Security organizations are now required to perform periodic audits and demonstrate compliance with three different levels of security directives: regulatory requirements, corporate policy and industry standards. Due to the size and dynamic nature of firewall and network device security policies, it has become excessively complicated and time-consuming to perform these audits manually.

With SecureTrack, many organizations can complete audits in 25% of the time. Read the SecureTrack ROI analysis from Frost & Sullivan

Auditing and compliance teams must be able to perform periodic risk assessment on the level of the organization to ensure that risk is being managed in accordance with corporate security standards. Using Tufin SecureTrack, firewall policy can be analyzed to assess whether changes are in line with corporate and industry best practices. The automated Security Risk Report shows your current Security Score and risk trends through assessment of predefined risk factors and your organization’s own compliance policies.

Tufin SecureTrack™ allows auditing and compliance teams to implement, manage and demonstrate support for leading standards including:

• Industry: PCI-DSS (designed to prevent credit card fraud, hacking and other threats) and HIPAA (designed to ensure the security and privacy of personal health data).
• Government: Sarbanes-Oxley, also known as SOX, (legislation intended to maintain financial accountability in public corporations) and the Gramm-Leach-Bliley Act or GLBA (provisions to protect consumers’ personal financial information held by financial institutions.
• ISO: ISO 27001 provides recommendations on information security management.

Over the years, a series of best practices have evolved that enable organizations to manage their security infrastructure more effectively. Given the variety of devices - different vendors, versions and administration tools - it is difficult to enforce industry best practices throughout the organization. For example, best practices have been developed for naming changes and creating comments to explain each change. Through Tufin SecureTrack managers can define best practices and are able to identify non-conformance for the full range of security devices.