What’s inside Tufin R20-2: Enhanced NGFW support, Azure visibility, and doubled risk analysis
It’s now the 17th year of the National Cybersecurity Awareness Month (NCSAM), making it the perfect time to announce the new release of Tufin Orchestration Suite (TOS) R20-2. This release delivers numerous new features and enhancements, such as considering additional risk assessment data, beyond information generated from Tufin’s Unified Security Policy, via third-party data input before provisioning new access, new capabilities to support your Next Gen firewalls, and enhanced visibility and traffic analysis for Azure environments.
Avoid risky access changes by integrating third-party risk assessment data
One of the key challenges when enabling a new access, a throwback to the very start of the pandemic, is to ensure that your source/destination is not vulnerable.
With R20-2, we doubled up the risk assessment step, so that in addition to assessing compliance to your Unified Security Policy, you can also quickly retrieve risk assessment data from a third-party tool (e.g. vulnerability management solution, SIEM, SOAR, or your endpoint security solution) into the Risk Assessment step in your Tufin SecureChange Access Request workflow. This way, you can proactively retrieve the results of additional security checks (e.g. vulnerability scores, risk severity) on the source/destination before provisioning new network access.
Once the additional security assessment is added to the workflow, every time a new access request ticket is created or received in SecureChange from your ticketing system (e.g. ServiceNow, Remedy or any other ITSM), Tufin automatically sends the source /destination data to the external tool, and the security check results are immediately posted on the SecureChange risk assessment tab. Based on the risk score, severity, and Tufin’s Unified Security Policy violation check, Tufin calculates the request’s combined risk status, to help you determine if to continue and implement the change.
Having this information available in a single SecureChange tab makes it easier for IT admins/security teams to make better-informed decisions whether to approve or deny the access, making it significantly faster for network teams to implement the change. The combined risk status can also help you fully automate the access request process: if the status is “no risk” or “low risk” – enabling Tufin to design and provision the change automatically. If the status is deemed “high risk,” can the ticket be escalated to an additional approval step by the security admin. This way, you can process the majority of access requests automatically, without any human intervention, and allow the team focus on requests that contain a high risk and require additional review.
If you’re not familiar with Tufin SecureChange, it’s a great tool you can use to build (or alternatively, use Tufin’s canned workflows) an unlimited number of workflows, and an easy, convenient way to help you automate your entire network change implementation process. With SecureChange, every workflow is a multi-step, graphical process – from opening a new ticket, to automated target selection, to risk assessment, approval, and all the way to network change design, implementation and verification. Simply put, it helps remove bottlenecks in your daily operations, and eliminate the risk of configuration errors. All workflows are audit-ready, as they track and document the full change history, and store it for future reference.
By using Tufin SecureChange workflows, your IT teams can proactively address security issues and network changes using automated processes, rather than ‘play catch’ with time consuming security checks and manual change implementation.
It’s now the 17th year of the National Cybersecurity Awareness Month (NCSAM), making it the perfect time to announce the new release of Tufin Orchestration Suite (TOS) R20-2. This release delivers numerous new features and enhancements, such as considering additional risk assessment data, beyond information generated from Tufin’s Unified Security Policy, via third-party data input before provisioning new access, new capabilities to support your Next Gen firewalls, and enhanced visibility and traffic analysis for Azure environments.
Avoid risky access changes by integrating third-party risk assessment data
One of the key challenges when enabling a new access, a throwback to the very start of the pandemic, is to ensure that your source/destination is not vulnerable.
With R20-2, we doubled up the risk assessment step, so that in addition to assessing compliance to your Unified Security Policy, you can also quickly retrieve risk assessment data from a third-party tool (e.g. vulnerability management solution, SIEM, SOAR, or your endpoint security solution) into the Risk Assessment step in your Tufin SecureChange Access Request workflow. This way, you can proactively retrieve the results of additional security checks (e.g. vulnerability scores, risk severity) on the source/destination before provisioning new network access.
Once the additional security assessment is added to the workflow, every time a new access request ticket is created or received in SecureChange from your ticketing system (e.g. ServiceNow, Remedy or any other ITSM), Tufin automatically sends the source /destination data to the external tool, and the security check results are immediately posted on the SecureChange risk assessment tab. Based on the risk score, severity, and Tufin’s Unified Security Policy violation check, Tufin calculates the request’s combined risk status, to help you determine if to continue and implement the change.
Having this information available in a single SecureChange tab makes it easier for IT admins/security teams to make better-informed decisions whether to approve or deny the access, making it significantly faster for network teams to implement the change. The combined risk status can also help you fully automate the access request process: if the status is “no risk” or “low risk” – enabling Tufin to design and provision the change automatically. If the status is deemed “high risk,” can the ticket be escalated to an additional approval step by the security admin. This way, you can process the majority of access requests automatically, without any human intervention, and allow the team focus on requests that contain a high risk and require additional review.
If you’re not familiar with Tufin SecureChange, it’s a great tool you can use to build (or alternatively, use Tufin’s canned workflows) an unlimited number of workflows, and an easy, convenient way to help you automate your entire network change implementation process. With SecureChange, every workflow is a multi-step, graphical process – from opening a new ticket, to automated target selection, to risk assessment, approval, and all the way to network change design, implementation and verification. Simply put, it helps remove bottlenecks in your daily operations, and eliminate the risk of configuration errors. All workflows are audit-ready, as they track and document the full change history, and store it for future reference.
By using Tufin SecureChange workflows, your IT teams can proactively address security issues and network changes using automated processes, rather than ‘play catch’ with time consuming security checks and manual change implementation.
*** This is a Security Bloggers Network syndicated blog from Tufin - Cybersecurity & Agility with Network Security Policy Orchestration authored by Alon Buteliano. Read the original post at: https://www.tufin.com/node/3286
