Tufin's SecureApp Completes Trifecta Of Security Policy Management

App aware firewall management is newest offering

It's all about the apps. That seems to be what we are hearing over and over again these days as computing moves to an app-centric model. In security the reaization that it is the apps that matter is causing us to rethink how to manage and secure our networks. Tufin Technologies' latest offering, SecureApp, recognizes and embraces this reality, allowing for application-aware firewall management. This is different than Next Generation Firewalls (NGFW) which are also application aware in inspecting and blocking/allowing certain traffic.

Tufin is one of a handful of players in a very competitive and lucrative segment of the IT security industry that sometimes flies under the radar of many in the press and analyst community. Names like Tufin, AlgoSec, RedSeal Networks, Firemon and Skybox Technologies are the main players in the firewall and network security management market. Most of these companies started out managing firewalls more efficiently and with greater control than the firewall manufacturers themselves did. They have branched out since then into several areas, with each company going in a slightly different direction, but all under secure policy management.  

Tufin's latest offering is the Israeli-based company's third. The other two are SecureTrack, which "delivers in-depth visibility and control over all of the firewalls, routers and switches on your network...alerts you to risks and compliance violations, and gives you intelligent tools to diagnose and remediate issues before they impact the business," and SecureChange, which "fully automates the security change request process to proactively reduce risk and enforce continuous compliance with corporate and regulatory policies."

SecureApp is about application connectivty management. I had a chance to speak with Ruvi Kitov, CEO of Tufin. For Kitov, SecureApp is the key to bridging a disconnect into today's IT landscape. Ruvi says SecureApp is meant to bring together the DevOps team with the Network and Security teams. Today many of the folks who develop and work on the hundreds and even thousands of apps a large enterprise has aren't really connected to or in tune with why and what the network and security teams have to do to secure the organization and comply with statutes and regulations. On the other side, many network security teams are not familiar with what and how the apps being developed and managed by devops actually work. SecureApp is meant to give both of these teams insight into what the other is doing and working together, make the delivery of apps more secure, more efficient and better.

A nice side-effect, according to Kitov, is that because DevOps is involved, the larger budgets available to DevOps can be used towards SecureApp licenses. SecureApp is aimed at larger enterprises that have dozens, even hundreds of apps. As such, it is not cheap. Also, SecureApp does not work by itself. It is meant to be used with the other two Tufin products, forming a trifecta of secure change and policy management. Again, all three modules come with an enterprise-class price but offer enterprise-class functionality. If you have just three or four firewalls and a dozen or so apps, you are not the target customer for Tufin. However, more than 1,000 customers, including some of the biggest, have chosen Tufin based on the quality of their products.

The logical question about SecureApp is "what about NGFW?" I asked Ruvi exactly that. He explained that this is not competitive to NGFW at all. While Palo Alto and other NGFW boxes inspect traffic and are application-aware, SecureApp takes the specific profile of an application and makes sure your existing firewall, NGFW, is tuned to allow the smooth functioning of the application. It still uses port and IP settings on the firewall, but they are tuned to the specific application, users and locations.

SecureApp sets Tufin off on a slightly different trajectory than its competitors. It will be interesting to see if any of them come out with similar features or continue to go off in their own directions. In the meantime, Tufin's suite of offerings around secure policy management continues to grow. Ultimately, the success of SecureApp may depend on whether DevOps play nice with Network and Security.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT