Automatically design, test and verify network changes to reduce the time it takes to respond to access requests.
“We are spending much less time manually updating each of our firewalls and can focus our attention on our custome”
— Bühler W., Network Team Manager
Tufin offers three subscription options. The following details the functionality delivered in each solution tier and how subscriptions are priced.
| SecureTrack+ | SecureChange+ | Enterprise | |
| Compliance, Monitoring and Reporting | |||
| Automatic Network Access Builder | |||
| Policy Optimization and Cleanup Automation | |||
| Rule and Object Cleanup Reporting | |||
| Rule and Server Optimization | |||
| Vulnerability Prioritization and Mitigation (VMA) | |||
| Distributed Architecture | |||
| Vulnerability-based Change Automation (VCA) | |||
| Rule Recertification Management | |||
| Access Change Automation | |||
| Interactive Topology Mapping | |||
| Change Deployment | |||
| Application Connectivity Management | |||
| High Availability | |||
| Support* | Standard | Standard | Premium 24/7 |
Use SecureChange+ or integrate with your ITSM to submit the requests with your ITSM
Automatically identifies firewall targets and security groups based on real-time, full path analysis of your network
Automatically performs risk assessment against the policy, vulnerability data and other third-party security intelligence to avert policy change violations and prevent access to risky assets
SecureChange+ automatically suggests the most efficient set of changes necessary across network devices and security groups to process a request ticket
The Verifier automatically tests to confirm that your change was implementated
All changes made are documented and reportable
Tufin orchestrates rule review across owners with an automated recertification process. It identifies expiring or expired rules and maps them to owners, eliminating many of the manual steps normally required.
SecureChange+ topology intelligence and dynamic mapping powers many of the capabilities that set Tufin apart from the competition.
SecureChange enables continuous compliance with internal policies and industry regulations, such as PCI-DSS, NERC-CIP, and HIPAA.
Proactive risk assessment is part of the network change design process. This vets proposed changes against your security/compliance policies, and it can be customized to cross-reference intelligence from third-party solutions, such as vulnerability management tools, SIEM, SOAR and endpoint threat detection tools.
Only Tufin provides agentless, multi-cloud policy management. Take full advantage of cloud-native infrastructure, maintain enterprise-wide visibility and control, and optimize segmentation across on-prem and cloud.
Integrate security guardrails into the CI/CD process.
Tufin easily integrates into your CI/CD process to serve as the security gatekeeper for your DevOps team, so they don’t need to change how they work. Tufin will alert on access changes that violate segmentation policies and proactively block the changes pre-deployment. This simple step can vastly reduce risk for your organization while trimming workload.
Vulnerability-based Change Automation (VCA) integrates vulnerability awareness into the change design process, by checking for vulnerabilities on source and destination during the change design process.
