2023 Tufinnovate World Tour.

As we wrap up 2023’s Tufinnovate World Tour, we’re thrilled to end on a high note. This year’s world tour was a huge success due to its significant reach and powerful message of convergence across cloud and network security. The world tour format, stretching across four continents in four months, blended intimate in-person events with accessible online sessions. 

Throughout the tour, network and cloud security teams gained more profound insights into network security’s evolving landscape, particularly in light of cloud technology’s transformative impact. Our speakers emphasized the importance of integrating the Tufin Orchestration Suite into network architectures, showcasing its value in achieving comprehensive security. 

Having customers share their experiences was incredibly valuable, as it highlighted the real-world impact of our solutions and demonstrated how Tufin is a vital part of their network setup. 

Recap: 2023 Tufinnovate World Tour 

The tour spanned several continents, with stops in major cities across the globe such as London, Paris, Munich, and Sydney. Attendees could participate in tailored breakout sessions, where they could choose between two distinct focus tracks: a leadership breakout or a practitioner breakout. 

The tour’s final two stops were held virtually in North America, with East Coast and West Coast events. The tour covered a broad geographic scope, beginning in Europe in May, then traversing through the Asia-Pacific region in July, and closing in the United States in September. 

Our featured keynote speaker for the US-based events, Jonathan Nguyen-Duy, a Cybersecurity Strategist and former Global Field CISO at Fortinet, hosted fireside chats with customers on both occasions: Caleb Bontrager, Lead Telecommunications Technologist at the State of Delaware, and Cheryl May, the Vice President of Network Security at Mitsubishi UFJ Financial Group. 

Speaker Highlights

1. Jonathan Nguyen-Duy: Keynote Presentation and Fireside Chat on The Convergence of Network and Cloud Security 

In Jonathan’s keynote, The True State of Cybersecurity & How to Get it Right, he delved into the current state of cybersecurity, highlighting that despite a significant influx of private equity investment amounting to $11 billion in cybersecurity, a staggering 99% of vulnerabilities exploited are known for at least a year prior.

Jonathan went on to share the following statistics, illustrating the need for organizations at large to improve basic security hygiene—particularly on aspects such as proper asset management and configuration management:   

• 83% of breaches stem from human error 

• 43% of breaches occurring in the cloud are attributed to misconfigurations of public-facing services 

• 50–70% of breach notifications are made by third parties such as researchers or law enforcement, indicating that internal security teams failed to detect breaches themselves 

• 67% of organizations are expected to fall victim to ransomware attacks 

Above all, he noted that many organizations still operate in a state of blindness, lacking sufficient resources and personnel to manage cybersecurity threats effectively. The evolution of cybersecurity maturity follows a trajectory from being blind to threats to transitioning to reactive, then proactive, and ultimately aiming for predictive capabilities. However, despite this progression, a significant portion of organizations still find themselves in the blind stage. 

Jonathan ended on a hopeful note by citing artificial intelligence’s potential in predicting and managing risks, the advantages of consolidating vendors, and the importance of taking a holistic approach that considers technology, people, and processes.  

2. Alon Buteliano: Partnering with DevOps to Deliver Application Faster and Safer   

During his presentation, Tufin’s Director of Product Management for Platforms, Alon Buteliano, emphasized Tufin’s ability to streamline collaboration among various teams operating in the cloud to enhance both security measures and the speed of application delivery. He delved into the intricacies of different teams working within the cloud environment and outlined roadmap items designed to unify these teams effectively by addressing specific use cases.

Alon highlighted the inherent differences between network and cloud security teams, including skills, processes, and tool variations. He noted that while network security teams typically oversee and manage most on-premises infrastructure, they also extend their responsibilities to cloud hubs. Additionally, Alon touched upon the significance of cloud units within organizations, underscoring the need for cohesive strategies to manage these critical components effectively.

3. Erez Tadmor: How Advanced Customers Maximize the Value They Get from NSPM

Tufin’s Network Security Evangelist, Erez Tadmor, opened his presentation, How Advanced Customers Maximize the Value They Get from NSPM, by delving into the findings of Forrester’s Total Economic Impact of Tufin report, which provided insights into the ROI of Tufin, mainly: 

• 94% reduction in effort for network change analysis  

• 95% increase in audit and reporting efficiency  

• 80% reduction in vulnerability-related breaches and risks 

He continued the discussion by zeroing in on the NSPM maturity model curve and elaborating on strategies to effectively integrate various vendors commonly found in organizational environments with Tufin. 

Lastly, in theme with other speakers this year, he explored ways to maximize the utility of Tufin, particularly in the realms of audit, compliance, and automation. Erez offered a specific example where he demonstrated how Tufin can help prevent introducing new security policy violations into an organization’s suite. 

4. Ricky Egge: Making the Move to Network Security Automation 

During his presentation, Making the Move to Security Automation, Tufin’s Director of Sales Engineering, Ricky Egge, discussed the rationale behind utilizing automation, including risk reduction within the environment and eliminating unnecessary elements from a rule perspective. He highlighted how automation facilitates streamlined processes for handling new access requests, ultimately transforming day-to-day operations. 

Touching on the importance of minimizing risk and identifying policy violations, he highlighted the efficiency gained from maintaining a concise rule base and elaborated on how Tufin’s rule viewer capabilities clean up redundant rules and identify unused elements. 

Additionally, Ricky outlined verification and manual remediation steps to mitigate risk further and optimize rule-based sprawl. He also shared insights into Tufin’s automation capabilities—from topology mapping to unified security policy enforcement—and how these functionalities benefit users. 

5. Brian Gladstein: The Evolution of Network Security Policy Management 

In my presentation, I touched on NSPM trends and the NSPM journey. I shared advanced customers’ best practices and success stories on maximizing the value of Tufin’s network policy and security management implementation. Following the themes covered by our speakers, I also discussed examples of customers who transitioned from highly automated processes to proactive security measures.  

I detailed a comprehensive approach to achieving protection and agility, touching on the following roadmap:  

1. End-to-end visibility

2. Realized through: 

3. Policy visibility and optimization 

4. Vulnerability prioritization 

5. Risk detection, compliance, and public policy guardrails 

6. Attack surface reduction 

7. Network automation

8. Realized through: 

9. Topology mapping and path analysis 

10. Change design and proactive risk analysis 

11. Rule recertification management 

12. Pre-change vulnerability rule check 

13. Enterprise automation

14. Realized through: 

15. App-centric policy management 

16. Enterprise resiliency 

17. Automated change provisioning

18. Realization of zero-touch security automation