Posted on Sep 17th, 2014 by Ofer Or

We recently announced a ground breaking partnership with VMware. It's set to change the enterprise security landscape significantly by allowing, for the first time, automation and visibility that significantly reduces the management burden of a micro-segmentation, across both physical and virtual networks.

In recent years, virtualization has enabled significant operational change by enabling the ability to implement a physical component on software and abstracting the logical from the physical into pools of resources. The abstraction of services is done in software and so can be programmatically configured by software. As a result, virtualization also enables automation. It's not surprising then, that in recent years virtualization has become the de-facto standard for achieving operational efficiency in the data center. And VMware sits as the clear leader in this field.

However, the network has not kept pace with this operational change. In fact, up until now, the network has been a barrier for data center virtualization. This is because:

  • It requires long and manual provisioning time
  • Workload placement and mobility is limited by physical network constraints and topology
  • Networks are operationally intensive as they require on-going maintenance

As part of the mission to achieve the same operational efficiency in the network, VMware acquired Nicira last year and this quickly became VMware's virtual network platform, NSX. NSX adds an additional layer of virtualization to the already virtualized servers, enabling automation, visibility and agility. The VMware SDDC vision? To enable a fully virtualized IT stack, from the network, through storage, servers and applications. In other words, a new and superior way to enforce network security.

The aim of our recent partnership with VMware is to take network security in to the virtual age. The integrated VMware NSXTM and Tufin Orchestration SuiteTM now delivers unified security policy management across physical and virtual networks within the Software-Defined Data Center (SDDC). It enables IT organizations to:

  • Manage and control micro-segmentation across physical, virtual and hybrid networks
  • Centrally manage security policies on firewalls, routers and switches throughout the entire data-center via a single interface
  • Access the risk posture and perform risk assessment before making policy changes
  • Continuously track security policy configuration change across virtual and physical networks
  • Reduce audit preparation time by up to 70 percent

Long term, the enterprise needs a unified and trusted security policy orchestration plane that spans physical, virtual and cloud infrastructure. Neil MacDonnald at Garter recently summed this up as 'a consistent management console and policy management framework'.

We are proud to be part of the initiative enabling the SDDC promise of enhanced security and agility through a trusted, automated and multi-vendor management platform and to enable a consistent segmentation policy across the entire network with each platform enforcing it at its own level.