Next generation firewalls icon

The Challenge

Business growth is driving the introduction of many new applications into the enterprise. In order to facilitate usage and collaboration of distributed workforces, many applications are web-based. In addition, modernized data centers are combining virtualized and physical technologies, with application resources scattered throughout this hybrid environment. Therefore, the key to these new applications and initiatives is accessibility to the Internet. Without access, business is simply on hold. Unfortunately, the Internet can also be the conduit for cyber threats and other malicious activity. Vulnerabilities and malware can slip through the existing traditional firewalls, proxies, IPS and other security controls.

The challenge is to find the right cyber security controls to approve the network traffic, connectivity and applications that your business needs while containing and managing risks to prevent breaches.

The next generation firewall (NGFW) was designed exactly with the increased cyber threat scenarios in mind. It allows enterprises to provide safer, application-driven access to Internet resources--through deeper analysis of network traffic down to the application layer—specifically, identification of the application in use and each user accessing each application. By relying on technologies such as App-ID and User-ID organizations can gain enterprise-wide visibility and control aligned with enterprise security policy.

NGFW allows connectivity without introducing unnecessary risks. How? Next generation firewalls utilize security policies based on authorization of specific users for specific applications, instead of only on port numbers and IP addresses (as with traditional firewalls). According to Gartner, by year-end 2016, the majority of large enterprises will adopt a NGFW technology to consolidate intrusion prevention and firewall capabilities. NSS Labs predicts that NGFW total market revenues will increase to $5.8 Billion by 2018.

The Solution

The Tufin Orchestration Suite Solution

Since adopting NGFW has become a strategic imperative, there is an acute need for seamless, comprehensive management and auditing capabilities for both next-generation and network-layer firewalls. Most enterprises today have NGFWs as part of their network alongside traditional firewalls and other security controls. However, because it is not feasible for organizations to replace hundreds of firewalls, they opt for a staged approach. Managing security policies for so many different types of firewalls is challenging and adds to network complexity, so that in some cases, IT teams simply continue to use old service-based policies instead of leveraging App-ID and User-ID based policies.

Tufin Orchestration Suite provides a single pane of glass for managing security policies across vendors and platforms, whether these are traditional firewalls, next generation firewalls, or private and public cloud platforms. Security managers can seamlessly control and analyze NGFW policies based on App-ID and User-ID alongside traditional firewall policies to facilitate the adoption of NGFWs. In addition to that Tufin provides zero-touch automation for changes to Palo Alto Networks NGFW policies, including changes to App-IDs and User-IDs, and can orchestrate these changes across the hybrid network. To simplify deployment, Tufin’s App-ID is in complete alignment with Palo Alto Network's App-ID repository.



  • Provides a holistic view by creating a single Unified Security Policy that enables managing each firewall based on its capabilities: NGFWs based on App-ID and traditional firewalls based on services
  • Security Policy Orchestration provides a single pane of glass for seamlessly managing policies and auditing, across all network firewalls as well as private cloud and public cloud