Tufin SecureTrack

Security Lifecycle Management Challenges

Security Administrator

Security Manager

Broker
Bank Database

Credit Card info

Internet

Customer

Wire Services

Hacker

Security Operations Challenges

Firewall and Security Operations Hundreds of firewalls and security devices with complex rule bases Multiple data centers and time zones, many administrators with varying levels of skill and experience 10s to 100s of configuration changes made on daily basis Human translation of unstructured business requirements to configuration changes Slow, manual and error-prone process Difficult to audit and maintain accountability Security risk and business continuity problems Auditing & Compliance PCI-DSS and other regulations require frequent, manual auditing Enforcing corporate security and business continuity guidelines

Tufin SecureTrack
Security Operations Management
A Comprehensive Approach

Improves security and uptime Increases operational efficiency Optimizes resource utilization Reduces risk and assures business continuity Enables compliance with regulations and standards

Main Benefits
Complete, real-time Change Management Full accountability know who made which changes, and when Test every firewall change against corporate policy Rule Base Optimization & Cleanup Tighten your rule base remove expired & unused rules Business Continuity Management Evaluate business impact of changes to avoid network downtime Risk Management Reduce firewall complexity by simulating the rule base Analyze rules for threats and mis-configurations Auditing & Compliance with regulations and standards Audit configuration against Best Practices and Corporate Policy Automate PCI-DSS auditing Comply with SOX, HIPAA, ISO 17799, Basel II
5

Network Diagram

How SecureTrack Works

Check Point Tracks all policy changes via OPSEC Save Policy, Install Policy, and other policy changes OPSEC-certified SecurePlatform monitor OS-level changes via SNMP Juniper Real-time change detection via Syslog Monitors configuration changes via SSH Cisco Monitors configuration changes via SSH Support for all Cisco Firewalls (PIX / ASA / FWSM) Support for router and switch monitoring (changes to ACL's) Fortinet Monitors configuration changes via SSH Support for all FortiGate models
7

Stores every change in SecureTracks database Calculates Effective Rule Base for analysis Tests rule changes for policy compliance Sends real-time and scheduled email reports

Key Customers (over 280)

Finance

Telecom / ISP / MSP

Transportation

Energy

Health / Pharmaceutical

Others
8

-Company Confidential-

Product Specs and Solution Platform

General specs Pure Web GUI Revisions stored on a local DB - Postgresql High storage capacity Solution Platform Offering - Software or Appliance SecureTrack Software solution Requires a server-class PC, Redhat / CentOS Linux, and the SecureTrack software package (Vmware is supported) Good match for organizations that prefer to manage their own Linux servers SecureTrack Appliance solution One-stop shop appliance, with Linux-based TufinOS and SecureTrack pre-loaded Good match for organizations that prefer vendors to manage the OS on their behalf

SecureTrack Appliance
SecureTrack Appliance - Industrys First Appliance-Based Firewall Operations Management Solution Simplifies installation and maintenance Single point of contact for support Mid-size and High-end models T-500: Medium to large organizations (~100 Firewalls) T-1000: Large organizations (~500 Firewalls) T-1000 XL: Super-sites (~750 Firewalls) True network appliance look & feel 2 NICs, RAID, Dual Power Supply, Console port Shallow depth (=<20) USB Disk-on-key for recovery Included with every shipping Tufin appliance
10

GUI - Policy Revisions

Each Save or Policy Install creates a separate Policy Revision in SecureTrack List of Monitored Management Servers and Devices
11

GUI - Policy Comparison

Select any pair of revisions and click on Compare to view the graphical diff

Deleted Rule Modified Rule

New Rule

12

Rule Base Optimization & Cleanup

Rule bases grow large over time Rule life cycle: users request new services, use them for a while, and sometimes stop using those services Result: many of the rules and objects are completely unused, yet the firewall operations team does not know which ones Impact: the rule base enables services which are no longer needed by users, and is more exposed than it needs to be Identifying unused rules is very difficult, because rule numbers keep changing Rule Usage Analysis identifies unused rules and objects Tighten your rule base by removing unused rules and objects Achieved through real-time log analysis & correlation against rules installed on each firewall Support for NAT rule usage

13

Rule Usage Report

Most used rules - may be moved higher to optimize firewall performance Least used rules - may be moved lower to optimize firewall performance

