In today’s modern enterprise, sprawl, fragmentation, and complexity have become the norm. Security teams are managing an ever-growing sprawl of firewalls, cloud platforms, SD-WAN solutions, and SASE architectures. While these tools promise agility, what they often deliver is operational complexity, siloed visibility, and inconsistent enforcement that puts compliance, uptime, and risk management on the line.
This is the challenge the Tufin Orchestration Suite (TOS) R25-2 was built to solve.
With R25-2, we’ve taken a significant step forward in our mission to extend our unified control plane, a centralized management layer for orchestrating critical, network-wide processes across multi-vendors including connectivity, risk assessment, policy management, and compliance.
This latest release brings significant enhancements in four key areas: topology accuracy, cloud automation and compliance, SASE policy control, and AI-powered insights.
Solving the Chaos of Complex Networks
Security and network teams are under pressure to do more with less, less visibility, fewer resources, and less tolerance for risk. Yet, the environments they manage are only becoming more complex and fragmented: thousands of firewalls across global data centers, countless cloud accounts in AWS, Azure, and GCP, and a rapidly expanding edge defined by SASE and Zero Trust.
Each of these platforms brings its own interfaces, tools, and rule structures. Managing them separately is inefficient, but also very dangerous. When teams operate in silos, policy drift emerges, manual work increases, and security and compliance gaps grow.
Tufin solves these challenges with a unified control plane that gives security and network teams a consistent, end-to-end way to manage across all platforms, all vendors, in all environments.
Improved Topology Accuracy
As enterprise networks grow more distributed and complex, the ability to accurately understand how policies are enforced across different vendors and environments becomes increasingly difficult. Teams often operate without a clear view of how traffic moves through the network, leading to blind spots, misconfigurations, and delayed incident response. This lack of topology awareness directly impacts performance, security, and the ability to scale policy automation.
With the R25-2 release, Tufin significantly strengthens its topology visibility by introducing expanded support for Palo Alto External Dynamic Lists (EDLs), Cisco FMC App-ID and URL categories, Cisco ACI Endpoint Security Groups (ESGs), and Policy-Based Routing (PBR). These enhancements deliver a more complete and accurate view of traffic paths and policy logic across hybrid infrastructures.
As a result, teams can troubleshoot faster, avoid critical missteps in access control, and safely accelerate policy changes. This level of precision is foundational to secure automation at scale.
Strengthening Cloud Compliance and Automation
Cloud transformation brings speed, but it also introduces risk. Security teams are often left chasing a growing number of accounts, projects, and services that are launched without clear guardrails or governance. Manual provisioning of cloud policies quickly becomes a bottleneck, and disconnected security tools lead to inconsistent enforcement, compliance gaps, and drift.
Tufin R25-2 meets this challenge with a major leap forward in cloud security automation and compliance. The release includes full provisioning support for Microsoft Azure Network Security Groups (NSGs) and any device onboarded via Tufin’s Open Policy Model (OPM) framework, allowing teams to enforce policy consistently across hybrid infrastructure. Organizations also benefit from proactive violation detection in AWS, Azure, and GCP, helping teams identify risky and non-compliant configurations before they escalate.
With automatic onboarding for new cloud accounts and cleanup of overly permissive rules, security teams gain end-to-end control over their cloud environments, without slowing down DevOps or deployment timelines. When it comes to Cloud, Tufin makes it possible to move fast and stay compliant at the same time.
Streamlined SASE Policy Control
The rise of SASE has created a new policy management challenge: enterprises must now manage access control across multiple security layers, including firewalls, cloud infrastructure, Zero Trust Network Access (ZTNA), and Firewall-as-a-Service (FWaaS). These environments often run on different platforms, with different teams responsible for their upkeep, leading to inconsistent policies and enforcement, duplicated work, and unclear ownership of risk.
R25-2 bridges these gaps by introducing enhanced integration with Zscaler Internet Access (ZIA). Security teams can now design and deploy ZIA policy changes through automated workflows, complete with proactive risk validation and change tracking. Tufin’s Rule Optimizer also now supports Zscaler, helping identify and remediate overly permissive rules that weaken access control and expose the business.
By bringing Zscaler into the same policy lifecycle as firewalls and cloud platforms, Tufin enables unified policy governance from branch to core to cloud. Organizations gain a single view of their hybrid and SASE security posture and the ability to enforce Zero Trust policies at scale.
AI-Driven Insights with TufinAI
Even when policy data exists, getting to it is a challenge. Security and network teams spend too much time digging through complex rule sets, writing queries, or waiting on subject-matter experts to answer basic questions. This not only slows down decision-making, but it also adds unnecessary overhead and creates bottlenecks in fast-moving environments.
In the R25-2 release, the TufinAI Assistant for Rule Search, the platform’s simplified natural language search, helps users instantly find the right rules based upon specific criteria. With intuitive, conversational search, any team member can ask a question like “Which rules allow traffic from the internet?” and receive an accurate, policy-aware answer in seconds without needing scripting expertise or deep platform knowledge.
The result is faster analysis, greater autonomy for junior team members, and smarter collaboration across network, security and compliance teams. TufinAI helps democratize policy insight, ensuring the right people can make the right decisions, quickly and with confidence.
One Platform, One Control Plane, Total Network Control
Tufin R25-2 represents a strategic platform investment in how teams operate, secure, and scale in today’s multi-vendor, multi-cloud, and perimeter-less networks.
By expanding the capabilities of our unified control plane, R25-2 helps security and network teams:
- See more with precise network topology
- Automate more with safe, scalable policy orchestration
- Reduce more risk with compliance-driven guardrails and AI-powered insight
As organizations face relentless network changes, rising threat pressure, and stricter compliance demands, The Tufin R25-2 release continues to deliver the platform built to give your teams the visibility, policy automation, and continuous compliance they need for total network control.
Ready to see R25-2 in action? Request a demo or contact your Tufin team to learn how we can help you simplify hybrid network security, accelerate change, and stay in continuous compliance.
Ready to Learn More
Get a Demo
