Tufin Orchestration Suite, which takes a polycentric approach to risk management to maximize both agility and security with security policy orchestration, consists of three components: SecureTrack, SecureChange and SecureApp.
SecureTrack provides an application driven perspective and leverages the automation policies of all underlying products. A comprehensive firewall and policy management solution, it ensures policies have been optimized to maximize the efficiency of business connectivity and meet compliance requirements. The Change Track feature maintains an historical record of every policy change. Organizations can leverage the history to draw comparisons between different policies. SecureTrack integrates with major firewall vendors and public and private clouds. The SecureChange workflow product uses automation to optimize network configuration changes across an infrastructure. Policy cleanup, like rule decommissioning and change requests, is done in SecureChange. The product integrates with other ticket systems and features customizable workflows. It automates change requests, risk identification, actions and closing tickets processes.
The third business-driven component, SecureApp, allows teams to work collaboratively on applications and network services. The application-driven automation identifies risks at the application layer and also automates change requests and provisions access to firewalls.
Organizations using the product typically follow the Tufin Maturity Model that seeks to balance security and agility. This model offers visibility into connections, existing problems and policies that are in place.
After establishing policy and connection baselines, the Tufin Orchestration Suite sets benchmarks for acceptable risk and cleans up risky, unused rules. Cleanup and compliance configurations incorporate automated risk assessment into the analysis and design of new changes thereby reducing analyst workload. The solution offers out-of-the-box components that provide visibility into each firewall and subsequent compliance levels. That functionality expands into the cloud with Policy Browser, a robust search engine across devices displaying vendors in a single location.
Overall, this product automatically designs, provisions, analyzes and audits network security policy changes from the application layer to the network layer, resulting in optimized business agility and security across heterogenous physical networks and hybrid cloud platforms with zero-touch automation.
Starting price is $30,000. Phone/email support, access to customer communities with a development community, forum and knowledge center come standard. Technical account managers are provided for new customers and large, complex environments.
Tested by Matthew Hreben