Un-used objects within rules may be removed from rules for lower exposure

Un-used rules may be removed from the policy for better performance and security
14

Policy Analysis
Risk management Determine whether a vulnerability on a certain port is exploitable Business continuity Determine whether business-critical connections are blocked or allowed through your rules base Analyze the firewall rule base for the effective policy What traffic will be accepted by this policy? What rules cause partial or complete shadowing of other rules in the security policy? Supports complex rule features Disabled rules, negated object, groups with exclusion

15

Policy Analysis 2
SecureTracks Policy Analysis queries the effective rule base using the source, destination, service or action. The analysis result is a list of rules that accept the chosen traffic pattern. Policy Analysis can be performed against historical revisions as well (forensics)

16

Risk and Business Continuity Policy

Firewall configuration changes may introduce new risks, or interrupt mission-critical business services Corporate Policy for Risk and Business Continuity Business Continuity which services are mission-critical Risk Management - which services represent security risks SecureTrack Compliance Alerts User configures corporate guidelines as traffic patterns Which traffic must be available all of the time Which traffic should never be allowed between specific networks SecureTracks compliance engine analyzes each policy change for possible violations of corporate guidelines Upon violation real-time alerts are sent to relevant users Which corporate guidelines were breached? What are the security impacts and service impacts of new changes to the policy?
17

Compliance Alerts

Compliance alert definition: what traffic should always be blocked?

Rules that allow new risky traffic

Rules that previously blocked this traffic

18

Firewall OS Monitoring
Firewall OS Monitoring Check Point SecurePlatform Configuration management for OS-level changes Route changes, interface changes, etc. Performance Monitoring (MRTG for Firewalls) Health-checking and threshold monitoring Risk Management for OS level changes Business Continuity for the Firewall hardware and OS Easy analysis of potential down-time causes

OS Performance Monitoring

OS-level Configuration Change Monitoring

19

Change Control / Ticketing

Large organizations have a workflow-based Change Request process Every request must be processed and approved Change Request ID usually placed in comment field Integration with Remedy and other systems Ability to launch Tickets details directly from SecureTracks reports and web-interface

20

Security Audit - Best Practices

Firewall Configuration Best Practice Checks Are Implied Rules open? Does each rule have a comment? Do objects conform to naming conventions? Is Anti-spoofing enabled on all interfaces? Are Firewalls properly protected? Is there an explicit cleanup rule? And much more over 50 individual audit checks

21

Reporting
Detailed reports enable tight policy control Support manual or scheduled report generation Recurring reports (daily, weekly, monthly) Customizable recipients (per report) Integrated email support for scheduled reports Report profiles saved per-user Different email formats Embedded HTML, PDF or MHT

22

New Revision Report

The New Revision Report is sent via email - it contains all changes in graphical format. Can be sent to multiple recipients, on different events (Install Policy, Save Policy, etc).

23

Rule Change Report

Displays rules changes over time

Useful for determining how inconsistent rules were modified (step-by-step) up to the current version. Accountability - clearly displays the Firewall administrator responsible for each change.

24

Additional Reports
Advanced Change Report Displays changes made under certain criteria: Which Management Servers / CMAs Which administrators When the changes occurred Business Ownership Change Report Analyze changes for defined network segments Schedule reports for specific stakeholders Firewall Module Change Report Different modules may have different policies Examine Policy Installations on specific modules Track policy changes on each module

25

Case Study: TransUnion

Business Drivers Firewall change management to ensure correct configuration Automation of rule base assessment to eliminate human error and increase efficiency Compliance with security standards Why Tufin Real-time change management and policy analysis Intuitive user interface Results Improved network security and uptime Risk management and business continuity Proactive security enforcement Regulatory compliance

26

Case Study: AXPO Group

Business Drivers Automate the audit process for firewall configurations Policy optimization to minimize unnecessary exposure Need to analyze firewall policies for potential vulnerabilities and configuration errors Why Tufin Real-time tracking and reporting Intuitive and easy to use Fanatical technical support Results Lower operating expenses Improved performance Enforcement of corporate security policies Implementation without additional manpower

27

Tufin Technologies is Making Security Manageable

Thank You
Raoul Fondi Italy Country Manager Contacts:
Italy Sales: 0039-335-69-70-762, raoul@tufin.com International Sales: +972-3-612-8118, sales@tufin.com

28