network segementation

The Challenge

Gain Insights and Control over Complex Networks

Network segmentation is a best practice to enable the enterprise to add additional layers of protection around sensitive data to isolate these assets from the touch of would be hackers and unauthorized users. The reality is that most organizations do not have the visibility they need to understand where sensitive data is stored or how to manage their network segmentation in the face of constant change.

Manually tracking firewall and router configurations using spreadsheets is a common practice that is doomed to fail in the face of complexity. To succeed, network segmentation must be driven by security policy automation and orchestration to provide visibility into the network across multi-vendor firewalls and devices, hybrid cloud and virtualized networks.

The Solution

Tufin Orchestration Suite takes a business process approach to your network which is protected by segmentation based on risk and compliance factors. Tufin allows you to control your actual versus desired network segmentation, highlighting policy violations before a change is made on the network so as not to break compliance or expose the network to unnecessary risk.

Tufin’s solution for network segmentation enables enterprises to:

  • Visualize and manage network segmentation using Tufin’s Security Zone Matrix
  • Centrally alert on policy violations with drill down root cause analysis across the network for immediate remediation or allow for an interim exception to policy
  • Maintain the desired network segmentation by automatically analyzing every network change request against the corporate security policies during the change process for continuous compliance and risk management
  • Centrally manage the exception life cycle – why it was allowed, who approved it, expiration date for re-certification and more




  • Visibility to better manage network security policies and network segmentation
  • Gap analysis of desired vs. actual network segmentation
  • Real-time alerts on policy violation for continuous compliance and reduced risk
  • Centralized management and control across multiple firewalls and cloud platforms

Manage network segmentation using the Security Zone Matrix