Posted on Dec 1st, 2020 by Ofer Or

IPAM Security Policy App

Network change is constant, yet security must also be constant. 

One of the oldest adages in security is “You can’t secure what you can’t see.” This has been a persistent truth throughout the ongoing evolution of modern networking. And in this evolution we know another truth – the network changes. 

That’s why at Tufin we’ve developed the IPAM Security Policy app, available through the Tufin Marketplace.  

Network estate changes are frequent but often uncommunicated. Different teams are responsible for different tools whose updates are infrequent, and often data is out of date by the time an Excel export makes it way to the hands of network security. For consistent security policy enforcement, network security teams must have consistent visibility over the network estate.  

Tufin customers can now integrate SecureTrack with leading IPAM solutions (often provided as part of a DDI solution) from Infoblox, Bluecat, efficientIP, and phpIPAM (opensource). The app, like any other marketplace app, installs and is configured in just a few minutes.  

Tufin’s IPAM Security Policy App provides out-of-the-box integration with all the leading IPAM solutions for automatic IP syncing. 

IPAM Security Policy app users can now sync subnet data from their IPAM solution based on attribute(s) defined (often by IPAM adminstrators) to populate and maintain network segments - based on their existing single source of truth. This results in automatically updated and accurate network zones within your Tufin Orchestration Suite installation, which prompts accurate alerts over policy violations, provides visibility over network estate changes, and ensures accuracy of risk calculations during access requests.  

This integration enables you to maintain your existing processes and leverage your existing solutions to build an accurate network segmentation model with Tufin’s Unified Security Policy.  

Tufin’s IPAM Security Policy App syncs your IPAM output and SecureTrack and can use the attributes you have defined within your IPAM solution. 

You already have the tools, and now you just need a service level account for your IPAM solution to easily build and maintain an enterprise network segmentation model. 

And for customers that need to prioritize and mitigate vulnerabilities in their critical infrastructure, the IPAM Security Policy App populates your network segments for contextual analysis to identify which assets are contextually exploitable (see our Vulnerability Mitigation App for further details). 

For further information and to download the app, please visit our marketplace. The app is available with a free 30-day trial license. For pricing, please speak with your account rep or email sales@tufin.com

Vulnerability Mitigation App (VMA) Enhancement

Announcing VMA 2.0.  Tufin’s VMA allows organizations to prioritize remediation and mitigation efforts by enhancing vulnerability data with network insights. Prioritize vulnerabilities based on the risk to your organization.  The latest version of VMA adds the following new capabilities:  

  • Support for disabling access and restoring access to vulnerable/patched assets using the Group Object Modification workflow. This workflow provides the ability to enforce temporary mitigation of access, to allow time for remediation and to restore connectivity once patched. 

  • Topology-based analysis to determine if network and host-based vulnerabilities are exposed to the Internet, or other untrusted zones, through the exploitable service. 

  • Reporting based on most prevalent exposed vulnerable assets and most exposed zones

Tufin’s VMA supports immediate mitigation of vulnerabilities through initiating an access change request through group modification workflow.  

For further information and to download the app please visit our marketplace.  The app is available with a free 30-day trial license.  For pricing, please speak with your account rep or email sales@tufin.com.