Last Month, Phil Schacter of Gartner published a report titled "How to Assess Risk and Monitor Compliance of Network Security Policies." In his report, he states:"Network security teams struggle to understand the impact of changes to access rules and to diagnose service availability problems across multiple firewalls, routers and other network access enforcement devices."
We at Tufin are intimately familiar with that struggle. In fact, we live it daily. We have seen the rate of policy changes across our customer base increase at a dizzying rate, mainly due to increased network complexity which makes managing (network) connectivity, compliance and communications with other IT groups difficult - if not impossible - to accomplish without automation.
As a result, we have built or value proposition around helping our customers manage what we call "the five C's": Complexity, Change, Connectivity, Compliance and Communication. At the end of the day, everything we do here at Tufin is for the sake of helping our customers address these five pain points.
Phil's report is primarily focused on two of the five C's - Change and Complexity. They will also be the focus of our July 24th webinar, featuring Phil called 'Complexity and Constant Change: A Lethal Combination for Network Security Policies and Processes.' The webinar will dig into how change and complexity are impacting network and security teams, and (of course) how we can help. We encourage you to attend. You can register for the webinar here.
To quickly set the context:
Complexity- enterprises have hundreds of firewalls, routers and switches, all with their own complex configurations and thousands of access rules. All have to be managed, tracked and catalogued which makes it a daunting, time and resource-consuming task without standardized, automated, security policy management.
Change- many organizations have tens to hundreds of security policy changes to provision and track every week. The combination of rapid change and time pressures mean mistakes happen and vital steps are missed which can leave businesses wide open to threats. Moreover, time lags for implementing changes and deploying new applications can lead to expensive service delays, interruptions and downtime.
But Complexity and Change are particularly daunting in light of the other three C's - Compliance, Connectivity and Communication. In June, we produced a webinar on how automating policy management can ease the burden of PCI Compliance, which can be viewed here. While PCI is just one compliance use case, it is one many organizations contend with and one where Tufin provides a compelling business case. The Tufin Security Suite can reduce the time and cost of firewall audits by up to 70%, and creates a scenario where rule bases are inherently more secure and continuous compliance with components of PCI becomes painless. For more information regarding leveraging Tufin solutions to maintain compliance with internal and regulatory requirements, check out https://www.tufin.com/resources/webinars
As for the other two C's - Stay tuned for upcoming webinars focused on Connectivity and Communication, they're coming….
In the meantime, sign up for the webinar and join our CEO, Ruvi Kitov and Gartner's Phil Schacter as share practical strategies for managing policy changes in highly dynamic network environments.