Security Policy Orchestraon for Next-Generaon Technology Partner Solution Brief

Palo Alto Networks® and Tufin® Provide Secure, Manageable Benefits to Your Business: and Compliant Environments Enterprise IT and security experts are under increasing pressure to respond to complex network changes and keep up with growing business demands. Lack of network Tufin understands Palo Alto Networks visibility hinders the ability to deliver services and applicaons with the security, speed App-ID™ and accuracy required. Together, the Tufin Orchestraon Suite™ and Palo Alto Networks® Next-Generaon Firewall provide advanced network protecon and Proacvely analyze risks associated visibility, enabling agile and risk-free policy modificaons. Using advanced analysis and with network changes prior to the automaon technologies, the change processes are orchestrated across heterogeneous actual change networks, devices, servers and applicaons, leveraging Palo Alto Networks Next-Generaon Firewall capabilies.

Implement network changes securely The Tufin Orchestraon Suite is a complete soluon for automacally designing, in minutes provisioning, analyzing and auding network security changes from the applicaon layer down to the network layer. Tufin’s soluon provides management and change automaon for Palo Alto Networks Next-Generaon Firewalls directly or managed Ensure connuous network through Palo Alto Networks Panorama. compliance and auditability Automac Network Security Change Design and Verificaon Enable easy audit preparaon Based on Applicaon Identy and troubleshoong via automac The Palo Alto Networks-Tufin soluon significantly shortens the me previously required to make network security changes by automang both design and implementaon. Automaon audit trail is based on cung-edge network topology simulaon that idenfies the relevant devices affected and performs an analysis of each relevant firewall policy including the applicaon ID. Then a detailed change plan is suggested and, once approved, deployed to the firewalls. This ensures a quick and accurate processes to grant the needed applicaon connecvity while maintaining the network security policy. Gain Insight and Control Over Complex Networks Understanding network segmentaon is a major challenge for IT experts. Tufin’s Security Zone Matrix simplifies this task by visually mapping the desired network zone-to-zone traffic flow and instantly providing detailed insights on your network segmentaon, including what services are allowed between different network zones and zone sensivity across physical, virtual and hybrid networks.

Traffic between zones is limited to specific services Traffic between zones is Network zones not allowed

Tufin's Security Zone Matrix -- simplified, centralized control of your network and security policy management www.tufin.com Proacve Risk Analysis and Impact Simulaon Tufin at a Glance Every change made to the firewall configuraon is a potenal threat to data security and applicaon availability. Simulang the impact of a change is virtually impossible without the Founded: 2005 proper tools. As part of the automated change process, Tufin Orchestraon Suite proacvely checks every access rule against your corporate security and internal compliance policies to Offices: North America, Europe idenfy and flag potenal risks. and Asia-Pacific

Customers: More than 1,500 in over Opmize Your Firewalls 50 countries Tufin Orchestraon Suite helps enterprises to opmize next generaon firewalls across Leading vercals: Finance, telecom, heterogeneous environments with: energy and ulies, healthcare, retail, Opmizaon of next-generaon firewall policies by idenfying rules and objects that are educaon, government, misconfigured, risky or unused manufacturing, and auditors Recommendaons for aligning next-generaon firewall policies with industry best pracces Channel partners: More than 240 Firewall analysis and reporng tools that enable security teams to achieve beer producvity worldwide Built-in, customizable workflows for network and firewall changes Technology Partners: , Cisco, Juniper, Fornet, F5, Connuous Regulatory Compliance with Industry Standards Palo Alto Networks, Intel Security Tufin Orchestraon Suite provides a closed-loop process for enforcing, verifying and (McAfee, Stoneso), BMC, Blue Coat, documenng compliance with industry standards such as PCI DSS and SOX. Every firewall Linux IPTables, VMware and more policy change is evaluated before implementaon ensuring safe deployment ahead of me. In addion, manual changes that result in compliance issues are detected automacally and a resoluon fix plan is suggested.

About Tufin Orchestraon SuiteTM Tufin is the leader in Security Policy Orchestraon, automang and accelerang network infrastructure changes while maintaining security and compliance. By improving network change processes, organizaons using the Tufin Orchestraon Suite will have a posive impact on the business by reducing the me and cost spent implemenng network changes by up to 80%. Taking a holisc view of IT, the Tufin Orchestraon Suite helps organizaons automate security and efficiency into day-to-day operaons, enabling them to be more agile and leverage technology to gain a compeve advantage. Founded in 2005, Tufin serves more than 1,500 customers in industries from telecom and financial services to energy, transportaon and pharmaceucals. Tufin partners with leading vendors including Check Point, Cisco, , Palo Alto Networks, Fornet, F5, Blue Coat, Intel Security (McAfee, Stoneso), VMware, BMC Soware, and ServiceNow, and is known for technological innovaon and dedicated customer service.

About Palo Alto Networks Next-Generaon Firewall Palo Alto Networks is leading a new era in cybersecurity by protecng thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, Palo Alto Networks security plaorm safely enables business operaons and delivers protecon based on what maers most in today's dynamic compung environments: applicaons, users, and content. Find out more at www.paloaltonetworks.com.