of 28
8/2/2019 itday_tufin
1/28
Tufin SecureTrack
8/2/2019 itday_tufin
2/28
Security Lifecycle Management Challenges
Broker
Bank Database
Security
Manager
Security
Administrator
2
Hacker
CustomerCredit Card info
Wire Services
Internet
8/2/2019 itday_tufin
3/28
Security Operations Challenges
Firewall and Security Operations Hundreds of firewalls and security devices with complex rule
bases
Multiple data centers and time zones, many administrators withvarying levels of skill and experience 10s to 100s of configuration changes made on daily basis Human translation of unstructured business requirements to
configuration changes
3
Slow, manual and error-prone process Difficult to audit and maintain accountability Security risk and business continuity problems
Auditing & Compliance
PCI-DSS and other regulations require frequent, manual auditing Enforcing corporate security and business continuity guidelines
8/2/2019 itday_tufin
4/28
Tufin SecureTrack
Security Operations ManagementA Comprehensive Approach
Improves security and uptime
Increases operational efficiency
Optimizes resource utilization
Reduces risk and assures business continuity
Enables com liance with re ulations and standards
4
8/2/2019 itday_tufin
5/28
Main Benefits
Complete, real-time Change Management Full accountability know who made which changes, and when Test every firewall change against corporate policy
Rule Base Optimization & Cleanup Tighten your rule base remove expired & unused rules
Business Continuit Mana ement
5
Evaluate business impact of changes to avoid network downtime
Risk Management Reduce firewall complexity by simulating the rule base Analyze rules for threats and mis-configurations
Auditing & Compliance with regulations and standards Audit configuration against Best Practices and Corporate Policy Automate PCI-DSS auditing Comply with SOX, HIPAA, ISO 17799, Basel II
8/2/2019 itday_tufin
6/28
Network Diagram
6
8/2/2019 itday_tufin
7/28
How SecureTrack Works
Check Point Tracks all policy changes via OPSEC Save Policy, Install Policy, and other policy changes OPSEC-certified SecurePlatform monitor OS-level changes via SNMP
Juniper Real-time change detection via Syslog Monitors configuration changes via SSH
7
Monitors configuration changes via SSH Support for all Cisco Firewalls (PIX / ASA / FWSM) Support for router and switch monitoring (changes to ACL's)
Fortinet Monitors configuration changes via SSH Support for all FortiGate models
Stores every change in SecureTracks database Calculates Effective Rule Base for analysis Tests rule changes for policy compliance Sends real-time and scheduled email reports
8/2/2019 itday_tufin
8/28
Key Customers (over 280)
Finance
Telecom / ISP / MSP
8
ranspor a on
Energy
Health / Pharmaceutical
Others
-Company Confidential-
8/2/2019 itday_tufin
9/28
Product Specs and Solution Platform
General specs
Pure Web GUI
Revisions stored on a local DB - Postgresql
High storage capacity Solution Platform Offering - Software or Appliance
SecureTrack Software solution
Requires a server-class PC, Redhat / CentOS Linux, and the
9
SecureTrack software package (Vmware is supported) Good match for organizations that prefer to manage their own
Linux servers
SecureTrack Appliance solution
One-stop shop appliance, with Linux-based TufinOS and
SecureTrack pre-loaded
Good match for organizations that prefer vendors to manage
the OS on their behalf
8/2/2019 itday_tufin
10/28
SecureTrack Appliance
SecureTrack Appliance - Industrys First Appliance-Based Firewall
Operations Management Solution
Simplifies installation and maintenance
Single point of contact for support Mid-size and High-end models
T-500: Medium to large organizations (~100 Firewalls)
T-1000: Large organizations (~500 Firewalls)
10
T-1000 XL: Super-sites (~750 Firewalls)
True network appliance look & feel 2 NICs, RAID, Dual Power Supply,
Console port
Shallow depth (=
8/2/2019 itday_tufin
11/28
GUI - Policy Revisions
11
Each Save or Policy Install
creates a separate Policy
Revision in SecureTrack
List of Monitored
Management Servers and
Devices
8/2/2019 itday_tufin
12/28
GUI - Policy Comparison
Select any pair of
revisions and click onCompare to view the
graphical diff
12
Deleted Rule
Modified Rule
New Rule
8/2/2019 itday_tufin
13/28
Rule Base Optimization & Cleanup
Rule bases grow large over time Rule life cycle: users request new services, use them for a while,
and sometimes stop using those services Result: many of the rules and objects are completely unused, yet
the firewall operations team does not know which ones Impact: the rule base enables services which are no longer
needed by users, and is more exposed than it needs to be Identifying unused rules is very difficult, because rule numbers
13
keep changing Rule Usage Analysis identifies unused rules and objects Tighten your rule base by removing unused rules and objects Achieved through real-time log analysis & correlation against
rules installed on each firewall
Support for NAT rule usage
8/2/2019 itday_tufin
14/28
Rule Usage Report
Most used rules - may be moved
higher to optimize firewall
performance
Least used rules - may be moved
lower to optimize firewall
14
per ormance
Un-used rules may be
removed from the policy for
better performance and security
Un-used objects within rules
may be removed from rules for
lower exposure
8/2/2019 itday_tufin
15/28
Policy Analysis
Risk management Determine whether a vulnerability on a certain port is exploitable
Business continuity
Determine whether business-critical connections are blocked orallowed through your rules base
Analyze the firewall rule base for the effective policy
15
What rules cause partial or complete shadowing of other rules inthe security policy?
