Logo
Get A Demo
  1. Home
  2. Blog
  3. Network Security Automation
  4. Who Says Automation is Blind?

Last updated February 15th, 2023 by Sharron Malaver

I recently returned from the RSA Conference in San Francisco, where everyone who’s anyone in the world of IT security gathers to talk about the threats we all face from computer hackers and other malicious attacks, and how these can be countered. What’s clear from many of the customers I spoke to at the event, is that they’re under increasing pressure to automate previously manual security processes – such as managing firewalls, network changes, network segmentation and application connectivity controls. This is a view backed up by the results of our recent survey where around 91% of security managers reported that the on-demand nature of virtualization and the cloud has increased pressure on them to deliver applications and services faster.

There are three key elements to security automation. Firstly audit automation -particularly automating the process and procedures of firewall audits.

Secondly, process automation of a network change. This allows you to define and enforce the desired workflow when a network change is requested and if certain requests need to go for further approval. As part of the change process, automation also highlights which devices are affected by the change request and then designs that change accurately. All this naturally leads to reduced errors and faster implementation.

The last part of automation refers to security policy automation. It means security is automatically integrated and validated into daily operations checking whether a change violates a security or compliance requirement before the change is made.  This reduces the risk of network exposure and the risk of an outage.

A common fear I heard at RSA, was that automating means a loss of control. The reality is you’re far more likely to open yourselves up to attack if you continue to follow a manual approach, since network complexity dominates in any medium to large enterprise.

Typically, organizations have to make dozens of changes every week due to new applications and services. One of our large telco customers says they’re making 50 a day. Trying to handle that kind of volume and complexity manually is bound to result in errors. Indeed, around half of all network changes have to be redone. But while automating this mammoth task is clearly beneficial, you don’t have to lose control if you maintain manual sign off.

By using a Security Policy Orchestration solution, you can effectively do that and ensure greater accuracy of network changes with security checks ‘baked into’ the change process. The solution will automatically enforce your security policies across the organization before any firewall or network change is made, with a full audit trail to ensure compliance. In fact, what we often hear from customers is automation increases the accuracy of their security controls, as well as reducing their costs and frees up IT staff to focus on strategic initiatives. A clear win-win.

But what’s even nicer is you can decide on the level of automation that your organization needs. And at each stage of the process you can intervene to review, change or overrule something.

For instance you can automatically analyze the network path of a specific change, automatically simulate risk before the change is made on the network, automatically send a design ‘recipe book’ to the network ops teams of how the change should be implemented and then finally decide whether to provision that change manually or automatically.

So don’t believe the notion that increasing your agility through automation means reducing your control over security. Automation doesn’t have to be blind.

Take a look at an overview of our product suite and see for yourself.

You can also hear the webinar ‘Why You Should Care About Security Policy Orchestration

Don't miss out on more Tufin blogs

Subscribe to our weekly blog digest

In this post:

Background Image

Related Posts

Integrating Air-Gapped Networks: Fixing the Gap in Digital Transformation
Integrating Air-Gapped Networks: Fixing the Gap in Digital Transformation
TufinMate (Beta): Accelerating Network Access Troubleshooting with Change Automation
TufinMate (Beta): Accelerating Network Access Troubleshooting with Change Automation
The Power of Network Assurance for Enhanced Connectivity and Security
The Power of Network Assurance for Enhanced Connectivity and Security
Network Lifecycle Management: Enhancing Optimal Performance and Security
Network Lifecycle Management: Enhancing Optimal Performance and Security

Top Posts

How to Perform a Firewall Audit – Policy Rules Review Checklist
How to Perform a Firewall Audit – Policy Rules Review Checklist
Understanding AWS Route Table: A Practical Guide
Understanding AWS Route Table: A Practical Guide
What is a Firewall Ruleset? How can it help me?
What is a Firewall Ruleset? How can it help me?
Tech How-To: Configure Your Firewalls to Block the “WannaCry” Ransomware Attack
Tech How-To: Configure Your Firewalls to Block the “WannaCry” Ransomware Attack
Close