itday_tufin

8/2/2019 itday_tufin

1/28

Tufin SecureTrack


2/28

Security Lifecycle Management Challenges

Broker

Bank Database

Security

Manager

Security

Administrator

2

Hacker

CustomerCredit Card info

Wire Services

Internet


3/28

Security Operations Challenges

Firewall and Security Operations Hundreds of firewalls and security devices with complex rule

bases

Multiple data centers and time zones, many administrators withvarying levels of skill and experience 10s to 100s of configuration changes made on daily basis Human translation of unstructured business requirements to

configuration changes

3

Slow, manual and error-prone process Difficult to audit and maintain accountability Security risk and business continuity problems

Auditing & Compliance

PCI-DSS and other regulations require frequent, manual auditing Enforcing corporate security and business continuity guidelines


4/28

Tufin SecureTrack

Security Operations ManagementA Comprehensive Approach

Improves security and uptime

Increases operational efficiency

Optimizes resource utilization

Reduces risk and assures business continuity

Enables com liance with re ulations and standards

4


5/28

Main Benefits

Complete, real-time Change Management Full accountability know who made which changes, and when Test every firewall change against corporate policy

Rule Base Optimization & Cleanup Tighten your rule base remove expired & unused rules

Business Continuit Mana ement

5

Evaluate business impact of changes to avoid network downtime

Risk Management Reduce firewall complexity by simulating the rule base Analyze rules for threats and mis-configurations

Auditing & Compliance with regulations and standards Audit configuration against Best Practices and Corporate Policy Automate PCI-DSS auditing Comply with SOX, HIPAA, ISO 17799, Basel II


6/28

Network Diagram

6


7/28

How SecureTrack Works

Check Point Tracks all policy changes via OPSEC Save Policy, Install Policy, and other policy changes OPSEC-certified SecurePlatform monitor OS-level changes via SNMP

Juniper Real-time change detection via Syslog Monitors configuration changes via SSH

7

Monitors configuration changes via SSH Support for all Cisco Firewalls (PIX / ASA / FWSM) Support for router and switch monitoring (changes to ACL's)

Fortinet Monitors configuration changes via SSH Support for all FortiGate models

Stores every change in SecureTracks database Calculates Effective Rule Base for analysis Tests rule changes for policy compliance Sends real-time and scheduled email reports


8/28

Key Customers (over 280)

Finance

Telecom / ISP / MSP

8

ranspor a on

Energy

Health / Pharmaceutical

Others

-Company Confidential-


9/28

Product Specs and Solution Platform

General specs

Pure Web GUI

Revisions stored on a local DB - Postgresql

High storage capacity Solution Platform Offering - Software or Appliance

SecureTrack Software solution

Requires a server-class PC, Redhat / CentOS Linux, and the

9

SecureTrack software package (Vmware is supported) Good match for organizations that prefer to manage their own

Linux servers

SecureTrack Appliance solution

One-stop shop appliance, with Linux-based TufinOS and

SecureTrack pre-loaded

Good match for organizations that prefer vendors to manage

the OS on their behalf


10/28

SecureTrack Appliance

SecureTrack Appliance - Industrys First Appliance-Based Firewall

Operations Management Solution

Simplifies installation and maintenance

Single point of contact for support Mid-size and High-end models

T-500: Medium to large organizations (~100 Firewalls)

T-1000: Large organizations (~500 Firewalls)

10

T-1000 XL: Super-sites (~750 Firewalls)

True network appliance look & feel 2 NICs, RAID, Dual Power Supply,

Console port

Shallow depth (=


11/28

GUI - Policy Revisions

11

Each Save or Policy Install

creates a separate Policy

Revision in SecureTrack

List of Monitored

Management Servers and

Devices


12/28

GUI - Policy Comparison

Select any pair of

revisions and click onCompare to view the

graphical diff

12

Deleted Rule

Modified Rule

New Rule


13/28

Rule Base Optimization & Cleanup

Rule bases grow large over time Rule life cycle: users request new services, use them for a while,

and sometimes stop using those services Result: many of the rules and objects are completely unused, yet

the firewall operations team does not know which ones Impact: the rule base enables services which are no longer

needed by users, and is more exposed than it needs to be Identifying unused rules is very difficult, because rule numbers

13

keep changing Rule Usage Analysis identifies unused rules and objects Tighten your rule base by removing unused rules and objects Achieved through real-time log analysis & correlation against

rules installed on each firewall

Support for NAT rule usage


14/28

Rule Usage Report

Most used rules - may be moved

higher to optimize firewall

performance

Least used rules - may be moved

lower to optimize firewall

14

per ormance

Un-used rules may be

removed from the policy for

better performance and security

Un-used objects within rules

may be removed from rules for

lower exposure


15/28

Policy Analysis

Risk management Determine whether a vulnerability on a certain port is exploitable

Business continuity

Determine whether business-critical connections are blocked orallowed through your rules base

Analyze the firewall rule base for the effective policy

15

What rules cause partial or complete shadowing of other rules inthe security policy?

