This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production.

As networks have grown and network security device deployments have skyrocketed, it has become much more difficult to manage the policies that go along with those devices.

At the simplest level a firewall policy is a rule set that allows or denies connections from a source IP address to a destination IP address. Even a decade ago firewall policies quickly grew to include user access management, time of day, and special features for blocking particular network attacks (syn floods being one of the first).

As the industry matured processes were put in place to control changes to firewall policies often requiring multiple parties to sign off on a change before it was implemented.

Today large organizations have hundreds, if not thousands, of firewalls; each with thousands of lines of rules. To bring order and ease of management to a data and logic quagmire firewall policy management tools came into being. Of course one capability shared by most firewall policy management tools is managing policies from multiple firewall vendors.

I interviewed Ruvi Kitov, CEO, and Reuven Harrison, CTO of Tufin, to get an idea how this industry segment is evolving.

Tufin now has three tools: SecureTrack for policy management, SecureChange for change automation, and SecureApp.

SecureApp is their latest innovation. It is really a meta policy tool that combines servers, users, and networks into a single policy. In this way a new application can have a policy designed, simulated and tested, before it is easily deployed.

The whole suite of tools extended beyond the firewall to include routers, switches, and load balancers is what Tufin calls Security Policy Orchestration.

While Reuven reports that their large financial services customers have yet to make a big move to the cloud this “orchestration” capability will be required in the future as more apps move to the cloud.

Watch the full interview to get a better feel for secure policy orchestration and hear Ruvi’s vision of a future when policies are tested and deployed automatically, removing the need for the cumbersome change procedures in place today.

Leave a Reply