Up against the wall? Automated firewall change management work flow introduced by Tufin

By | February 22, 2012

Posted in: Network Security Trends

Firewall audit tools are maturing in their ability to meet the requirements of large, complex, enterprise environments. Tufin Technologies’ latest release of its Tufin Security Suite (TSS) addresses automation to scale and streamline the firewall provisioning process and network visualization and risk assessment to get a handle on both local and global network security posture.

The value proposition of firewall audit, also known as firewall management, tools is to analyze and optimize existing firewall rule sets, model and test new rules or modifications, and integrate these capabilities into an increasingly automated and risk-centric change work flow. Firewall rule sets are typically prone to complexity, with thousands of rules on a particular firewall, compounded across hundreds or more firewalls across large, typically heterogeneous enterprise networks.

Firewalls are burdened with obsolete, redundant, inefficient and sometimes even conflicting rules. Administration across multiple firewall vendors, each with their own interfaces and syntax, requiring specific training and proficiency on the part of the admins further complicates the picture. It’s a problem that has grown too big for humans to manage manually, according to analysts I’ve spoken with. Change management, that is the process of requesting, creating, vetting, approving and implementing rules, configuration changes, etc., is often tedious, slow and prone to error and delay. The process may be circumvented or steps skipped or rushed in an effort to “just get it done” to meet deadlines and SLA requirements— for example, creating access permissions to support new business initiatives, partners and suppliers.

(For a more in-depth discussion of firewall audit tools, check out my report.)

Tufin’s suite  addresses these issues in two products, SecureTrack, which focuses on the firewall analysis/audit/optimization piece, and SecureChange, which is designed to streamline and improve the security components of the change work flow.

The newest release automates provisioning in the change workflow for what most enterprises would consider routine tasks, such as introducing and deleting firewall rules and objects. Tufin now allows enterprises to push out changes without entering the interface, particularly in complex scenarios involving multiple firewall vendors. So the process of opening a ticket, designing and modeling the change, assessing the risk impact, pushing the change to the firewall and analyzing with SecureTrack is automated for most use cases. The automated change work flow enhancement is for Check Point firewalls, but Tufin will add the capability for other supported firewalls.

Tufin also introduced enhanced dashboard capabilities that improve visibility into network security status, risk, recent changes, trending, and problem areas.

Tufin has added Network Address Translation (NAT) support for enhanced views through its dynamically generated network topology maps. The topology mapping capability in firewall audit tools is not just a pretty picture. The ability to visualize network flows based on firewall permissions and assess risk on both local and global levels adds considerable value, and trends firewall audit products a bit in the direction of network security risk assessment and visualization tools such as those from RedSeal Systems and Skybox Security. Those vendors offer high-end enterprise security risk assessment, modeling and remediation, but have also been considered players in the firewall audit market (RedSeal has distanced itself from this identification, but Skybox offers a dedicated firewall audit product. In addition, firewall audit vendors include AlgoSec, FireMon and Athena Security.

You May Also Be Interested In: