Tufin: Maximizing Agility and Security Henry Pea Digital - - PowerPoint PPT Presentation

Tufin: Maximizing Agility and Security

Henry Pea

Digital Transformation is all about Business Agility

The Tradeoff Balancing Security and Agility

The Problem: Manual Processes

Speed Cost Risk Compliance

The Solution: Security Automation and Orchestration

efficient fast error-free Secured!

+

Visibility

Network Security Policy Management

Agile but Risky Secure but Slow

SECURITY BUSINESS AGILITY

Secure and Agile

Zero-Touch Automation Cleanup & Compliance Application Driven Automation Analysis & Design

SecureChange: Policy-Based Automation

Agility Efficiency Security Compliance

SecureChange: Policy-Based Automation

Agility Efficiency Security Compliance

SecureChange Maximizes Agility with Zero-Touch Automation

• Automate the change process end-to-end to speed up

implementation

• Skip security approvals for low risk changes
• Avoid errors and reduce rate of redos
• Out of the box integration with leading ticketing

systems and an open API to facilitate integration with custom portals

Automate the Change Process End-to-End

Build an automated workflow process:

• Auto steps
• Skip steps
• Dynamic assignment

Improve SLA and Eliminate Redos

• Automated design and

implementation

• Automated verification

OOTB Integration with Leading Ticketing Systems

Open Ticket Update/close Ticket

Available on ServiceNow Marketplace

Maximizing Agility: Proof Points

RWE reduced change implementation from 6-8 days to 6 hours Slovak Telekom reduced the time to implement changes from 1 week to 1 day A leading global hotel chain reduced the SLA for implementing changes from 15 days to 2 days Leading global hotel chain

SecureChange: Policy-Based Automation

Compliance Agility Security Efficiency

SecureChange Increases Efficiency and Helps Reduce Costs

• Manage changes consistently from a central console
• Automate manual time-consuming tasks:
• Change analysis and design
• Change provisioning and scheduling
• Firewall admin tasks
• Automatically identify and close changes that are

already implemented

• Measure productivity gains with an executive

dashboard

Manage Changes From a Central Console Across Vendors

Save time and resources by managing changes across the hybrid network

Automated Target Selection Based on Accurate Topology

Save time and resources invested in searching for the right target device

Automated Design Aligned with Policy Optimization

• Save time and resources invested in

planning the change

• Avoid adding shadowed rules

Schedule Changes Based on Change Windows

Automate the change from request to implementation and adhere to

• rganizational standards

Automate Firewall Administration Tasks

Build an automated process for:

• Rule decommissioning
• Server decommissioning
• Group modifications
• Rule recertification
• Server cloning (coming soon)

Example: Automate Group Modification

Save time and effort on making changes to firewall network object groups with automation

Automatically Close Changes Already Implemented

In some cases:

20% of all changes

Measure productivity gains with an executive dashboard

Easily demonstrate efficiency and service level improvements to management

Increase Efficiency: Proof Points

Time and effort of change submission and staging reduced by 50%-75% = eliminate the need to hire 3 more people Leading Telecom Provider in the US Leading Insurance Company in the US Change Request Processing has gone from 4 hours to 4 minutes

“ ”

• 75% of requests were already implemented
• Average time for changes was 10-14 days and was

cut to a few hours

SecureChange: Policy-Based Automation

Efficiency Compliance Agility Security

Tighten Network Security Posture with SecureChange

• Automated firewall cleanup to tighten security posture
• Automated, proactive risk analysis to control policy

violations

• Automated change design, implementation and

verification to eliminate risky misconfigurations

• Granular control of the process automation level
• Open APIs to achieve security automation

Automate Firewall Cleanup to Tighten Security: Rules

Automatically decommission redundant rules identified in SecureTrack

Automate Firewall Cleanup to Tighten Security: Servers

Automatically decommission servers to streamline migration and remove redundant access

Automated and Proactive Risk Analysis

Identify potential violations to the unified security policy

Mitigate Risky Changes Before Implementation

Escalate for approval, add an exception, or send back to the requester

Automated Provisioning Reduces Misconfigurations

Automatically provision changes across vendors and platforms to maximize accuracy and security

Granular Control of the Process Automation Level

Complete flexibility to accommodate the right level

• f control required

Open APIs: Scan for Vulnerabilities

Ticket is created in SecureChange or triggered by ticketing system Results are added to ticket risk analysis Tufin sends destination(s) and source(s) to Vulnerability Scanner and triggers a scan

Check hosts or vulnerabilities as part of SecureChange risk assessment

Open APIs: SIEM Integration

SecureChange

Source, Destination, and Service sent to SIEM SIEM queries correlated vulnerability data to determine risk SecureChange incorporates risk data into the ticket

SecureChange

SecureChange: Policy-Based Automation

Efficiency Security Agility Compliance

Achieve Continuous Compliance with SecureChange Baked-in Policy

• Auditable change process to align with organizational

guidelines (e.g. separation of duties)

• Proactive risk analysis to avoid violations
• Full documentation of ticket history
• Rule justification and recertification to comply with

internal and regulatory mandates

Proactive Risk Analysis Identifies Compliance Violations

The USP has templates and guidance to help comply with:

• PCI
• NERC
• HIPAA
• GDPR
• Best Practices

And more…

Full Audit Trail and Complete History

Complete documentation of all changes

Rule Recertification Process to Enforce Compliance

Automate and streamline recertification

Automated Change Authorization in SecureTrack

Compare change implemented to access requested

Tufin Orchestration Suite

Infrastructure Abstraction Layer RESTful APIs

Firewalls Public Cloud Private Cloud

SecureApp™

Application Connectivity Automation

SecureChange™

Network Change Automation

SecureTrack™

Security & Compliance

IT Service Management Scripting & Automation Other 3rd Party Solutions Networks Enterprise Applications

Security Policy Automation for Cloud and Containers

• Gain visibility into microservices environments
• Enforce network policy across microservices and firewalls
• Integrates with CI/CD to enable DevSecOps
• Gain app-centric visibility of security risks
• Define and control cloud-native security policies
• Identify compliance violations pre-deployment

Managing Your Security Policy – Everywhere

TRADITIONAL NETWORKS PRIVATE CLOUD PUBLIC CLOUD MICROSERVICES

SECURITY POLICY

A continuum from the macro to the micro

Why Tufin?

• Accurate end-to-end change design and automation
• Open and customizable
• Firewall cleanup automation
• Enterprise readiness

The Security Policy Company

Thank You

Tufin: Maximizing Agility and Security