Logo

Latest Release Provides NSPM Automation for VMware NSX and Support for Cisco Firepower

BOSTON – August 29, 2017 – Tufin®, the market-leading provider of Network Security Policy Orchestration solutions, announced the release of Tufin Orchestration Suite R17-2 with  automation for firewall administration tasks.  The release also provides new features advancing network security policy management of Cisco Firepower, VMware NSX, Microsoft Azure, Check Point R80.10, and Palo Alto Networks Panorama solutions.

Firewall Administration with Automated Server Decommissioning

Until now, the task of server decommissioning has been a manual and tedious process that was prone to errors due to lack of insight into how server removal affected the performance and security of a network.  With R17-2, Tufin is the first vendor to add automated server decommissioning to the previously released automation of rule decommissioning, easing the demand on the firewall administrator’s time and ensuring that a high security posture is maintained.

The latest product release enables enterprises to:

  • Automatically identify policy rules and objects that need to be changed or removed across all affected firewalls, routers, and cloud platforms
  • Understand server usage and the impact of server decommissioning on the overall firewall policies before decommissioning the server
  • Implement changes directly to eliminate redundant, unused, or unnecessary access that can lead to a security breach
  • Verify that changes were implemented as required by ensuring full documentation and auditability for rule and server decommissioning

“There are inherent security risks with granting legacy access when re-using servers,” said Ofer Or, VP, Products at Tufin. “Our latest product update addresses this by helping enterprises to answer an important security question: ‘what does this server do, and why is it here?’ The addition of server decommissioning to the existing feature of rule decommissioning is the first step in the journey towards full automation of critical firewall tasks. The two features together form a powerful tool that supports firewall optimization, heightens security, and increases business agility.”

Support for VMware NSX Automation

With the release of Tufin Orchestration Suite R17-2, Tufin announced automated policy-based management for VMware NSX with automated provisioning coming in the company’s next product release, R17-3. The latest product release, R17-2, provides end-to-end change automation for Palo Alto Networks Panorama policies with dynamic address group (DAG) objects that reference VMware NSX security groups. The integration enables users to:

  • Track and monitor changes on Palo Alto Networks Panorama policies to establish a greater understanding of policy changes that are integrated with an NSX environment
  • Gain audit insight using comprehensive rule visibility for Palo Alto Networks rules and policies integrated with VMware NSX

First NSPM Vendor to Support Cisco Firepower Management Center

Tufin Orchestration Suite R17-2 is the first network security policy management (NSPM) solution to support Cisco Firepower management console, domains, and firewalls. The joint solution enables users to centrally manage security policies across Cisco Firepower and the hybrid network, providing enhanced visibility and control over Cisco Firepower policies with Tufin’s policy browser and object lookup.

“Tufin’s support for Cisco Firepower Management Center is the latest advancement of our long-standing partnership,” said Pamela Cyr, SVP, Business Development at Tufin. “With our newest product enhancements, the next-generation firewall protection and management capabilities of Cisco Firepower Management Center are now integrated with Tufin’s search and browsing capabilities. The resulting solution provides the necessary visibility and increased security that our joint customers demand.”

Tufin’s support for Cisco Firepower Management Center allows joint customers to:

  • Centrally manage security policies across Cisco Firepower and the hybrid network
  • Gain visibility and control with Tufin’s policy browser and object lookup as well as with change monitoring for Cisco Firepower policies
  • Validate the migration from Cisco ASA to Cisco Firepower Threat Defense

Tufin Orchestration Suite R17-2 also features:

  • Support for Check Point R80.10
  • Support for Microsoft Azure Resource Manager (RM)
  • Gain visibility of security and connectivity changes across Microsoft Azure RM virtual networks (VNETs) and network security groups (NSGs) and the rest of the hybrid network
  • Enhanced alert capabilities for violations of Tufin’s Unified Security Policy, supporting the enforcement of continuous compliance with internal and industry regulations
  • Updated change automation for Palo Alto Networks Next-Generation Firewall policies, including the ability to automate rules with ContextID (security profile groups) and rules with log forwarding profiles

Tufin Orchestration Suite R17-2 will be generally available on September 20, 2017.