Profile: Tufin Technologies

Tufin Technologies. What they do for device management is insane, in a good way.

If you work in IT, you have devices to manage. There's no escaping this fact. Often device management comes down to numbers and resources insofar as how many devices are there to manage, where are they located, who has access to them, and  will the office in Manhattan by affected if someone in Chicago changes a policy?

Duly curious about device control, and especially firewall management in large-scale network design, The Tech Herald recently sat down with Tufin Technologies for a demo and overview to learn how some shops are dealing with device management.

Tufin Technologies was founded by Ruvi Kitov and Reuven Harrison in 2003. Both came from Checkpoint Software before founding the company together. Tufin, to keep things simple, deals strictly with Security Lifecycle Management (SLM). During our talk with Michael Hamelin, Tufin’s Chief Security Architect, we learned more about SLM. Yet, what interested us the most was a talk and demonstration of the company's SecureTrack and SecureChange Workflow.

In almost any technology business, IT has to manage devices, routers, switches and, most importantly, firewalls. The more devices a business has, the more IT management must focus on. The trick, which is actually one of the more frustrating parts of device management, is knowing what all devices are doing at any given time, how they are reacting with other devices on the network, who is accessing them, and what is being done.

For the most part, every IT shop has a different process for device management. Sometimes this means adding layer upon layer of rules to solve little problems or simply just granting permissions to various departments – such as development or QA – to access a device for testing or production deployments. It seems silly, but it happens. It is easier to put out a fire by granting access or adding a rule than it is to have a manager constantly leaning over your shoulder.

This consistent problem, one that led us to research solutions, is how we discovered Tufin Technologies in the first place and learned about SecureTrack and SecureChange Workflow. When explaining who he was and how he ended up working for Tufin Technologies, Hamelin told us he had been a customer prior to becoming an employee.

“The thing that I liked about it is Tufin is not an inline security product,” he said. “It’s nothing connecting to your firewall doing active defense, it’s not even pushing anything to your firewall. It’s purely in the audit space and the change management, change lifecycles space.”

SecureTrack and SecureChange Work flow are two product sets bundled together in the Tufin Security Suite (TSS). TSS works with Check Point, Cisco, Juniper, Fortinet, F5, and Blue Coat devices.

SecureTrack centers on policy management and auditing. It does this by tracking changes to devices, without needing to open a console or other interface. Most companies are far from a single-vendor shop, so it’s no surprise to see Cisco sitting in the same rack as Check Point or Juniper. However, Tufin cares little for your vendor; it simply allows you to get a visual of what’s happening on what devices and, if there was a change, what it affected and who initiated it.

Some of SecureTrack’s abilities include risk assessment, which will test device rules and hunt down potential security risks they create. The risk assessment ties into policy cleaning. SecureTrack can examine policies and clean-up rules by listing the rules that are active, but have absolutely no use, as well as showing rules that conflict with one another and create bottlenecks or other issues. SecureTrack also monitors Firewall OS status, with the goal of preventing configuration errors.

Auditing wise, SecureTrack will create custom audit reports for all the standards such as SOX, HIPAA, PCI-DSS, etc., while at the same time using logs and other collected data to create a visual auditing trail that has to be seen to be believed. During our demo, it was interesting to note that, if a rule was created that violated PCI-DSS by, for example, opening all network traffic to a device identified as a SQL server, Tufin threw out warning flags left and right.

Another core function of SecureTrack is the Automatic Policy Generator (APG), which analyzes logs and other collected data to create firewall rules that focus only on the used network traffic. This means it will look at the log data and take a device with 500 rules and create a policy that uses only 100 rules, killing off the wasted 400 and removing policies that simply use ANY as a base. As the ANY rules are removed, actual network addresses are used, creating that audit trail mentioned previously.

The second part of TSS comes from SecureChange Workflow. SecureChange Workflow streamlines device management, and works hand-in-hand with SecureTrack. For example, it allows change automation and process management for security teams charged with overseeing rules and device policy. It comes packed with templates for the most requested changes, as well as allowing the creation of policy for separation of duties. The workflow, request, design, approve, implement, verify, and audit, is managed from a single interface. During our demo, SecureChange Workflow worked seamlessly with Active Directory. This allowed for granular control over duty separation, and added to the auditing.

One interesting note from the TSS demo that we picked up on was that whenever accessing rules or policy editors for any given vendor, TSS actually uses a graphial user interface (GUI) that looks exactly like what you would expect if you logged in from the console. For example, in the TSS demo, the rules list for a Check Point device were brought up, and the GUI used in TSS was the same - even down to the color scheme.

Overall, considering that device management can make some administrators beat their heads against a wall, Tufin Technologies' offering stands out as one of those things that shouldn’t be needed, but, once experienced first hand, prompts the question: why it isn't a standard suite of tools given out with the device at purchase?

Tufin Security Suite 5 will be available in August of this year. Aimed specifically at larger networks and enterprise environments, the cost will start at $20,000 USD.

More information can be found by clicking here.


Want regular updates from The Tech Herald? Follow us on Twitter.

Interested in a more interactive TTH? Join our Facebook Group.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.