Last updated July 24th, 2024 by Brian Gladstein
Over the course of this year’s Tufinnovate tour, we at Tufin have been able to connect with our customers, partners, and colleagues from around the globe. Our sessions in the North America and Europe&Middle East legs of the tour generated tremendous amounts of engagement.
It was truly inspiring and illuminating to get a better understanding of how Tufin customers use Tufin’s products, services, and automations to reduce their attack surface and enhance their network security and cybersecurity. A major theme of the sessions this year was the intersection of cloud and network security ecosystems, and how the lines between traditional on-premises network security and cloud environments and connectivity are becoming indistinct.
At Tufin, we deeply value connecting with our customers, and hearing directly from them how Tufin is having a real-world impact on their network security. Customers’ participation and feedback help inform our decision-making so that we can continue to deliver the best network security solutions, so I want to thank everyone who participated.
A few customers in particular, Johnson Controls and Swiss TXT, provided instructive perspectives on how their network security is evolving, and how automation tools from Tufin have streamlined their processes and network security posture.
Before we look to the future, I want to dive a little deeper into what we heard during the Tufinnovate 2024 sessions.
Johnson Controls Streamlines Its Firewall and Network Management
Johnson Controls, a multinational company that produces fire, HVAC, and security equipment for buildings, has been a Tufin customer since 2022. As the company grew over time its network security infrastructure incorporated new vendors and grew more complex and costly to manage.
During Tufinnovate 2024, Hiruy Demoz, senior manager of global network architecture at Johnson Controls, explained how the company wanted an umbrella solution to simplify and harmonize the management of the infrastructure, which included on-premises hardware and cloud-based security solutions. Tufin provided unparalleled network visibility into its multi-vendor topology.
Demoz noted that Tufin’s single pane of glass solution helped Johnson Controls create a unified policy for defining, adding, and removing firewall rules. Tufin was also able to automate workflows for the provisioning of new firewalls, as well as automate continuous compliance and deliver audit reports much more quickly.
The company wanted to take sure it could “take out the human element as much as possible and streamline the process on how we manage the firewall rules.”
Johnson Controls initially chose SecureTrack+ for several key reasons, and the company’s journey breaks down this way:
- Before working with Tufin, Johnson Controls used a complicated, manual process for evaluating networking policy changes, with engineers consulting security operations teams on whether changes would have continuous compliance with its policies, and then implement the firewall change request in a manual workflow.
- The company used SecureTrack+ to gain insights into which rules were not being used or were redundant, and then used SecureChange+, part of the Tufin Orchestration Suite, to “streamline and define the access request for new firewall rule requests,” and also automate the decommissioning of rules, Demoz said.
- From there, Johnson Controls started to work with Tufin to automate the provisioning of new firewall rules, with direct integration between Tufin and ServiceNow allowing the company to automatically determine how new firewall rules should be applied. The company also used Tufin’s Unified Security Policy (USP) to automate risk analysis of what kinds of traffic is allowed between zones on its network and implement network changes based on that analysis automatically.
“Instead of manually doing it, [SecureChange+] is automatically doing it and it takes the human error out,” of the equation through network change automation, Demoz said.
Johnson Controls operates a hybrid cloud architecture and is also working to integrate more of its cloud security tools into Tufin’s centralized management console, Demoz said. “Our approach is we’re going to onboard every product that we have,” he said.
Swiss TXT Uses Automation to Simplify Firewall Rule Changes
Swiss TXT, a subsidiary of SRG SSR, Switzerland’s public broadcaster, focuses on ICT/infrastructure, video, and accessibility services. Mikel Schreiber, head of security and ISO at Swiss TXT, explained during Tufinnovate 2024 that, like Johnson Controls, the company partnered with Tufin to gain greater visibility over its network topology. Here is a breakdown of the Siss TXT’s journey with Tufin:
- Swiss TXT has been a Tufin customer for about 10 years, and at first, the company’s goal with SecureTrack was to have a combined view of all its network vendors and providers and transparency into where changes were occurring, Schreiber said. Swiss TXT was also able to more easily produce automated reports for auditors about access controls on its network.
- The company has added cloud-based tools for east-west traffic, Schreiber says, and has integrated the tools into SecureTrack+ and if there is a change request between two virtual private clouds it goes through SecureChange+. The overall goal is to make sure those tools achieve continuous compliance with internal firewall rules, Schreiber said.
As Swiss TXT is just one subsidiary out of five in a larger organization, each one has its own NetSec rules, making communication between them complicated, something Schreiber compared to “3D tic-tac-toe.” However, through Tufin’s USP and change automation workflows, the company could automatically conduct compliance checks to see if a rule change would be allowed by internal policies.
That eliminated his team’s need to fill out complicated Microsoft Excel spreadsheets that tracked rule changes. “We collected all these Excel files, and I was fine [that they’re no longer needed],” he said.
What to Expect in 2025
As we look ahead to Tufinnovate 2025, we’re excited to build on and deepen the relationships that we strengthened by connecting this year.
As always, our focus for Tufinnovate will be to connect with our customers and collaborate on how to use NetSec best practices, and how Tufin can help enhance our customers’ network security policy management.
For more information on this year’s world tour and to get notified once registration opens for Tufinnovate 2025, sign up here!
Don't miss out on more Tufin blogs
Subscribe to our weekly blog digest