Products Overview

Tufin Orchestration Suite

For enterprises struggling with large and complex networks and the constant changes that business demands, the need to make configuration changes both rapidly and securely becomes vital. Tufin’s market-leading Orchestration Suite enables organizations to implement network security changes in the same business day through automation and impact analysis.  It orchestrates change processes end-to-end across heterogeneous networks, business units, and management systems.

Tufin’s Orchestration Suite™ is a complete solution for automatically designing, provisioning, analyzing and auditing network security changes from the application layer down to the network layer. It minimizes errors and redoes for rapid service delivery, continuous compliance and business continuity.


  • Accelerates service delivery and increases IT network agility: Cuts the time spent on security changes and audits from one week to one day through automation and analytics
  • Gives predictability of risk impact and potential policy violation when performing a network change which minimizes network exposure for better security and compliance
  • Better accuracy for network changes, tuned for better performance and security
  • Assures business continuity by reducing network and application downtime as well as Mean Time To Resolution
  • Enforces IT governance and continuous compliance with corporate and industry security standards
  • Central visibility and control over network security policies and device configurations for a uniform way of handling network changes

The Orchestration Suite


Overview Diagram

SecureApp™ orchestrates application-related network changes from app deployment through decommissioning, and continuously monitors application connectivity status. SecureApp bridges the communication gap between application developers and network teams with an intuitive interface for rapid service delivery with fewer iterations.

SecureChange™ automates security change processes from request through design, security assessment, provisioning and verification to accelerate changes and reduce human error. It enables you to simulate the impact of change before it is implemented and perform proactive risk and compliance analysis, minimizing risk of network exposure or outages.

SecureTrack™ gives you real-time policy tracking and alerting, along with clean-up, auditing and analysis tools. SecureTrack makes it easier to rapidly and successfully complete audits, to streamline your firewall policies and troubleshoot issues.



Orchestration of network change processes and service delivery

The Orchestration Suite enables IT organizations to provide automated network connectivity services in a structured, efficient and traceable fashion. It provides a service automation framework that starts with the initial access request and continues through provisioning and verification. Through a web interface or integration with other systems, the Orchestration Suite offers a number of ways to request access that suit the role and expertise of the requestor – from a non-technical user, to an application developer or a network engineer. 

Automatic design and provisioning of network configuration changes

The Tufin Orchestration Suite slashes change handling times by automating change design and implementation across the network. It studies the network topology to identify the relevant devices, and it analyzes their security configuration to determine if a change is needed. If so, it designs the optimal change and automatically pushes it out to the network device or generates the required commands. Finally, after the change is made, the Orchestration Suite verifies that the change fulfills the original request and documents it automatically. 

Network topology analysis for complex, heterogeneous networks

Effective change automation depends on an in-depth understanding of both the enterprise network as a whole, and of the security policy configuration on each device. Tufin’s Network Topology Intelligence automatically maps the entire network, while Security Policy Analysis simulates the access provided or blocked by each firewall, router and load balancer. Together, they enable the Orchestration Suite to design and simulate network access during the automated change process. 

Central management of all network security devices from all major vendors

In today’s complex, multi-device, multi-vendor network environment, a central view of security policy across all devices is essential. The Tufin Orchestration Suite supports all major network security devices and vendors. It gives you the ability to consistently enforce your corporate security policy on all of your devices, along with the documentation and change audit trail that you need to demonstrate compliance. 

Customizable change workflows to automate best practices

The Tufin Orchestration Suite includes customizable workflows that automate network change design, analysis and implementation according to industry best practices. Using an intuitive visual editor and simple building blocks, you can model your own business processes and meet the specific needs of your organization. 

Proactive risk analysis and impact simulation for every network security change

Every change to the network configuration is a potential threat to security and availability. Without Security Policy Orchestration, testing the impact of a change is virtually impossible. As part of the automated change process, the Orchestration Suite proactively checks every access request against your corporate security and compliance policies to spot violations. It also simulates the impact of every change to identify potential risks. It enables you to process changes much more quickly and at the same time, significantly reduce the risk to your organization. 

Automatic change verification ensures every change is accurate and justified

After every network configuration change is made, the Orchestration Suite verifies that the change fulfills the original request from both a technical and the user perspective, and documents it automatically.  It creates a complete audit trail from the original request through the final firewall rule or ACL. 

Continuous compliance and instant audit reports for corporate and regulatory standards

The Orchestration Suite provides a closed-loop process for enforcing, verifying and documenting compliance with standards such as PCI DSS and SOX for every network change. It checks every access request and every change design against compliance policies before approval and after implementation. When an exception is made, the justification is documented as part of the audit trail. The Compliance Dashboard shows the current status and generates customizable reports, cutting audit preparation times by as much as 80%. 

Interoperability with external systems including help desk, ticketing and service provisioning

The Tufin Orchestration Suite integrates with a variety of systems including help desk, ticketing and service provisioning through RESTful APIs. With the Orchestration Suite, you can seamlessly integrate network security changes into your IT operations management processes while benefitting from the deep security and network technologies that increase productivity and accuracy. 

The Orchestration Suite

Tufin’s Orchestration Suite includes three products – SecureTrack, SecureChange and SecureApp - that work together to provide a complete solution for accelerating network change processes.;