Tufin adds white lists to firewall management platform

Software upgrade checks new firewall rules against essential traffic

Tufin Technologies is upgrading its firewall-management software to include white listing as a way to determine what types of traffic are allowed through corporate firewalls and as a means of safeguarding essential business functions.

View this product in a slideshow.

The company's SecureTrack platform taps into firewalls, switches and routers to discover configuration changes and alert IT staff if changes violate corporate policies. Previously the platform could blacklist traffic that was considered too risky, such as Telnetting from the corporate DMZ to the internal network. But black listing didn't address the cases in which required business traffic might be inadvertently blocked by rules intended for some other purpose.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Tufin Technologies is upgrading its firewall-management software to include white listing as a way to determine what types of traffic are allowed through corporate firewalls and as a means of safeguarding essential business functions.

View this product in a slideshow.

The company's SecureTrack platform taps into firewalls, switches and routers to discover configuration changes and alert IT staff if changes violate corporate policies. Previously the platform could blacklist traffic that was considered too risky, such as Telnetting from the corporate DMZ to the internal network. But black listing didn't address the cases in which required business traffic might be inadvertently blocked by rules intended for some other purpose.

The white lists include the business traffic that must always be allowed, and SecureTrack sends alerts when the list has been violated. New firewall rules can be run against the white list before they are implemented to make sure they won't block white-listed activity, says Tufin, which competes against AlgoSec, Secure Passage and others.

Podcast: Tufin CEO Ruvi Kitov talks about how to sell security without scare tactics.

The SecureTrack software also lets companies check all firewall settings against policies. Before, the firewall could check changes in rules against the policies, but not the entire rule set. Within the SecureTrack GUI, users can designate any policy and check it against all the firewall rules, a capability the company says would be valuable to compliance auditors.

Tufin is simplifying its licensing so customers can buy licenses for a certain number of firewalls and apply them as they want. In the past the licenses were tied to IP addresses or, in the case of Check Point firewalls, to their server distinguished names.

Tufin is shipping as standard features both its SecureTrack firewall-management software and its SecureChange Workflow security-policy, change-management software on the company's T-Series appliances. Customers can buy them with both functionalities turned on or buy an appliance with one turned on and later can pay for a license key to turn on the other. Previously, a company could buy one or the other and if later the company wanted both, it had to perform a separate installation of the second product.

Tufin now supports TACACS+, which expands its existing support for user name and password and authentication to Active Directory.

The 4.5 version of SecureTrack software is available now.

Read more about security in Network World's Security section.