Posted on Oct 22nd, 2012 by Michael Hamelin

This is the first in a series of posts from the Tufin team about how we brought SecureApp to market. Below is my story. Experts from multiple disciplines agree that analogies play a significant role in cognition, influencing explanation and communication. That is why college entrance exams in the U.S. test for the ability to correctly interpret analogies, and why I use them so often in my role as Tufin's Chief Security Architect.  Nothing helps to cut to the chase quicker than good analogy.  In fact, I was hoping the title could speak for itself, but in case it doesn't, here's the story behind it…

In support of the launch of our newest firewall management product, SecureApp, I went on the road to present at a series of dinner events.  My role was to educate our customers and partners on what SecureApp is, how it fits into our existing product suite, and why we are confident that it will be the firewall management game changer we believe it to be.

Over the course of four weeks, I did 12 presentations in 12 different cities across two continents, one of my biggest take-aways from these dinners, was that network security teams have had a wide set of pains behind a wide set of application management issues for quite some time, many of which were impacting firewall teams.   It is only because the firewall management market has matured to its current state that they were even in a position to address them, and that we were in a position to really help.

Seven years ago, our customers' biggest pain was device complexity (e.g. - bloated rule bases). SecureTrack was the answer to that problem. Once they got a handle on managing their devices, process complexity (e.g. - security change automation) took center stage, which resulted in our bringing SecureChange to market.  But as good as SecureChange is, automating change management processes doesn't eliminate the fact that  firewalls were not designed with application connectivity in mind, and as we all know, these days corporate IT is all about applications

An organization with complex enterprise applications performs anywhere from 30-100 firewall changes per week. In other words, Application Connectivity - managing how to bolt business critical applications onto the network in a secure and compliant way - drives the majority of firewall change requests.   However, in a recent Tufin survey we found that roughly half of all firewall changes need to be re-done.  When we dug into the survey data, we learned that the vast majority of the time, firewall changes are re-done because of missing, inaccurate or mis-communicated application connectivity requests.

Part 2 of this post will look at how SecureApp  - our new application connectivity management platform - marks the beginning of a paradigm shift in the security policy management market by delivering a top-down approach based on business requirements, instead of a bottom-up approach based on configurations.

I'm sure there's an analogy in there somewhere…