Network segmentation is the cornerstone of good network security to protect sensitive data contain attacks. Yet organizations of all sizes are struggling to maintain their desired network segmentation while keeping up with constant access changes requested by the business. Firewalls segment different parts of the network yet their policies are too large and complex to convey the big picture. Tufin simplifies the management of network segmentation with its new unified security policy. It gives a visual and easy-to-understand picture of your network segmentation unifying the security policies across the multiple vendor firewall and routers existing across your network.
Here you can see inbound connectivity to the LAN is prohibited while outbound connectivity is restricted to specific services. Now that the control set across your network are easy to understand, managing changes effectively across the network while maintaining segmentation becomes possible.
Unified security policy bake security into the automated change process so with each new firewall access request, its impact on the desired network segmentation is assessed, and policies violations are highlighted before a change is made on the network. In this case, the requested outbound access over sip triggers a high severity violation of the security policy. As the business has dynamic needs which often require special attention, the security manager approve this request, and an exception is added to the policy. Unified security policy allows you to centrally manage exceptions so that you can easily track and recertify them upon expiration, meeting compliance standards and improving risk management.
Thanks for taking the time to watch this short overview.