Unified Security Policy™

Gain Insights and Control Over Complex Networks

Gaining control of your network security is difficult given the complexities of today’s networks. A good security posture dictates a well segmented network, protecting the more sensitive assets (such as cardholder data) from the less sensitive assets, often using firewalls. Most organizations are currently managing network segmentation by manually tracking firewall and router configurations, others use spreadsheets however with complexities of today’s network and the constant changes coming from the business, maintaining the desired network segmentation is practically impossible.

Tufin’s first-in-kind Unified Security Policy™ takes a business process approach to your network which is protected by segmentation based on risk and compliance factors. Maintaining the desired network segmentation is a difficult task given the long and complex rule bases and constant influx of change requests. Unified Security Policy allows you to control your actual versus desired network segmentation, highlighting policy violations before a change is made on the network so as not to break compliance or expose the network to unnecessary risk.


Visualize your Network Segmentation

Tufin’s Security Zone Matrix, part of its Unified Security Policy visually maps the desired network zone-to-zone traffic-flows; and instantly gives detailed insights on your network segmentation such as what services are allowed between different network zones, zone sensitivity etc. The new Security Zone allows you to better manage and control changes across the network while keeping your segmentation intact. With every security rule and ACL being automatically checked against Tufin’s Unified Security Policy, risk and segmentation gaps are minimized and compliance and business continuity are continuously maintained.

Security Zone Matrix
Tufin's Security Zone Matrix keeps you in control of your network security

Tufin’s Security Zone Matrix displays:

  • Hosts and subnets segmented into security zones
  • Color-coded traffic-flow restrictions between zones
  • Level of sensitivity within each zone
  • Zone-to-zone policies 


Centrally Manage Policy Violations & Exceptions

The complexity and constant change of enterprise networks can make policy violation monitoring an impossible task. If your network is exposed due to an over permissive firewall rule or a rule that is no longer needed due to application decommissioning, you need to be alerted instantaneously, especially if this is in a highly sensitive network zone.

Tufin’s Unified Security Policy gathers this information into a central report with immediate drill-down views into the violation and root cause analysis for rapid pick up and remediation.

Central Report2
Central report on violating policies, rules and access lists across the network

Moreover, given the reality of today’s business, a policy exception may be necessary. This is all part of the same process, so if an access request violates policy yet an exception must be approved and added, you can centrally monitor all exceptions throughout their lifecycle, set an expiration date on each for automatic recertification or rule removal.

Key Benefits:

  • Key insights to better manage network security policies and network segmentation
  • Gap analysis of desired vs. actual network segmentation
  • Ensure a policy violation does not go unnoticed for better risk and compliance
  • Centrally manage policy violations and exceptions for continuous compliance and risk management and streamline operations
  • Centralized control across multiple firewalls across the network;