Continuous Risk Assessment
The implications of a firewall configuration error can be severe – from a compliance breach to network downtime to unnecessary network exposure. It is essential to be able to assess your risk posture at any time, and to analyze the impact of every change before it is implemented in the production environment.
With the adoption of cloud platforms there are new risks that should be identified and mitigated, like violations of tagging policy for cloud instances, or violations of micro-segmentation based on cloud security groups.
A Rich Toolset for Risk Analysis
Tufin’s dashboard enables you to see your overall risk posture and drill down to investigate security gaps. In addition, you can proactively evaluate the risk posture of proposed changes before implementation.
To manage risk and ensure business continuity, Tufin offers a number of powerful capabilities:
- Unified Security Policy: Tufin enables you to visualize your network segmentation policy in a zone-to-zone matrix specifying access restrictions. The matrix allows better understanding of the central security policy baseline, and therefore facilitates reducing the attack surface. For cloud platforms the USP allows defining access restrictions across security groups, as well as defining a baseline for tagging policy for cloud instances. Based on the USP Tufin automatically identifies policy violations across vendors and platforms. To better control risks, violations and exceptions are managed and monitored centrally for continuous assessment. Tufin also provides pre-defined templates for the USP in order to facilitate the definition and enforcement of a unified security baseline.
- Proactive risk analysis: Before implementing a change, Tufin compares the requested access to the pre-defined central security baseline in order to identify and control potential violations. This allows ensuring continuous compliance with internal policies and industry regulations and reduces the time and efforts dedicated to audit preparations.
- Violations Dashboard: Tufin gives a central view of all violations – i.e. rule violations, traffic violations, internal policy and regulatory compliance violations – across network zones based on level of criticality.