Tufin Technologies has updated its suite of products for orchestrating security policies for network devices.
Version R14-1 of the Tufin Orchestration Suite — which includes its SecureTrack firewall management, SecureApp application connectivity management and SecureChange network change automation applications — gives organizations more flexibility over security ,said Reuven Harrison, the company’s CTO and co-founder.
The new version
–introduces a new concept of unified security policy to SecureTrack. Most organizations have policies that apply network segmentation and other policies to single devices – for example, separate policies on the load balancers and the firewalls.
The new software lets administrators can create unified policies across zones. Once a policy has been defined, any violation can be seen across the network.
After creating a security zone connectivity restrictions are created – for example, from the Internet to internal zones there are no connection, but to the DMZ inbound HTTP is allowed, plus from the DMZ to internal networks SQL is allowed.
Those rules can be run across the entire security infrastructure and violations made visible.
Most organizations already have such rules but are kept in Microsoft Excel spreadsheets, CSV or text files. Now they can be imported.
“Many organizations have insecure policies on their firewalls” because most changes have to be made manually Harrison said. “The fact that we can automate this and other parts of the security process is critical to enterprise security. It means that your security people are freed up to work on architecture, design and research.
–adds automated connection repair. SecureApp already allows users identify misconfigured network that break applications. The new version which application owners to notifiy network staff of a problem and a solution with the click of one button.
–adds application release automation. Allows users to manage apps with multiple instances in multiple environments (for example, in development, staging and production). Now in SecureApp network connectivity rules can be set across multiple environments.
The new version of the suite will be available in April. Pricing starts at US$45,000.
Tufin products are available through several integrators in Canada including the Herjavec Group.
The company also announced integration of its products with PuppetLab Inc.’s Puppet Enterprise server automation platform. That platform is used to configure large numbers of servers for applications.
With the integration SecureChange can tell Puppet Enterprise how to configure what policies needs to apply to a host-based firewall commonly found on Linux servers.
Tufin found in 2005 by Harrison and CEO Ruvi Kitov after they left Check Point Software, where they were software developers.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."