Tufin Network Topology Intelligence, Firewall Manager Enforce Security Policies

New version features high availability, Cisco device configuration reports.

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

Tufin Technologies has released version 6.0 of its Tufin Security Suite (TSS), the combined offering of its flagship firewall operations management and complian ce product, SecureTrack, and SecureChange, its security change-automation solution. Version 6.0 enables IT to set and enforce user- and application-level policies for Palo Alto Networks' next-generation firewalls, and Tufin’s Topology Intelligence supports an unlimited number of devices.

Key additions to TSS 6.0 include:

Enhanced support for next-generation firewalls: TSS 6.0 provides deeper directory services integration of user and application intelligence, support for multi-dimensional policy analysis queries according to user and application, and definition of compliance policies and compliance reports such as black list and white list according to user and application. Tufin's security lifecycle management solution helps enterprises transition from monitoring to proactive management of next-generation firewalls.

Enhanced network topology intelligence is integrated into several key components of TSS, allowing security administrators to leverage security policies as a strategic tool for controlling the flow of network traffic via a dynamic, visual map of all devices and zones on the network.

Cisco device configuration reports: TSS’s device configuration report is specially designed for Cisco routers and switches, checking for common security settings and misconfigurations that are critical for overall device and network security. The report, which is in line with the CIS IOS Benchmark and the NSA’s Router Security Configuration Guide, checks for many common security settings like SNMP settings, authentication settings, NTP settings, unnecessary services, syslog settings, and more.

Enhanced, graphical policy change advisor with vendor-specific change recommendations uses Tufin’s Network Topology Intelligence to provide a graphic display of policy rules along with the full access path between any specified source and destination. It gives security administrators vendor-specific configuration recommendations for each of the devices in the access path, making it much easier and faster for administrators to fulfill change requests accurately.

Enhanced rule documentation and recertification now includes triggered alerts and scheduled reports for expiring rules, rule owners, or any other documentation field.

Extensive SecureChange customization API allows security managers to customize ticketing workflows and integrate with additional systems. New API capabilities include the ability to execute scripts between workflow steps, submit requests via e-mail, and open requests from an external system.

Enhanced support for conditional workflows includes more options for defining the most complex change-flow scenarios. Workflows may include an instruction to skip a step under a defined condition or to perform steps automatically. For example, risk analysis can be performed automatically, and according to the risk level, an approval step may be required.

High availability: Tufin Security Suite can be now configured for high availability, providing continuous synchronization between the primary TSS server and the secondary TSS server. The secondary server can be deployed either locally or in geographically remote data centers.

T-80 appliance: The latest addition to the Tufin family of appliances is specifically designed for small data centers and distributed deployments.

Extended support for multi-tenancy: Following on the multi-domain capabilities of SecureTrack, SecureChange now supports multiple tenants and domains. Service providers and large enterprises can handle tickets from different business units, data centers, or customers securely. SecureChange automatically associates every change ticket to the correct domain context and maintains full segregation of data between domains. Each requestor only sees the devices and objects in the domains to which he/she belongs.

TSS 6.0 is available immediately. Pricing starts at $20,000.

For more information is available at www.tufin.com.