GROUP TEST GRC, risk and policy management

Tufin Orchestration Suite

ufin Orchestration Suite provides users Change. Users open tickets for a specific action DETAILS with a tool chest of features that support required to accomplish policy rules (recertifica- Vendor Tufin Tcontrolling policies for keeping an organi- tion, for example). What the workflow does is zation secure while also establishing its regulatory change the data to whatever the specific ticket is. Price Starts at $30,000 (includes implementation and support) compliance. The solution can transform any flat SecureChange gives users the ability of automat- network security policy into a maturity model ing work requests. It has fully automated firewall Contact tufin.com comprised of three segments: (a) Basic Monitoring; change requests and the workflows are com- Features ★★★★★ (b) Compliance, Governance and Control; and, (c) pletely configurable for full user flexibility. Documentation ★★★★★ Policy Based Orchestration for Business Agility. SecureChange also features a Designer Tool that To this end, Tufin Orchestration Suite is allows users to update all policies on a vendor/ Value for money ★★★★★ comprised of three products that integrate with device. This is ideal for Firewall administrators Performance ★★★★★ other products through RESTful APIs. Secu- who refer to API documentation that is readily Support ★★★★★ reTrack is geared towards security and compli- available within the GUI. For example, a fully ance. SecureChange allows for network change automated firewall change request can be execut- Ease of Use ★★★★★ automation, directly or via integration with ed as a series of six steps. It begins with prompt- several third-party tools. SecureApp focuses on ing the user to enter their request, then moves to OVERALL RATING ★★★★★ application connectivity and automation. business approval, identifying targets and risks, SecureTrack serves as the basic repository at risk review and approval (escalation), technical the heart of the suite and lays the groundwork for design and provisioning and auto verification. Strengths Tufin does an excellent job with providing automation options, monitoring. It pulls in all the network’s structural Beyond automated workflows on the network, such as firewall tasks, policy-based information and populates a topology map after SecureApp, allows DevSecOps to track and automation for network security devices are selected. This map is interactive and manage individual applications, especially the changes and application-driven users can zoom in to select any device and view its rule changes that would need to be made to spin automation. This lessons the time full connectivity path, from source to destination. up a new application. Tufin claims more than 80 administrators will have to spend Once in place, Tufin’s automated Policy Gen- percent of network professionals’ time is spent on doing manual tasks which his always erator provides policy recommendations to pro- implementing and troubleshooting application-re- a great thing. actively identify unnecessary access, provide risk lated changes. With the connectivity map, every Weaknesses None that we observed. reduction options and suggest policy for green- point to which the Active Directory connects is Verdict This tool is one of the best for field environments. With the Policy Browser, visible. This makes adding new connections on providing user end-to-end visibility Tufin consolidates policy data from all monitored the fly quite easy. We believe this ability to handle and control of network security policy. devices in the network. It then enriches the policy change windows and provisioning with zero need data with Tufin metadata and conducts compre- for an engineer is Tufin’s standout feature. hensive searches to ensure relevant results. This The breadth and depth of what Tufin supports abstraction of data simplifies network security and interfaces with is what they see as their big policy management for users. They can also visu- differentiator in this space. Orchestration Suite alize how compliance is supported by a zone-to- allows for integrations with third-party clouds, zone connectivity matrix. This allows for creating firewalls and networks, professional service inte- benchmark zones between different platforms grations and tech alliance partners. It also has for operationalization of security policy. Another a vulnerability scanning integration capability. tool, Unified Security Policy, allows for detailing These integrations include AWS, Blue Coat, this security posture as the organization continues Check Point, Cisco, f5, Forcepoint, Fortinet, 2 Oliver Street building matrices around these security zones. Juniper, Azure, Netfilter, Openstack, Palo Alto Boston, MA 02109 Once the compliance model is in place, users and VMWare NSX. Phone: 1-877-270-7711 can assess for both risk and compliance of the – Katelyn Dunn & Dan Cure [email protected] rules themselves and take action using Secure- Tested by: Matthew Hreben & Katelyn Dunn

Reprinted from SCMagazine.com, November 2018 • www.scmagazine.com