Automating Network Security Policies with Tufin: A Complete Guide

In today’s world, where cyber threats are becoming increasingly sophisticated and network infrastructure is complex and distributed, automating network security policies is not just a convenience, but a necessity. Manual security policy management is becoming an impossible task, leading to errors, vulnerabilities, and lagging behind the pace of change. The solution is Tufin, a platform that provides comprehensive network security by automating firewall rules and simplifying Change Management automation.

Why is automating network security policies necessary?

Imagine a situation where your company is implementing a new application that requires changes to firewall rules. Manually, this process can take days or even weeks, with the risk of errors and downtime. Tufin allows you to automate this process, reducing the time it takes to make changes by several times and minimizing the risk of human error. In addition, automating processes for regulatory compliance, such as PCI DSS, HIPAA and GDPR, becomes much easier and more efficient.

Manual security policy management can take up to 20 hours per week per specialist, according to a Ponemon Institute study. Research shows that up to 34% of data breaches occur due to misconfigured firewall rules (Source: Verizon DBIR).

Problems with Manual Security Policy Management

• Labor-intensive: manual management is time-consuming and resource-intensive.
• Risk of errors: human error leads to configuration errors that create vulnerabilities.
• Audit complexity: auditing changes to rules becomes complex and time-consuming.
• Lack of visibility: it is difficult to get a complete picture of the state of network security.
• Scaling issues: manual management does not scale with network growth.

What is Tufin and how does it work?

Tufin is a platform for security policy management, providing centralized management of firewalls and other security devices. It provides network security visualization, automates Change Management processes, and ensures regulatory compliance.

Key components of the Tufin architecture:

• Tufin SecureTrack: provides risk analysis, visualization and network security reporting.
• Tufin SecureChange: automates Change Management processes, enabling fast and secure changes to rules.
• Tufin Central: provides centralized management and visualization for distributed environments.

Tufin SecureTrack: SecureTrack collects configuration data from firewalls and network devices via APIs, SSH, SNMP, and other protocols. It performs rule correlation analysis, identifies shadow rules (rules that shadow other rules) and overly permissive rules (rules with overly broad permissions). SecureTrack generates compliance reports for PCI DSS, HIPAA, GDPR, and other standards, as well as risk assessment reports to assess vulnerabilities.

Tufin SecureChange: SecureChange automates the workflow of a change request from creation to implementation and audit. Integrates with ITSM systems (Jira, ServiceNow) for automatic task creation and notifications. Supports various types of policies: access rules, NAT rules, routing rules. Automatic implementation of changes is carried out through the API of the corresponding devices.

Tufin Central: Tufin Central provides centralized management and data synchronization between SecureTrack and SecureChange servers in distributed environments. This allows you to get a single picture of network security for the entire organization.

How Tufin solves security policy management problems:

• Change Management Automation: automates the process of making changes to security policies, from request to implementation and audit. This significantly speeds up the process and reduces the risk of errors.
• Network Security Visualization: provides a graphical representation of network topologies and security policies, providing complete visibility of the network state.
• Regulatory Compliance: automates audit processes and reporting, making it easier to demonstrate compliance with PCI DSS, HIPAA and GDPR requirements.
• Security Policy Optimization: detects redundant, duplicate, and unused rules, increasing network performance and reducing the risk of vulnerabilities.
• Security Policy Analysis: identifies potential risks and vulnerabilities in security policies.

Example Automation Change Management workflow:

1. The user requests access to the new application through the SecureChange portal.
2. SecureChange automatically checks the request for compliance with security policies and conflicts with existing rules.
3. If the request complies with the policies, it is automatically approved.
4. SecureChange automatically configures the necessary changes in the firewall through the API.
5. An audit report is generated after the changes are implemented.

Visualization types: Path Analysis (displaying traffic path between two points), Zone-to-Zone Matrix (displaying permissions between zones).

Compliance Reports examples: PCI DSS Report (report on compliance with PCI DSS requirements), HIPAA Report (report on compliance with HIPAA requirements), GDPR Report (report on compliance with GDPR requirements).

Security policy optimization algorithms: Tufin uses algorithms to analyze rule usage, detect duplicates, and identify rules that can be combined. The “cleanup” process includes automatically deleting unused rules and reviewing rules with overly broad permissions.

Types of risks Tufin identifies: Access to critical servers, potential data exfiltration.

Tufin Functionality for Network Security Policy Automation

Change Management Automation

Tufin SecureChange is a key component of Tufin that allows you to automate the entire lifecycle of changes to security policies. It includes the following steps:

• Change request: users can submit change requests for security policies through a user-friendly interface.
• Automated approval: requests can be automatically approved based on pre-defined rules and policies.
• Automatic implementation: Tufin SecureChange automatically implements changes to firewall rules and other security devices.
• Audit and reporting: all changes are recorded and available for audit and reporting.

Automated SecureChange checks examples: Checking for conflicts with existing rules, checking for compliance with company policies (for example, prohibiting opening access to certain ports).

ITSM integration: SecureChange can automatically create tickets in Jira/ServiceNow when a request is received to change rules. The ticket contains data about the requested change, justification, and results of automated checks.

