Posted on Feb 16th, 2011 by Reuven Harrison

Hi,
We're here at the RSA show in San Francisco this week to present our exciting new features in the Tufin Security Suite (TSS) 5.3 release.

This new version includes several major enhancements to our solutions:

  • Support for the Palo Alto Networks Next-Generation Firewall
  • Enhanced Automatic Policy Generator
  • Support for PCI-DSS 2.0
  • The Zone Manager

In this post, I'll give several examples for how TSS 5.3 delivers operations management and auditing solutions for Next-Generation firewalls.

Next-Generation firewalls support two new dimensions of security that were traditionally not enforced by firewalls: user access and application access. This extension to the firewall functionality is so natural and useful that it is bound to become the standard for all firewalls. That's why, in 2010, we've seen an increase in demand for Next-Generation firewalls, as more and more of our users were asking us to add support for Palo Alto Networks.

TSS 5.3 now supports this new firewall type. It provides monitoring, alerting and reporting for policy changes including changes to application definitions which Palo Alto Networks delivers through automatic updates. This means that you'll be able to get notifications and reports every time an application, or application group (or filter), is modified, either manually or automatically.

The Palo Alto Networks firewalls can also be analyzed using interactive policy analysis queries. This gives our users the ability to trouble-shoot connectivity problems and design policy changes using any of the rule fields: source, destination, service, user and application!

For example, if John opened a help desk ticket reporting broken access to the CRM, you can run a query to see which rules are blocking this access.

Compliance policies are now also user and application-aware, meaning that you can set up black-lists, white-lists and business continuity policies to protect your environment from dangerous changes and to perform firewall audits.

For example, you can now generate a PDF report of all the rules allowing Collaboration applications across all of your firewalls.

I'll follow up with posts about the other TSS 5.3 features during the week.

Live from RSA - San Francisco,
Reuven