A version of this blog was originally posted to the Fuse blog on January 31, 2021. Fuse is the global community of 15K+ Fortinet users.
Traditionally changes like digital transformation in an organization were undertaken after thorough assessment of known risks and time-tested methodologies to scope resources, time and cost to adopt to such changes. We all are in the midst of global uncertainty and the demand for change and sustenance are both rapid as well as spread over uncertain timeframe. Largely organizations have now stabilized their network and access to resources, however the impact of the changes as well as the need to grow the business through transformation will top the agenda at the executive meetings.
How does sudden change jeopardize your comprehensive plans?
Throughout the period of uncertainty, it is challenging to maintain the critical balancing act between supporting growth and managing voluminous changes with an objective of a secure and compliant infrastructure. Let us take a look at certain scenarios that affect the security and compliance posture of your organization due to the current global scenario:
Manual error prone change processes
Pivoting quickly to address unexpected scenarios result in large change management requests. Overreliance on manual processes to assess impact of network access change can be cumbersome and time consuming. This approach may work in small settings, however as you scale up to accommodate change and drive growth, this process will limit the extent of reliable assessment as well as it will lose the context and history of the changes made to your network security devices. Any changes made with improper assessment will lead to misconfigurations that can increase the attack surface and expose your network to malicious attacks.
Poor resource utilization
Enterprise networks are perennially diverse and thus complex by nature. The network and security teams now are stretched thin to support the uncertainty as well as planning for sustained business needs over near future. Adding newer security devices may require your resources to acquire new skills to manage these devices as well as take the focus away from strategic projects that can fuel organization’s growth.
Increasing technical debt
Fast paced network environment often leads to redundancy and introduces technical debt of cluttered and complex environment. Changing roles, responsibilities and staff leads to knowledge lost in transition thus leaving behind plethora of unwanted and unauthorized changes. Troubleshooting the network with such complexities becomes a tedious, time and resource consuming operation.
Enabling a secure and compliant infrastructure with orchestration and automation
Below we will review how Tufin, a Fortinet Fabric-Ready partner in the Open Fabric Ecosystem can help you to take control of your network and security needs through the integration between Tufin Orchestration Suite and FortiGate Firewalls and FortiManager.
Automation leads to efficiency
The demand for new access and change requests have reached astronomical proportions due to users requesting access to various productivity tools and resources to perform their jobs remotely and also due to deployment of new security devices to scale and secure the new perimeter. With Tufin Orchestration Suite, you can ensure that the requested changes will be assessed as per your organizations global security and compliance policy guardrails and will be deployed automatically within minutes instead of days. Even complex changes that require deeper analysis can be implemented through a simple and auditable workflow through native or 3rd party ITSM tools.
Below, we see an example change request workflow implemented through SecureChange. Once the request is submitted, SecureChange automatically identifies the network devices on which changes will be required, as well as any risk associated with the change request as defined by the enterprise’s compliance policy guardrails. After the request has been reviewed and approved, SecureChange automatically provisions and verifies the changes. This example workflow makes use of a moderate level of automation, however the level of automation can be increased or decreased according to the desires of the enterprise.
Simplifying management with visibility
Managing and securing a multi-vendor diverse network environment can be simplified by comprehensive visibility of your network topology and ability to leverage native features to secure your organization’s critical assets. Fortinet NGFW provides granular controls like Fortinet Web Filtering and FQDN to secure your resources. Tufin Orchestration Suite will help you to leverage these NGFW features in addition to standard firewall visibility in a multi-vendor diverse environment.With the complete network security and compliance at your fingertips, your team can now focus on priority growth projects and flatten the learning and management curve of complex diverse environments. Below is a depiction of the network topology with Fortinet appliances in a hybrid environment.
Decluttering technical debt
Periodic review of the rule base on each security device in your network will ensure security and stability to your network. Obsolete and shadowed rules can be identified and decommissioned through automation and Tufin Orchestration Suite will ensure that only relevant access rules are retained. A clean ruleset reduces troubleshooting time and a clear audit trail also preserves the historic context and business justifications, thus facilitating proper handover during transitions.
We have highlighted rule cleanup process below to demonstrate the rule cleanup process. In this example, duplicate network objects, which may represent legacy objects or generally poor network hygiene, are easily identified and can be aggregated or removed.
Rapid changes due to digital modernization are here to stay and organizations will have to be in a constant state of flux to keep pace with the changes. Maintaining growth and agility requires a fine balance that can be achieved with comprehensive control over the complex environment needs. Driving security and efficiency through robust security solutions from Fortinet and orchestrating the resulting infrastructure with Tufin Orchestration Suite through visibility and automation will ensure a secure and compliant infrastructure without sacrificing speed and agility.
With Tufin you can set and manage segmentation policies across your hybrid environment. Tufin provides integrations with all leading network security devices for comprehensive visibility into your network topology and accurate policy change orchestration. Gain visibility of your Fortinet infrastructure with Tufin Firewall Change Tracker. This free tool allows you to track rule changes for multi-vendor firewall devices, regardless if the firewall device is in the cloud or on-premise. With just a few clicks, users can get it up and running immediately.
To learn more about Tufin’s relationship with Fortinet, visit https://www.tufin.com/supported-devices-and-platforms/fortinet-firewalls.