Posted on Sep 13th, 2011 by Ruvi Kitov

Two days ago we announced the release of the Tufin Security Suite (TSS) version 6.0. First off, I'd like to say that I'm very proud of the superb job done by the Products and R&D teams - I'm honored to work with such a talented group of people…

This release has been a long time in the making, and is packed with "goodies" that our customers asked for.

The key enhancements which people found most exciting are:

Enhanced Next Generation firewall support - TSS 6.0 contains tighter integration of NGFW into various parts of the product, and furthers our ability to build compliance rules for NGFW policies (enabling admins to specify restrictions based on applications and users). We currently support Palo Alto Networks, and plan to add more NGFW vendors soon.

Enhanced Network Topology Intelligence - we've dramatically improved our ability to automatically build a graphical map of the various network devices (firewalls, routers, switches, etc). Based on the respective routing tables and access policies, we use graph algorithms to calculate the paths between different points in the network.

Why is this a big deal? Well, there are many uses for topology intelligence within our products, but the most interesting one (in my view) is when a user requests access through a SecureChange ticket, and that access may actually span multiple network devices. This means that the firewall admin will need to make configuration changes on multiple devices. SecureChange in TSS 6.0 can use Topology Intelligence to identify exactly which devices need to be configured, and the Policy Advisor can prepare a "cookbook" of which changes should be implemented on which device, in order to complete the change request.

Another cool feature of our topology graph is that it is auto-correcting: when routes change on network devices, we are aware of these changes in real-time, and re-build the network topology graph automatically.

The third enhancement that's worth mentioning is our new High Availability (HA) mode - customers have always asked us about HA for Tufin servers, and with the advent of SecureChange, which is a critical component in the change process, IT managers expect data synchronization and the ability to fail-over during power outages, even across remote data centers. With TSS 6.0, Tufin servers can be installed in a primary/secondary HA configuration, with continuous database synchronization, to ensure reliable and consistent data state following a fail-over.

There are many more enhancements, which you can read about here.

Now that 6.0 was launched, we're working hard on our next release - more news on that in a few weeks…

Take care,
Ruvi