Providing network security for today's organizations has become an overwhelmingly complex operation involving numerous components often distributed across multiple sites and managed by more than one team. At the same time, government and industry regulations require organizations to implement much higher levels of transparency and accountability for their IT systems. In practical terms, aligning day-to-day operations with regulatory compliance and other business requirements can only be achieved by automating the manual, highly error-prone tasks associated with daily network security operations. The most critical areas are change management, process automation, security infrastructure optimization, auditing and compliance management.
Security life cycle management solutions enable organizations to cost-effectively implement, maintain and audit their security policy on firewalls and other network infrastructure. They use a combination of business process automation and sophisticated analysis and simulation algorithms to help organizations manage network security risks and ensure compliance with corporate and regulatory standards.
Security life cycle management includes:
- Changing management to ensure that every change to firewall rule bases and related infrastructure is in accordance with corporate standards and can be fully explained and tracked;
- Processing automation to ensure compliance and accountability and to eliminate manual, repetitive, error-prone tasks;
- Risk and business continuity management to evaluate potential security hazards or performance issues before changes are implemented;
- Security infrastructure optimization to enhance security, provide high performance and a satisfactory user experience while containing infrastructure costs;
- Auditing and compliance management to ensure fulfillment of industry regulations and vendor best practices as well as corporate IT policies.
Tufin offers two systems that tackle operations challenges and help organizations get them under control.
SecureTrack
SecureTrack manages and audits firewalls, routers and switches. It provides a cohesive, unified view of all firewalls along with many other network devices. It is essential in ensuring that a corporate security policy is being implemented consistently in an environment with multiple rule bases, geographies and teams.
The system can view the rules in different firewalls and understand the overall efficacy and compliance of each rule in the rule set. It then recommends different actions that enable operations teams to address the different firewall configuration issues. The system can automatically generate a variety of audit and compliance reports. This ability is a cost-reduction feature that saves organizations a large amount of time. Users report that deploying the system has resulted in a 50 percent reduction in the time and cost of firewall management.
SecureTrack can substantially reduce many of the costs related to creating auditing and compliance reports. Along with capabilities such as configuration change tracking, audit and risk reports, and rule base optimization, the system becomes a key cost reduction product that can benefit the organization in terms of security and efficiency as well.
SecureChange Workflow
The company's SecureChange Workflow automates the entire life cycle of a policy change request from submission through design, risk analysis, approval, implementation and auditing. It complements existing ticketing systems and makes them "security aware," so organizations can proactively enforce security policy, manage risk and comply with standards. Harnessing the ability of automation to cut back on repetitive manual tasks, it can substantially reduce the time and labor involved in firewall configuration while preventing security and compliance risks.
SecureChange Workflow gives organizations the ability to prevent noncompliant firewall configuration changes and to cut back on the manual, repetitive firewall management tasks that cost organizations so many man-hours. Using both products provides organizations with a complete life cycle system that keeps firewalls secure, compliant and cost-efficient.
Shaul Efraim is vice president, products, at Tufin Technologies.
