Tufin: Maximizing Agility and Security Henry Pea Digital - PowerPoint PPT Presentation

Tufin: Maximizing Agility and Security Henry Pea

Digital Transformation is all about Business Agility 2

The Tradeoff Balancing Security and Agility 3

The Problem: Manual Processes Speed Cost Risk Compliance 4

The Solution: Security Automation and Orchestration efficient fast + error-free Secured! 5

Network Security Policy Management Secure and Agile Secure but Slow Zero-Touch Automation Application Driven Automation Analysis & Design SECURITY Cleanup & Compliance Visibility Agile but Risky BUSINESS AGILITY 6

SecureChange: Policy-Based Automation Agility Efficiency Security Compliance 7

SecureChange: Policy-Based Automation Agility Efficiency Security Compliance 8

• Automate the change process end-to-end to speed up SecureChange implementation Maximizes • Skip security approvals for low risk changes Agility with • Avoid errors and reduce rate of redos Zero-Touch • Out of the box integration with leading ticketing Automation systems and an open API to facilitate integration with custom portals 9

Automate the Change Process End-to-End Build an automated workflow process: • Auto steps • Skip steps • Dynamic assignment 10

Improve SLA and Eliminate Redos • Automated design and implementation • Automated verification 11

OOTB Integration with Leading Ticketing Systems Open Ticket Update/close Ticket Available on ServiceNow Marketplace 12

Maximizing Agility: Proof Points Slovak Telekom reduced the time to implement changes from 1 week to 1 day RWE reduced change implementation from 6-8 days to 6 hours Leading global A leading global hotel chain reduced the SLA for hotel chain implementing changes from 15 days to 2 days 13

SecureChange: Policy-Based Automation Agility Efficiency Security Compliance 14

• Manage changes consistently from a central console • Automate manual time-consuming tasks: SecureChange - Change analysis and design Increases - Change provisioning and scheduling Efficiency and - Firewall admin tasks Helps Reduce • Automatically identify and close changes that are Costs already implemented • Measure productivity gains with an executive dashboard 15

Manage Changes From a Central Console Across Vendors Save time and resources by managing changes across the hybrid network 16

Automated Target Selection Based on Accurate Topology Save time and resources invested in searching for the right target device 17

Automated Design Aligned with Policy Optimization • Save time and resources invested in planning the change • Avoid adding shadowed rules 18

Schedule Changes Based on Change Windows Automate the change from request to implementation and adhere to organizational standards 19

Automate Firewall Administration Tasks Build an automated process for: • Rule decommissioning • Server decommissioning • Group modifications • Rule recertification • Server cloning (coming soon) 20

Example: Automate Group Modification Save time and effort on making changes to firewall network object groups with automation 21

Automatically Close Changes Already Implemented In some cases: 20% of all changes 22

Measure productivity gains with an executive dashboard Easily demonstrate efficiency and service level improvements to management 23

Increase Efficiency: Proof Points Time and effort of change submission and staging reduced by 50%-75% = eliminate the need to hire 3 more people “ ” Leading Telecom Change Request Processing has gone from 4 hours to Provider in the US 4 minutes • 75% of requests were already implemented Leading Insurance • Average time for changes was 10-14 days and was Company in the US cut to a few hours 24

SecureChange: Policy-Based Automation Agility Efficiency Security Compliance 25

• Automated firewall cleanup to tighten security posture Tighten • Automated, proactive risk analysis to control policy Network violations Security • Automated change design, implementation and Posture with verification to eliminate risky misconfigurations SecureChange • Granular control of the process automation level • Open APIs to achieve security automation 26

Automate Firewall Cleanup to Tighten Security: Rules Automatically decommission redundant rules identified in SecureTrack 27

Automate Firewall Cleanup to Tighten Security: Servers Automatically decommission servers to streamline migration and remove redundant access 28

Automated and Proactive Risk Analysis Identify potential violations to the unified security policy 29

Mitigate Risky Changes Before Implementation Escalate for approval, add an exception, or send back to the requester 30

Automated Provisioning Reduces Misconfigurations Automatically provision changes across vendors and platforms to maximize accuracy and security 31

Granular Control of the Process Automation Level Complete flexibility to accommodate the right level of control required 32

Open APIs: Scan for Vulnerabilities Check hosts or vulnerabilities as part of SecureChange risk assessment Tufin sends destination(s) and source(s) to Vulnerability Scanner and triggers a scan Ticket is created in SecureChange or triggered by ticketing system Results are added to ticket risk analysis 33

Open APIs: SIEM Integration Source, Destination, and Service sent to SIEM SecureChange SIEM queries correlated vulnerability data to determine risk SecureChange incorporates risk data into the ticket SecureChange 34

SecureChange: Policy-Based Automation Agility Efficiency Security Compliance 35

• Auditable change process to align with organizational Achieve guidelines (e.g. separation of duties) Continuous • Proactive risk analysis to avoid violations Compliance with • Full documentation of ticket history SecureChange • Baked-in Policy Rule justification and recertification to comply with internal and regulatory mandates 36

Proactive Risk Analysis Identifies Compliance Violations The USP has templates and guidance to help comply with: • PCI • NERC • HIPAA • GDPR • Best Practices And more… 37

Full Audit Trail and Complete History Complete documentation of all changes 38

Rule Recertification Process to Enforce Compliance Automate and streamline recertification 39

Automated Change Authorization in SecureTrack Compare change implemented to access requested 40

Tufin Orchestration Suite Enterprise Applications SecureApp ™ Application Connectivity Automation IT Service Management RESTful APIs SecureChange ™ Network Change Automation Scripting & Automation SecureTrack ™ Security & Compliance Other 3 rd Party Infrastructure Abstraction Layer Solutions Firewalls Networks Private Cloud Public Cloud 41

Security Policy Automation for Cloud and Containers • Gain app-centric visibility of security risks • Define and control cloud-native security policies • Identify compliance violations pre-deployment • Gain visibility into microservices environments • Enforce network policy across microservices and firewalls • Integrates with CI/CD to enable DevSecOps 42

Managing Your Security Policy – Everywhere PUBLIC TRADITIONAL PRIVATE MICROSERVICES NETWORKS CLOUD CLOUD SECURITY POLICY A continuum from the macro to the micro 43

Why Tufin? • Accurate end-to-end change design and automation • Open and customizable • Firewall cleanup automation • Enterprise readiness 44

The Security Policy Company 45

Thank You Tufin: Maximizing Agility and Security