Balancing business security & agility with Security Policy Automation

As businesses across the world undergo rapid digital transformation, business agility has been emerging as a primary concern for those who wish to stay ahead of the competition. However, many enterprises, regardless of size and scale often struggle with balancing agility and cybersecurity. Time to market and responsiveness are critical factors in order to meet revenue goals and remain competitive, and in order to achieve the kind of business agility that digital environments mandate, there is a strong need to revolutionize the way existing IT and digital controls work. 

This was the core topic of discussion in the recent webinar hosted by Cyber Management Alliance with Tufin, the US-based Security Policy Management company. Watch the full webinar entitled, “How to Break Automatic Policy Enforcement in Network Security”. 

Panelists in the webinar: 

Amar Singh, CEO and Co-founder, Cyber Management Alliance 

Hadas Lahav: Director of Product Management at Tufin for Automation Products

Sagi Bar-Zvi, Global Strategic Pre-Sales Director, Tufin 

Core topics covered in the webinar:

1. What does security automation include? 
2. Tufin SecureChange: Policy-based automation technologies 
3. The 4 pillars of SecureChange: Agility, Efficiency, Security and Compliance 
4. Two interesting use cases to illustrate how automation in security policy boosts efficiency and security 
5. Tufin Value 
   
   

Hadas Lahav opened the discussion in the webinar by reiterating that digital transformation is all about business agility. Thanks to this digital transformation, there’s growing systems network complexity because of firewalls from vendors, routers, switches, public and private cloud & other new technology. Many organisations have multi-cloud environments. As a result of these large and fragmented networks, enterprises have managed to create a huge attack surface for themselves.  Despite spending millions, most businesses lack a unified security policy and without such a policy, there are often many challenges with respect to complex IT environments and security operations. 

What are the critical security policy challenges today?

• Businesses are launching new applications at a rapid pace. These applications must be connected through an increasingly complex and fragmented network and every new application connection opens an avenue for hackers to exploit the enterprise and its critical infrastructure. 
• Network engineers are struggling to keep up. They need to do a lot of analysis regarding which applications to allow and which to leave out. They must also conduct multiple rounds of reviews. 
• Implementing application connections manually can take days or even weeks and can result in errors and actually lead to introduction of new security risks. 

Manual processes cannot address today’s challenges of information security and network operations. In order to become agile, competitive and secure all at once, manual approaches are just not enough anymore. 

What is the solution to these challenges? 

The solution to all these challenges is security automation and orchestration. This is a more informed, efficient and mature way to orchestrate security-related changes across enterprise networks.

Tufin offers a security policy management platform that brings automation and analytics to the security and network operations team. Zero-touch automation enables a policy-centric approach for the security policy and allows businesses to implement network changes in minutes and meet business requirements very fast. 

What does Tufin’s SecureChange offer? 

Sagi Bar-Zvi then took over to explain the salient features of policy-based automation that Tufin’s SecureChange enables:

• Gives a massive boost to organisational efficiency and agility because one no longer has to spend several days on manual processes. 
• Businesses are able to significantly amplify security with better controls built into the automation process. 
• They’re also able to ensure better compliance as they adhere to an auditable and fully documented process. 

Capabilities of SecureChange and how to maximize their use: 

The discussion on the webinar then deep dives into the capabilities of SecureChange and how enterprises can maximize their use. Some of the capabilities that are discussed in detailed (13:00 minutes onwards) are:  

1. Enhanced agility through rich and flexible tools. 
2. Increased efficiency and reduced costs. 
3. Tightened network security posture against security breaches and cyber threats. 
4. Continuous Compliance. 

Use Cases to illustrate what SecureChange can bring to the table 

The webinar elucidates the ease and efficiency that Tufin SecureChange can bring to businesses with the two real-world use cases given below:  

#1 To open a ticket using an external ticketing tool 

What usually happens in this case is that users may request network changes through the organisation’s ticketing system. The challenge arises when firewall admins have to work with several different tools to implement requests and the information required for change implementation is not always complete. This process is time-consuming and could lead to errors.  

The solution for this use case is simply to integrate with a ticketing tool to enable an end-to-end automatic process.   

#2 Fully Automated Network Access Request 

Users, many of whom have limited or no network knowledge, often request access to multiple network locations. Granting network access involves changes in multiple firewalls, switches, routers, user groups, and security groups. Manually managing these changes can lead to human error and inaccurate change processes. 

The easy solution to this problem is to use the Access Request workflow to integrate network topology information into change design, and automate target selection, risk analysis and policy configuration.

Proof Points – Success stories of customers 

Hadas further bolsters the narrative around security policy automation by offering a few examples of large enterprises that were able to bring a dramatic transformation in change implementation:  

1. Slovak Telecom: Reduced their time to implement change from 1 week to 1 day 
2. RWE (A German Energy Giant) – Reduced change implementation from 6-8 days to 6 hours 
3. Capital One – Time and effort of change implementation reduced by 50%-75%

Underlining the value that SecureChange has managed to add to their clients’ businesses, Hadas added, “If you are a user from any organisation that has deployed Tufin, you can really feel the difference. We hear feedback from security groups and network teams that their users are so pleased with the level of service they’re getting now.” 

Amar corroborated these success stories by adding his views on automation, “We don’t think people realise the value of automation and how much time and effort it saves you. Unless you’ve been on the other side of the fence, you don’t really understand the true value of automation.” 

The educational and exhaustive webinar is then concluded with Hadas summing up the value propositions of Tufin: 

1. Implement security changes within days 
2. Gain visibility and control across on-premises, cloud native and hybrid cloud environments 
3. Ensure continuous compliance with security standards 
4. Enable faster delivery of secure applications by integrating network and security DevOps teams

Tufin is at a cusp of massive growth right now and these times are very exciting for the kind of solution the company provides. Riding on the digital transformation wave, Tufin has managed to add a lot of value to the business of its clients. Moreover, security skills shortages, the need for the business to be more agile and the ever-growing need for security has led to an explosion in demand for security policy automation. 

Check out CM-Alliance’s BrightTALK Channel.