Posted on May 3rd, 2016 by Frédéric Nakhlé

With significantly more attendees at this year's Check Point Experience in Nice, I found myself conducting more back-to-back product demos and participating in multiple meetings with CISOs and CSOs as well as channel partners. What drove them to learn more about Tufin this year?

Certainly, the greatest interest was in full policy-driven orchestration. Was this a surprise? Well, when discussing their challenges, it was clear why they seek orchestration. Two-thirds of my interactions were with existing and prospective customers, predominantly CISOs and CSOs. They represented diverse industries – banks, financial institutions, manufacturing, energy and also MSSPs.

In my interactions with CISOs and CSOs at CPX, I encountered common pain points for enterprise security:

  1. Agility – enterprises are faced with the balancing act of business agility as a top priority while still maintaining security and compliance, as Tufin CTO Reuven Harrison described in his breakout session at CPX.
  2. Compliance – this was important for everyone, from every industry. I observed that for CISO/CSOs compliance was even more important than risk assessment. In particular, PCI DSS was a major concern for all. Here are important trends I noted regarding PCI DSS:
    • Enterprises are moving PCI DSS services in-house (often from outsourcing) due to updated regulations, DSS 3.1+ and also cost considerations.
    • Most industries, especially banking and financial services, typically move PCI DSS services to private cloud with a cluster of firewalls at the perimeter.
    • Interestingly, PCI DSS is usually managed by an independent team, separate from the rest of enterprise IT.

Other noteworthy trends and items of interest I observed include:

  • Prevalence/popularity of AWS in the EU - this was unexpected since I had thought that the popularity of AWS was mainly a trend in the USA.
  • Cloud Console and Application Discovery – these features and other new capabilities in the Tufin Orchestration Suite R16-1 release caused considerable excitement.
  • Network Abstraction Layer – is still viewed an innovative concept since folks are extremely happy to be able to view all devices/vendors.
  • Interactive Topology Map with showing the full path route across the entire network (physical -> through cloud across enterprise network) was very popular.

Your Balancing Act?

We'd like to hear what your balancing act is for enterprise security? Please comment below.