The VMworld 2016 conference in Las Vegas, Nevada, gave a great deal of attention to both NSX and security this year. While walking around the Solution Exchange floor, I had the opportunity to stop and talk with Tufin about its Tufin Orchestration Suite, which orchestrates security polices across complex, hybrid cloud, and physical environments.
The Tufin Orchestration Suite offers insight into physical networks and hybrid cloud platforms by presenting interactive topology real-time mapping of the network, network security, and active monitoring of configurations on a single pane of glass. The active monitoring will detect and flag when a configuration change will violate a high-risk rule already in place, before it is pushed out.
From the topology map, a network security policy baseline can be established so you can reduce the attack surface by defining and enforcing an enterprise-wide zone-based policy matrix—Tufin calls this the Unified Security Policy—that can be enforced in both physical and virtual environments. With this mapping, you will also be able to discover and manage the different connectivity needs of different applications, regardless of where the application resides in the enterprise.
The Tufin Orchestration Suite provides maximum agility with end-to-end automation of network security changes. In addition, Tufin’s automation processes offer security and compliance by providing an automated risk assessment of any changes, automating any security changes, and presenting an automated design of the changes. The implementations of security changes are accelerated with automated provisioning for many of the leading network security providers, including Cisco, Juniper, NSX, Azure, F5, and AWS, to name just a few.
Further, the Tufin Orchestration Suite is able to enforce compliance and audit readiness for internal policies as well as industry regulations like PCI, DSS, SOX, NERC, CIP, and HIPAA with real-time change monitoring, automatic change validation, and authorization for approved changes, as well as provision of a complete change history, an automatic audit trail, and audit-ready reporting capabilities.
Those are the highlights of the product. Now let me tell you what I saw and thought during the demo. First off, let me mention the user interface. It is very clean and is presented in an orderly, easy-to-understand layout. I was quite impressed with the insight as well as the capabilities the suite brings to the table. The automation that is available with the Tufin Orchestration Suite is what originally got my attention while walking the floor, but I walked away with great appreciation of the compliance and reporting capabilities of the suite. The ability to map out the environment in real time was also something that I found quite impressive, not only for the capability, but also for the presentation of the data returned.
Although I was really quite impressed with the insight and the capabilities of the suite, I couldn’t help but shoot for the stars when I asked Tufin staff about additional capabilities of the suite. One thing I am able to do is dream big. I sure did have high hopes that the Tufin Orchestration Suite could perform some automation magic even further down the stack, automating port configuration of the switches, network lifecycle management down to the physical connection, or port configuration at server build. Oh yes, I can dream. Alas, at some point one must wake up and hope that maybe at some point there will be a product that can do it all. Tufin does provide the ability to call third party tools, but does not do this inherently. In the meantime, the Tufin Orchestration Suite has the out-of-the box ability to give you great insight into your network enterprise as well as to get your environment audit- and compliance-ready before each and every change. It is well worth taking a look to see what the Tufin Orchestration Suite can do for your environment.