Posted on May 21st, 2019 by Ofer Or

A recent report found that eight out of ten IT decision makers believe digital transformation increases cyber risk. Policy-based automation increases security and reduces the efforts invested in migrating existing applications and deploying new services. Tufin Orchestration Suite R19-1 delivers a unique automated process for server policy cloning, and also enables the enforcement of a unified security policy across unassociated IPs in the private network. To learn more about these new features and many others in this new generally available release, tune in to the R19-1 GA recorded webinar.

A Superior Automation Solution for Increasing Operational Efficiency

How much time does your team spend on server policy cloning per month?

Server cloning is driven by the extension and migration of applications, which has been accelerating due to the adoption of DevOps practices. As server cloning becomes more frequent, so does the need to clone server connectivity across the hybrid network. Having to duplicate server access across a complex, fragmented network can be effort-intensive and error-prone. It is a classic example of the trade-off between agility and security. If it takes too long, it could delay the availability of a new service and can impact revenues. If it is completed instantly without a process, then it can lead to misconfigurations that can expose your network to cyber risks.

Automation is key to eliminating this trade-off. By automating the process of server policy cloning you can reduce the time and effort associated with this repetitive task and ensure accuracy and auditability. Tufin Orchestration Suite R19-1 extends policy-based automation to sever cloning to help improve the speed and accuracy of managing security policies across networks undergoing digital transformation.

The new automated process for replicating server connectivity provides another “first step” in adopting automation. The Tufin Orchestration Suite provides several automated processes for administrative tasks such as firewall rule decommissioning, server decommissioning, rule recertification, and modification of group members. These processes are fully automated to provide high returns without requiring considerable configuration, making them an ideal way to start your automation journey.

Tighten Network Security with Categorization of Private Network IP Addresses

How are you managing your security policy? Are you sure it doesn’t have any “blind spots”?

Despite spending millions on firewalls, endpoint protection and other security measures, most organizations still lack a unified, comprehensive security policy governing who can talk to whom, and what can talk to what across the entire organizational network. We believe that fundamentally, your security is only as good as the policy that you define and enforce. For many organizations, the highest priority is defining a policy that protects their sensitive systems and data. Tufin helps customers configure specific network zones and define a zone-to-zone matrix of how these zones can interact with each other and with the external network (to learn more read this blog). However, the rest of the private network also requires protection.

In Tufin Orchestration Suite R19-1, there is a dedicated zone for subnets and IP addresses on the private network that are not associated with specific zones. The “unassociated networks” zone requires no configuration, and it can be used to set the access policy for the private network even before other zones are configured. This allows you to get started with network segmentation by quickly defining a basic 2x2 matrix for the pre-defined Internet and private network zones:

unified security policy risk matrix

What else is new in Tufin Orchestration Suite 19-1

The new release holds many significant enhancements for Tufin customers, including a new mechanism that allows topology path analysis queries to be saved. Customers leverage topology path analysis to troubleshoot connectivity problems and to plan access changes across the hybrid network. Tufin provides the industry’s most accurate topology analysis, which is the foundation for zero-touch change automation. With this new ability to save specific queries and to rerun “favorite” network paths, analyzing connectivity of critical applications is even faster.

Tufin also enhanced its support for next generation firewall policies by adding visibility for Palo Alto Networks URL categories. This allows Palo Alto Networks customers to visualize changes to URL categories and to identify potential risks. Cisco Nexus customers will benefit from the R19-1 GA with added support for Cisco Nexus VXLAN. And for Check Point customers, R19-1 adds automated server decommissioning for Check Point global objects to increase operational efficiency and accuracy.

Tufin Orchestration Suite R19-1 GA is available for download from the user and partner portal download page. To learn more about the enhancements, tune in to the R19-1 GA recorded webinar or read the release notes on the Tufin Knowledge Center.