the latest version of TOS, R16-2. “Tufin Orchestration Suite, R16-2 represents a giant step forward for orchestrating security policies across physical networks and hybrid cloud platforms,” says Ofer Or, VP, products, Tufin. R16-2 maximizes security and business agility with automated provisioning for security policies across heterogeneous networks. End-to-end policy based change automation for Amazon Web Services (AWS) was accomplished by Tufin. In a recent development, Tufin also came up with a solution to secure the enterprise data in cloud. Tufin’s Network Security Policy Management (NSPM) program addresses this issue. “As more and more organizations flock the cloud, the demand for securing the data would fuel the demand for NSPM,” concludes Kitov.