Rule rule review is a critical component of prevalent compliance mandates in cyber security frameworks. However, it’s a very difficult task for any organization to successfully undertake. There’s unfortunately no established model to review rules on a regular basis. There’s no technical model that can be implemented. Ownership of policies are subject to changes. People change and there needs to be consolidated documentation around this process to help our customers overcome these challenges.
Tufin has released the Rule Lifecycle Management App to provide a generic and configurable model for rule reviews. It enables you to identify inactive owners for reassignment, orchestrates the rule review across multiple rule owners, makes changes to the rules to meet certification requirements, and orchestrates the certification or decertification and subsequent disablement of rules while documenting the process.
The Rule Lifecycle Management App to utilizes SecureTrack’s policy management capabilities and the data of your CMDB. The alignment of network owners from the CMDB to the policies managed in SecureTrack orchestrates the approval across the owners of the network and utilizes SecureChange workflows to make changes to these rules based on the outcome of certification.
When rules are created on firewalls or security groups, organizations often manage these policies through the firewall management console or hypervisor. However, enterprise networks that are large in scale and varied in vendor often use Tufin solutions to manage these security policies.
SecureChange customers manage their policies for recertification by identifying them in SecureTrack and tracking them for certification prior to expiration and take the appropriate action using SecureChange workflows.
However, it’s not often the tool for administrator that must review rules to certify them, but the rules network owners themselves. That is a significant challenge as people change teams, leave the company, or simply go on a vacation. The inability to get a response for certification is the single largest blocker for most rule review initiatives.
The Rule Lifecycle Management App enables the ingestion of a CSV file from your CMDB to align network owners to rules. And as an added option, you can also manage owners in the app.
Once the app understands ownership of policies based on networks, we map it to a process. The process starts at the creation of a policy when we request an expiration with it. And aside from unexpected requirements to review or change that policy, the policy is regularly reviewed for the appropriate disposition of it.
Workflows from SecureChange are selected from the Rule Lifecycle Management App for inclusion. Recertification is the only required workflow but using decommission and rule modification workflows will automate many of the changes necessary to facilitate an effective rule lifecycle management process.
Rule modification is used to remove decertified networks from rules to meet the certification criteria.
Rule decommission is used to disable de-certified policies.
We need to configure when we want policies to be included for certification and how often we want network owners to be reminded of the requirement to review these rules.
Once configured we have an orchestrated rule review process to manage each rule’s life.
Network owners will need to review the policies where their network is included and designate them for certification and decertification. It’s important to note that rules will likely have multiple owners and in these scenarios the multiple owners will need to certify or decertify the rule.
The outcome of these decisions will route to the Rule Lifecycle Management App’s admin. The admin creates tickets from the app in SecureChange or optionally can fully automate the process.
The benefits of using fully automated workflows results in admins only moderating network ownership when inactive owners are identified, or the assigned network owners reject the ownership of the network in the app.
The outcome for Rule Lifecycle Management App users is the effective convergence of their technology process and people into a fully orchestrated certification program that is repeatable and automated.
The Rule Lifecycle Management App is available through the Tufin Marketplace found at marketplace.tufin.com