Supports complex rule features Disabled rules, negated object, groups with exclusion


16/28

Policy Analysis 2

SecureTracks Policy Analysis queries the

effective rule base using the source, destination,

service or action.

The analysis result is a list of rules that accept thechosen traffic pattern.

Policy Analysis can be performed against

historical revisions as well (forensics)

16


17/28

Risk and Business Continuity Policy

Firewall configuration changes may introduce new risks, or

interrupt mission-critical business services

Corporate Policy for Risk and Business Continuity

Business Continuity which services are mission-critical Risk Management - which services represent security risks

SecureTrack Compliance Alerts

User configures corporate guidelines as traffic patterns

17

Which traffic must be available all of the time Which traffic should never be allowed between specific

networks

SecureTracks compliance engine analyzes each policy change

for possible violations of corporate guidelines

Upon violation real-time alerts are sent to relevant users Which corporate guidelines were breached?

What are the security impacts and service impacts of new

changes to the policy?


18/28

Compliance Alerts

Compliance alert definition:Compliance alert definition:Compliance alert definition:Compliance alert definition:

what traffic should alwayswhat traffic should alwayswhat traffic should alwayswhat traffic should always

be blocked?be blocked?be blocked?be blocked?

18

Rules that allow newRules that allow newRules that allow newRules that allow new

risky trafficrisky trafficrisky trafficrisky traffic

Rules that previouslyRules that previouslyRules that previouslyRules that previously

blocked this trafficblocked this trafficblocked this trafficblocked this traffic


19/28

Firewall OS Monitoring

Firewall OS Monitoring Check Point SecurePlatform

Configuration management for OS-level changes

Route changes, interface changes, etc.

Performance Monitoring (MRTG for Firewalls) Health-checking and threshold monitoring

Risk Management for OS level changes

Business Continuity for the Firewall hardware and OS

19

Easy analysis of potential down-time causes

OS-level Configuration

Change Monitoring

OS Performance

Monitoring


20/28

Change Control / Ticketing

Large organizations have a workflow-based Change Request

process

Every request must be processed and approved

Change Request ID usually placed in comment field

Integration with Remedy and other systems

Ability to launch Tickets details directly from SecureTracks

20

reports and web-interface


21/28

Security Audit - Best Practices

Firewall Configuration Best

Practice Checks

Are Implied Rules open?

Does each rule have acomment?

Do objects conform to naming

conventions?

21

Is Anti-spoofing enabled on allinterfaces?

Are Firewalls properly

protected?

Is there an explicit cleanup rule?

And much more over 50individual audit checks


22/28

Reporting

Detailed reports enable tight policy control Support manual or scheduled report generation Recurring reports (daily, weekly, monthly) Customizable recipients (per report)

Integrated email support for scheduled reports Report profiles saved per-user Different email formats

22

Embedded HTML, PDF or MHT


23/28

New Revision Report

The New Revision Report is sent

23

via email - it contains all changes

in graphical format. Can be sent tomultiple recipients, on different

events (Install Policy, Save Policy,

etc).


24/28

Rule Change Report

Displays rules changes over time

Useful for determining how

inconsistent rules were modified

(step-by-step) up to the current

24

.

Accountability - clearly displays the

Firewall administrator responsible for

each change.


25/28

Additional Reports

Advanced Change Report Displays changes made under certain criteria: Which Management Servers / CMAs Which administrators When the changes occurred

Business Ownership Change Report Analyze changes for defined network segments Schedule reports for specific stakeholders

25

Firewall Module Change Report

Different modules may have different policies Examine Policy Installations on specific modules Track policy changes on each module


26/28

Case Study: TransUnion

Business Drivers Firewall change management to ensure correct configuration Automation of rule base assessment to eliminate human error

and increase efficiency Compliance with security standards

Why Tufin Real-time change management and policy analysis

26

Intuitive user inter ace

Results Improved network security and uptime Risk management and business continuity Proactive security enforcement

Regulatory compliance


27/28

Case Study: AXPO Group

Business Drivers Automate the audit process for firewall configurations Policy optimization to minimize unnecessary exposure Need to analyze firewall policies for potential vulnerabilities and

configuration errors

Why Tufin Real-time tracking and reporting

27

Intuitive an easy to use

Fanatical technical support

Results Lower operating expenses Improved performance

Enforcement of corporate security policies Implementation without additional manpower


28/28

Tufin Technologies is

Making Security Manageable

Thank You

28

Raoul Fondi Italy Country Manager

Contacts: Italy Sales: 0039-335-69-70-762, [email protected]

International Sales: +972-3-612-8118, [email protected]

Date post:	05-Apr-2018
Category:	Documents
Upload:	pdiarra
View:	216 times
Download:	0 times

itday_tufin

Documents