Next generation firewalls icon

The Challenge

Managing network security policy across NGFW and traditional firewalls

In answer to growing application-based attacks, the Next Generation Firewall (NGFW) was created to provide safer access to web-based resources. NGFW capabilities move beyond tradition IPs to configure network access and auditing based on user identity and application identity tracking and provide more granularity to gain enterprise-wide visibility and control aligned with enterprise security policy.

But, while NGFWs provide more context than the traditional firewall to block web traffic that is suspicious, most enterprise configurations are extremely complex and the same problem of managing security policy across multiple vendors, devices, routers and cloud instances still exists.. A lack of visibility into the network topology and manually managing hundreds to thousands of change requests for firewalls and applications create security, compliance and business agility challenges.

The Solution

Security policy automation and orchestration

There is an acute need for seamless, comprehensive and centralized security policy management to provide visibility, monitoring and automation of policy across all NGFW and traditional firewalls.

Tufin Orchestration Suite manages security policy and automates change requests from a single pane of glass across multiple vendors and platforms. Security managers can seamlessly analyze and enforce NGFW policies based on application identity and user identity across the entire network infrastructure to make changes in minutes instead of days, reduce the attack surface, assure connectivity and ensure continuous compliance.

Benefits

  • Orchestrate firewall policy changes across the hybrid network, including changes to application identity, user identity and content identity
  • Monitor, analyze, and optimize firewall policy, including application and user identities to tighten security posture
  • Create a single Unified Security Policy (USP) for true network segmentation
  • Model an accurate network topology map across the next generation network
  • Manage disparate security policy from a single pane of glass for visibility and monitoring across the entire hybrid IT infrastructure
  • Automate firewall cleanup, network security policy changes and application provisioning