Supports complex rule features Disabled rules, negated object, groups with exclusion
8/2/2019 itday_tufin
16/28
Policy Analysis 2
SecureTracks Policy Analysis queries the
effective rule base using the source, destination,
service or action.
The analysis result is a list of rules that accept thechosen traffic pattern.
Policy Analysis can be performed against
historical revisions as well (forensics)
16
8/2/2019 itday_tufin
17/28
Risk and Business Continuity Policy
Firewall configuration changes may introduce new risks, or
interrupt mission-critical business services
Corporate Policy for Risk and Business Continuity
Business Continuity which services are mission-critical Risk Management - which services represent security risks
SecureTrack Compliance Alerts
User configures corporate guidelines as traffic patterns
17
Which traffic must be available all of the time Which traffic should never be allowed between specific
networks
SecureTracks compliance engine analyzes each policy change
for possible violations of corporate guidelines
Upon violation real-time alerts are sent to relevant users Which corporate guidelines were breached?
What are the security impacts and service impacts of new
changes to the policy?
8/2/2019 itday_tufin
18/28
Compliance Alerts
Compliance alert definition:Compliance alert definition:Compliance alert definition:Compliance alert definition:
what traffic should alwayswhat traffic should alwayswhat traffic should alwayswhat traffic should always
be blocked?be blocked?be blocked?be blocked?
18
Rules that allow newRules that allow newRules that allow newRules that allow new
risky trafficrisky trafficrisky trafficrisky traffic
Rules that previouslyRules that previouslyRules that previouslyRules that previously
blocked this trafficblocked this trafficblocked this trafficblocked this traffic
8/2/2019 itday_tufin
19/28
Firewall OS Monitoring
Firewall OS Monitoring Check Point SecurePlatform
Configuration management for OS-level changes
Route changes, interface changes, etc.
Performance Monitoring (MRTG for Firewalls) Health-checking and threshold monitoring
Risk Management for OS level changes
Business Continuity for the Firewall hardware and OS
19
Easy analysis of potential down-time causes
OS-level Configuration
Change Monitoring
OS Performance
Monitoring
8/2/2019 itday_tufin
20/28
Change Control / Ticketing
Large organizations have a workflow-based Change Request
process
Every request must be processed and approved
Change Request ID usually placed in comment field
Integration with Remedy and other systems
Ability to launch Tickets details directly from SecureTracks
20
reports and web-interface
8/2/2019 itday_tufin
21/28
Security Audit - Best Practices
Firewall Configuration Best
Practice Checks
Are Implied Rules open?
Does each rule have acomment?
Do objects conform to naming
conventions?
21
Is Anti-spoofing enabled on allinterfaces?
Are Firewalls properly
protected?
Is there an explicit cleanup rule?
And much more over 50individual audit checks
8/2/2019 itday_tufin
22/28
Reporting
Detailed reports enable tight policy control Support manual or scheduled report generation Recurring reports (daily, weekly, monthly) Customizable recipients (per report)
Integrated email support for scheduled reports Report profiles saved per-user Different email formats
22
Embedded HTML, PDF or MHT
8/2/2019 itday_tufin
23/28
New Revision Report
The New Revision Report is sent
23
via email - it contains all changes
in graphical format. Can be sent tomultiple recipients, on different
events (Install Policy, Save Policy,
etc).
8/2/2019 itday_tufin
24/28
Rule Change Report
Displays rules changes over time
Useful for determining how
inconsistent rules were modified
(step-by-step) up to the current
24
.
Accountability - clearly displays the
Firewall administrator responsible for
each change.
8/2/2019 itday_tufin
25/28
Additional Reports
Advanced Change Report Displays changes made under certain criteria: Which Management Servers / CMAs Which administrators When the changes occurred
Business Ownership Change Report Analyze changes for defined network segments Schedule reports for specific stakeholders
25
Firewall Module Change Report
Different modules may have different policies Examine Policy Installations on specific modules Track policy changes on each module
8/2/2019 itday_tufin
26/28
Case Study: TransUnion
Business Drivers Firewall change management to ensure correct configuration Automation of rule base assessment to eliminate human error
and increase efficiency Compliance with security standards
Why Tufin Real-time change management and policy analysis
26
Intuitive user inter ace
Results Improved network security and uptime Risk management and business continuity Proactive security enforcement
Regulatory compliance
8/2/2019 itday_tufin
27/28
Case Study: AXPO Group
Business Drivers Automate the audit process for firewall configurations Policy optimization to minimize unnecessary exposure Need to analyze firewall policies for potential vulnerabilities and
configuration errors
Why Tufin Real-time tracking and reporting
27
Intuitive an easy to use
Fanatical technical support
Results Lower operating expenses Improved performance
Enforcement of corporate security policies Implementation without additional manpower
8/2/2019 itday_tufin
28/28
Tufin Technologies is
Making Security Manageable
Thank You
28
Raoul Fondi Italy Country Manager
Contacts: Italy Sales: 0039-335-69-70-762, [email protected]
International Sales: +972-3-612-8118, [email protected]