Tufin enhances policy-based security automation

Tufin has introduced Tufin Orchestration Suite R19-1, advancing its leadership in network security automation with the industry’s first solution to feature policy-based automation for server policy cloning.

  • Wednesday, 22nd May 2019 Posted 5 years ago in by Phil Alsop

Enterprises today devote significant time and resources to processing access requests related to server policy cloning during application migration. With its new server policy cloning capabilities, the latest version of the award-winning Tufin Orchestration Suite enables enterprises to duplicate the right policy to set up new servers quickly and without errors. Organisations going through digital transformation can now migrate applications to new data centers or to the cloud without compromising the availability and security of mission-critical services. As a result, network security teams can now dramatically accelerate the pace of application migration, save time and resources and achieve continuous compliance with full documentation of the process.


“Our customers have some of the largest and most complex networks in the world, and it’s critical that any changes they make to security policies are executed quickly and accurately across the network,” said Ofer Or, Vice President of Products at Tufin. “The latest release of the Tufin Orchestration Suite is designed to help enterprises undergoing digital transformation improve the speed, accuracy and security of application migration across networks.”

Categorisation of Unassociated IP Addresses

The latest version of the Tufin Orchestration Suite builds on Tufin’s industry-leading network segmentation capabilities. With Tufin Orchestration Suite R19-1, all private IP addresses that are not associated with zones can still be protected by the Unified Security Policy (USP) matrix. By leveraging a pre-defined “private” zone for unassociated networks, Tufin enables enterprises to establish restrictions on traffic to and from a private network, tightening their network security posture. Security teams can extend their segmentation policy across the entire fragmented network. This allows security teams to ensure that all subnetworks across the enterprise are secured.

This capability is key for Zero Trust security initiatives, as it helps enforce a unified security policy across large, complex networks and eliminates any blind spots that the security team may inadvertently miss.  It also provides critical support for enterprises who experience challenges in defining their network segmentation policy. With Tufin Orchestration Suite R19-1, it is easy to start segmenting by defining the basic restrictions of access between private networks and the internet, for which zones are pre-defined, and then refine the policy further by adding specific network zones for applications and systems containing sensitive data.

Tufin Orchestration Suite R19-1 also features vendor-specific enhancements, including:

  • Tightened security through enhanced support for next generation firewall policies by adding visibility into Palo Alto Networks URL categories
  • Support for Cisco Nexus VXLAN to ensure accurate topology analysis and automation
  • Automated server decommissioning for Check Point global objects and support for Check Point version R80.20

Tufin Orchestration Suite R19-1 is now generally available.