There was a good turn out this year at the Check Point Experience and I was glad to see many of our US, Canadian and Latin American customers again as well as my colleagues from Tufin US and former colleagues from Check Point.
What stood out for me this year was the mainstream acceptance of our vision. In previous years, the majority of our discussions were about policy optimization and cleanup. This year, they were primarily about automating the policy change process.
It has been interesting to experience the evolution from manual firewall configuration, to semi-automated processes (involving tools such as SecureTrack Policy Analysis) and, now, on to the next level of maturity, which enables change automation through network infrastructure analytics. The abstraction of complex and multi-vendor networks allows security managers to understand the business requirement and to focus on security while low-level implementation details are accurately handled by automation.
One thing I especially like about CPX is the opportunity to meet security professionals who really understand and care about what they do. I met with a security manager from one of the largest service providers in the world who has been tasked to reduce his SLAs from several days to several hours. It seems like many security professionals are facing similar requirements and are looking for ways to accelerate firewall policy changes while maintaining (or improving) security.
There was also a lot of interest in SecureApp, our latest addition to the orchestration suite which adds the business application context above the change automation. I expect the evolution to application-centric change orchestration to occur much faster than the shift from manual change management to network change automation.
As I explained in our speaking session, "Are you orchestrating your network securely?", the IT industry is moving towards a Cloud model - meaning self-service, automation and agility are must-haves. For security managers, it is equally important to ensure control and governance, but I believe that these two will eventually be required throughout IT change processes. After all, risk is not unique to the security domain - it is a key performance indicator across the entire business.
As the move to (private and public) cloud models accelerates, most organizations will need to implement infrastructure abstraction in order to achieve their agility goals. Firewalls will become an abstracted component just like servers, storage and networks, and manual configuration of firewall policies will be replaced by orchestration of systems across the infrastructure.
From a founder's perspective, it is incredibly gratifying to see a vision materialize from concepts and conversations into large production deployments. While this is happening, we, at Tufin, are already working on the next phase, which will be no less exciting.
That I can I promise.