Tufin announced the R23-1 release of its Tufin orchestration platform. The latest release extends security teams’ visibility and control into the cloud, enabling enterprises to better bridge the gaps between network and cloud security.
With R23-1, Tufin customers can confidently accelerate application delivery and rapidly respond to network access requests, all while optimizing security.
Tufin R23-1 automates security policy changes and provides real-time visibility into the impact of those changes, from on-premise to cloud. This helps organizations accelerate application delivery while reducing the risk of misconfiguration errors, helping to maintain security and compliance.
Key highlights of the R23-1 release include:
- Network access automation and security policy management for Microsoft Azure (including Azure Firewall), resulting in better network visibility.
- The introduction of Cisco Meraki allows centralized visibility into Firewall policies, connectivity troubleshooting, and compliance monitoring.
- Network topology support for AWS Gateway Load Balancers, enabling change automation for firewalls running on AWS.
- Device grouping within the Interactive topology map, making it easy for teams to identify network segments and the connections between them.
“Many large enterprises face a disconnect between network security and cloud operations teams, causing a bottleneck in deploying applications to production safely. By providing unified visibility and processes across on-premise and cloud networks, Tufin empowers network security teams to operate at cloud-equivalent speeds,” said Ruth Gomel Kafri, VP of Products at Tufin. “Tufin R23-1 gives teams the ability to automate changes, establish guardrails and reduce the overall attack surface, while maintaining the flexibility and agility that developers need to be successful.”
New features in R23-1 include:
Enhanced support for AWS Gateway Load Balancers
Tufin now supports interactive network topology modeling for AWS Gateway Load Balancers. This enables advanced path analysis, network connectivity troubleshooting and change automation for firewalls running on AWS, resulting in better network visibility across hybrid networks and faster deployment of cloud changes.
Viewing and managing Cisco Meraki Firewall Policies
Tufin customers now have a faster and easier way to view, search and optimize Cisco Meraki firewall device rules. Security teams can now visualize and manage all Cisco Meraki Firewall Policies from a central console. This accelerates connectivity troubleshooting and compliance monitoring by providing holistic, cross-platform management.
Topology support for Azure Virtual WAN and Azure Shared Express Routes
Tufin users can now import Azure Virtual Hubs from Azure subscriptions and view these and Azure Express Routes in Tufin’s interactive topology map. This provides full topology modeling of the Azure environment, which gives better network visibility and change automation for firewalls running on and connecting to Azure (shared across multiple Azure subscriptions).
Viewing and managing Azure ASGs
Tufin delivers a faster and easier way to view, search and optimize Azure Application Security Groups (ASGs) that are part of Network Security Group (NSG) rules. Security teams can now troubleshoot ASG application connectivity and gain broader visibility and control across hybrid environments.
Incorporate Azure Firewalls into Change Automation
Tufin now supports Azure Firewalls as part of the change automation process. Tufin will verify whether access exists already when a change is requested, saving significant time and avoiding lengthy redos. Once a change request is moved forward, Tufin’s automatic target selection mechanism eliminates the need to manually search for relevant firewalls to implement the request.
Proactive risk assessment ensures that compliance regulations and internal security procedures are enforced. Once the change has been performed (outside of Tufin), it can be verified to ensure the request is implemented, helping to achieve better change SLAs.
Implement changes to Panorama
Tufin provides the option to commit changes to Panorama devices made by the Tufin user, without committing changes made by other Panorama users. This allows more granular auditing of the change process.
Automation support for CheckPoint FQDN
Tufin now supports full network change automation, both on-prem and in the cloud, for CheckPoint FQDN objects, providing a more comprehensive and accurate view of the network where FQDN is set up on devices. Automatically designing and verifying access requests containing FQDNs makes the change process both safer and faster.
Interactive topology map device grouping
Tufin offers users the flexibility to either group the topology by customer defined domains or as freeform customized groups (devices), such as different data centers, or public or private clouds. This provides better network visualization and allows Tufin users to easily identify network segments and the connections between them.
Network administrators and security teams gain structured visibility into their network infrastructure to identify potential misconfigurations or vulnerabilities – and troubleshoot network connectivity issues.