Security Policy Optimization

Tufin SecureTrack analyzes existing firewall rules and identifies opportunities for security policy optimization. This includes:

• Removing redundant rules: detecting and removing unused rules that may create vulnerabilities.
• Detecting duplicate rules: identifying and merging duplicate rules to simplify security policy management.
• Analyzing rules with broad permissions: detecting rules that grant overly broad permissions and suggesting stricter alternatives.

Optimization algorithm example: SecureTrack determines which rules can be combined by analyzing their source/destination/service and suggesting to combine rules with the same parameters into one rule with a wider range.

Optimization report examples: Report of unused rules, report of duplicate rules, report of rules with overly broad permissions, report of obsolete objects.

Network Security Visualization

Tufin SecureTrack provides a clear representation of network security, allowing you to see:

• Network topologies: displaying network topologies and connections between devices.
• Security policies: visualizing security policies and their impact on network security.
• Risks and vulnerabilities: displaying risks and vulnerabilities in the context of network topology.

Troubleshooting: Visualization allows you to quickly determine which firewall rules are blocking traffic between two points. You can use Path Analysis to track the traffic path and identify problem areas.

Setting up Alerts: You can set up alerts based on changes in network topology, for example, if a server becomes unavailable or if a new device is added to the network.

Tufin Integration with Other Systems

Tufin has a wide range of integration capabilities with other systems, such as:

• SIEM: SIEM integration systems for correlating security events and identifying threats.
• Incident Management Systems: integration with incident management systems, such as Jira and ServiceNow, to automate the incident response process.
• Threat Intelligence: integration with Threat Intelligence platforms to obtain up-to-date threat information and automatically adapt security policies.

SIEM Integration: Tufin sends information about events related to changes in security policies, detected vulnerabilities, and suspicious activity to SIEM. SIEM can use this data to correlate with other events and identify more complex attacks.

Example integration with Jira: When a vulnerability is detected in a security policy, Tufin automatically creates a ticket in Jira, assigns it to the responsible employee, and provides all the necessary information to eliminate the vulnerability.

Threat Intelligence: Tufin uses Threat Intelligence data to update security policies and block access to malicious IP addresses and domains. Various types of Indicators of Compromise (IOC) are supported, including IP addresses, domains, URLs, and file hashes.

Tufin API and CLI

Tufin provides a powerful REST API and CLI for task automation and integration with other systems. This allows you to:

• Create automation scripts to perform routine tasks.
• Integrate Tufin with existing automation systems.
• Automatically respond to security events.

Script example (Python):

import requests
import json

# Tufin API endpoint
url = “https://tufin.example.com/api/v1/rules”

# Authentication credentials
username = “admin”
password = “password”

# Request headers
headers = {
“Content-Type”: “application/json”,
“Accept”: “application/json”
}

# Make the API request
response = requests.get(url, auth=(username, password), headers=headers, verify=False)

# Check for errors
if response.status_code != 200:
print(f”Error: {response.status_code} – {response.text}”)
exit()

# Parse the JSON response
data = json.loads(response.text)

# Print the number of rules
print(f”Number of rules: {len(data)}”)

How to Implement Tufin in Your Network Infrastructure

Tufin implementation process

Implementing Tufin is a complex process that requires planning and expertise. It includes the following steps:

1. Assessment of the current network infrastructure and security policies.
2. Planning the Tufin implementation.
3. Installing and configuring Tufin.
4. Integrating Tufin with existing systems.
5. Training personnel.
6. Testing and commissioning.

Resources: To implement Tufin, you will need a team consisting of network engineers, security specialists, and possibly Tufin consultants. Each stage of implementation can take from several days to several weeks, depending on the complexity of the infrastructure.

Skills and knowledge: Knowledge of network technologies, firewalls, security policies, as well as experience with APIs and scripts are required.

Important points: Choosing the appropriate Tufin architecture (centralized or distributed), configuring integration with existing monitoring and management systems, defining security policies and automation rules.

Recommendations for Successful Tufin Implementation

• Involve experienced network security and Tufin specialists.
• Carefully plan the implementation process.
• Train personnel.
• Start with a small pilot project.
• Continuously monitor and optimize the operation of Tufin.

Typical problems: Difficulties with integration with existing systems, lack of knowledge and experience among personnel, incorrect configuration of security policies.

Solutions: Involve experienced consultants, train personnel, carefully test integration with other systems, and start with a small pilot project.

Benefits of Automating Network Security Policies with Tufin

Automating network security policies with Tufin provides many benefits, including:

• Improved network security: reducing the risk of vulnerabilities and attacks.
• Cost reduction: optimizing firewall security policies and automating security workflows can significantly reduce operating costs.
• Accelerating changes: Change Management automation allows you to quickly deploy new applications and services.
• Improved regulatory compliance: simplifying audit and network security reporting.
• Improved network performance: optimizing firewall security policies improves network performance.

On average, organizations using Tufin reduce the time it takes to make changes to security policies from several days to several hours.

Tufin allows you to reduce operating costs for firewall management by 50% by automating routine tasks and optimizing security policies.

Tufin is a powerful tool that helps organizations of all sizes automate security policy management, improve network security, and regulatory compliance. Through network security automation, organizations can spend less time on routine tasks and more time on strategic security initiatives.

The information in the article refers to versions Tufin SecureTrack, SecureChange and Central 23.x.

More information about Tufin products and solutions can be found on the official website: https://www.tufin.com