Today’s enterprises currently manage dozens, if not hundreds, of firewalls and network devices. Each device has its own policy - a complex set of rules defining the access privileges and restrictions for specific users and services. Tufin SecureTrack™ provides a unified top-down view of all firewall policies, as well as related network devices, allowing security teams to individually supervise each piece of the puzzle.

Tufin SecureTrack continuously monitors firewall configuration, detecting and reporting changes. With real-time monitoring, you receive detailed notifications as well as alerts to possible compliance violations. The system maintains complete records and can attribute each action to the firewall administrator who performed it, for true accountability.

As thousands of change requests are processed by the firewall operations team, and organizational security objectives evolve over time, the underlying configuration rule bases become extremely large and intricate. In fact, many of the rules and objects in a typical firewall rule base are obsolete. These unused rules represent a potential security hole and should be eliminated. But firewall operators do not have an easy way of identifying these rules using standard administration tools.

In addition to security risks, a poorly maintained rule base can have a major impact on performance. The entire rule base is parsed from top to bottom with every network connection, and as the rule base grows, hardware requirements also increase. Overly complex rule bases are difficult to maintain and must be cleaned up regularly.

The implications of a firewall configuration error can be severe - from a security breach to network service interruption, or even network downtime. Therefore, it is important to analyze the impact of every change before it is implemented on the ground. Given the size and complexity of the firewall rule base, this task is very complicated, yet it is generally performed manually by firewall administrators who lack the proper tools for rule base analysis.

Tufin SecureTrack’s Policy Analysis simulates the rule base to test whether a traffic pattern is currently blocked or allowed and recommends corrective action. Compliance Alerts inform security managers about changes that allow or block unauthorized traffic. The Security Risk Report automatically assesses your current Security Score and indicates violations of compliance policies.

Over the years, a series of best practices have evolved that enable organizations to manage their security infrastructure more effectively. Given the variety of devices - different vendors, versions and administration tools - it is difficult to enforce industry best practices throughout the organization.

Network security teams are frequently challenged by the requirement to secure unrestricted network segments without disruption to critical business services. Installing a firewall on an active, currently unsecured network segment is a labor-intensive and risky process. So in many cases, organizations opt to leave certain segments unsecured rather than risk downtime to crucial business services.