Posted on Feb 22nd, 2012 by Reuven Harrison

When we started Tufin there was little awareness as to the complexities of managing firewall policies. Most of the interest was around tracking firewall configuration changes and we only supported Check Point. This may seem trifling today, but our early adopters realized the business value of receiving a policy change report by email and they loved it.

Seven years later we provide full support for the five leading enterprise firewalls, a graphical network topology model, a policy analysis module that simulates how packets are matched by rules, a security risk model, rule and object usage analysis, a firewall change request system and much more.

Our 900 customers are using our solutions to streamline firewall operations, automate audits and manage the firewall change process.

Our first version in 2012, R12-1, will be released in a few days and we've put some nifty features into it.

First, there's the new dashboard that allows you to see a high-level overview of your risk posture as well as recent configuration changes across your infrastructure and the policy cleanup potential. Security officers can use the dashboard to monitor their security status and identify areas that require attention such as data centers, customers and specific firewalls. The firewall operations team can continue the drill-down using the risk and cleanup browsers and pinpoint the root causes such as risky rules or redundant rules. The dashboard conveys the real-time status of complex environments and allows effective navigation to analyze and remediate problems.

The new policy analysis interface provides some functionality that many of you have been waiting for, like a fast and easy way to enter multiple IPs and Ports and to find rules that allow or block the access through one or more firewalls across the network, even with address translation (for Check Point in this release).

The network topology map now allows you to insert router configs in order to improve path calculations.

Juniper firewalls (ScreenOS and JUNOS SRX's) can now be monitored through NSM too, and Juniper SRX rule comments are now parsed to identify and report ticket IDs. Especially for you Jeremy.

One more interesting area of evolution in R12-1 is SecureChange - the access request has been enhanced to allow easier reading and editing.  The new Designer automatically recommends firewall rules that should be modified to cater for the access request and, once designed, the change can now be saved directly to a Check Point policy. Automatic provisioning also supports adding and removing members to network and service group.

I wanted to take this opportunity to personally thank our customers and partners for working with us. Your partnership and trust is enabling us to provide better solutions and more value.

Reuven