Last updated August 18th, 2023 by Tufin
Large enterprises have been building applications in the cloud for years, but over the past 12 months, we seem to have hit a tipping point. The cloud is now fully mainstream. If you are like most companies, you’re seeing an explosion of cloud-first applications, built with lots of new technologies, that all depend on access to network resources that you need to protect.
It’s getting harder and harder to configure, certify, and deploy all these applications as needed. The blind spots you have in the cloud are getting worse, and the backlog of requests is building up. Sure – cloud apps are great for the business because of their fast time-to-market and greater flexibility – but that all puts extreme pressure on network security.
Network security teams need an end-to-end view into that stretches from their traditional enterprise network out to all the cloud environments where development efforts are happening. Our latest upgrades to the Tufin Orchestration Suite do just this.
Tufins R23-1 release delivers new enhancements to extend network security teams’ visibility and control into the cloud. As a result, Tufin customers can accelerate application delivery while optimizing security.
Key highlights of the R23-1 release include:
- Best-in-class network access automation and security policy management for Microsoft Azure (including Azure Firewall), resulting in better network visibility.
- The introduction of Cisco Meraki allows centralized visibility into Firewall policies, connectivity troubleshooting, and compliance monitoring.
- Network topology support for AWS Gateway Load Balancers, enabling change automation for firewalls running on AWS.
- Device grouping within the Interactive topology map, making it easy for teams to identify network segments and the connections between them.
Everything new in R23-1
To summarize the video content above, here is a complete list of R23-1’s new features:
Enhanced Support for AWS Gateway Load Balancers
Tufin now supports advanced policy search and interactive network topology modeling for AWS Gateway Load Balancers. This enables advanced path analysis, network connectivity troubleshooting and change automation for firewalls in AWS, resulting in better network visibility across hybrid networks and faster deployment of cloud changes.
Viewing and Management Cisco Meraki Firewall Policies
Tufin customers now have a faster and easier way to view, search, and optimize Cisco Meraki firewall device rules. Security teams can now visualize and manage all Cisco Meraki Firewall Policies from a central console. This accelerates connectivity troubleshooting and compliance monitoring by providing holistic, cross-platform management.
Topology Support for Azure Virtual WAN and Azure Shared Express Routes
Tufin users can now import Azure Virtual Hubs from Azure subscriptions and view these and Azure Express Routes in Tufin’s interactive topology map. This provides full topology modeling of the Azure environment, which gives better network visibility and change automation for firewalls running on and connecting to Azure (shared across multiple Azure subscriptions).
Improved Viewing and Management of Azure ASGs
Tufin now delivers a faster and easier way to view, search, and optimize Azure Application Security Groups (ASGs) that are part of Network Security Group (NSG) rules. Security teams can now troubleshoot ASG application connectivity and gain broader visibility and control across hybrid environments.
Incorporation of Azure Firewalls into Change Automation
Tufin now supports Azure Firewalls as part of the change automation process. Tufin will verify whether access exists already when a change is requested, saving significant time and avoiding lengthy redos. Once a change request is moved forward, Tufin’s automatic target selection mechanism eliminates the need to manually search for relevant firewalls to implement the request. Proactive risk assessment ensures that compliance regulations and internal security procedures are enforced. Once the change has been performed (outside of Tufin), it can be verified to ensure the request is implemented, helping to achieve better change SLA’s.
Change Implementation for Panorama
Tufin now provides the option to commit changes to Panorama devices made by the Tufin user, without committing changes made by other Panorama users. This allows for more granular auditing of the change process.
Automation Support for CheckPoint FQDN
Tufin now supports full network change automation, both on-prem and in the cloud, for CheckPoint FQDN objects, providing a more comprehensive and accurate view of the network where FQDN is set up on devices. Automatically designing and verifying access requests containing FQDNs makes the change process both safer and faster.
Interactive Topology Map Device Grouping
Tufin offers users the flexibility to either group the topology by customer defined (device) domains or as freeform customized groups, such as different data centers, or public or private clouds. This provides better network visualization and allows Tufin users to easily identify network segments and the connections between them. Network administrators and security teams gain structured visibility into their network infrastructure to identify potential misconfigurations or vulnerabilities and troubleshoot network connectivity issues.
Interested in hearing more about the new features in this release? Contact your local rep and set up a time to chat: https://www.tufin.com/contact-us/sales