* Tools from Tufin Technologies reduce the human error factor that leads to potentially harmful omissions and misconfigurations
As network security infrastructure grows larger and more complex, the likelihood of omissions and misconfigurations that can lead to data breaches and other serious problems is a growing concern. Tufin Technologies has solutions for security lifecycle management that take the human judgment factor out of firewall and router configuration changes. Read about the tools that reduce the risk level that’s inherent in security configuration changes.
In its 2008 Data Breach Investigations Report, the Verizon Business RISK Team cites omissions and misconfigurations as two of the top network problems that lead to significant data breaches. An omission is a standard security procedure or configuration that was believed to have been implemented, but in actuality it wasn’t. A misconfiguration is an erroneous system, device, network or software setting that can leave an opening for a hacker to infiltrate a system.
In very large networks, omissions and misconfigurations can be common occurrences because of the complexity and interrelationships of firewalls, routers and other security devices. A security team can be responsible for overseeing the operation of hundreds or thousands of devices. One firewall can have hundreds of rules and thousands of objects to maintain. The tools for managing devices from vendors like Cisco, Juniper, Check Point and Fortinet differ. Under these conditions, the magnitude of the security management problem becomes apparent.
At the same time, network security devices are business-critical assets. As attacks from the outside grow in both numbers and sophistication, it’s more important than ever to reduce or eliminate security device omissions and misconfigurations.
Tufin Technologies now has two complementary products designed for security lifecycle management in very large networks. SecureTrack and SecureChange Workflow help you plan, implement, enforce and audit infrastructure security policies.
SecureTrack has been available for several years and is used in some of the world’s largest networks. It operates on the network edge, connecting to firewalls, switches and routers to monitor for configuration changes. When it detects that a change has been made, SecureTrack analyzes it against the company’s framework of security and compliance policies to determine what impact the change has. For example, has the configuration change opened a port that might cause a disruption in a business-critical application such as e-mail? Or, has the change affecting the network configuration taken the company out of compliance with PCI DSS?
SecureTrack sends an alert if the impact of a configuration change is going to cause a breach or gap in security or affect a mission-critical application. In effect, it’s looking over the shoulder of the people who make dozens of interrelated changes a day. The benefits of this tool are myriad:
* Higher uptime of critical business applications.
* Better overall network security because changes that lead to gaps or breaches are detected immediately.
* Optimization of firewall configurations.
* A complete change audit trail with full accountability.
* Aid in compliance PCI DSS.
* Faster preparation for audits, and increased likelihood of passing an audit.
Tufin just released a complementary product called SecureChange Workflow. This product aids in the planning and implementation process of making configuration changes. It automates the risk assessment of the impact of a security configuration change.
For example, most large companies have an IT trouble ticket system where end users can submit a change request. Let’s say a company vice president is asking to use Skype to talk to customers overseas. This request comes to the help desk and is assigned to a person who can open a port on a firewall to enable the Skype traffic. That person has to figure out exactly which port to open and make a manual assessment of how that change might impact the organization. A lot of human knowledge and judgment is involved.
With SecureChange Workflow, the change request is analyzed in the full context of the network security infrastructure. SecureChange Workflow designs the change process before it’s approved and gives the operations person a better defined infrastructure change. There is less room for judgment and therefore less room for error.
The larger, more complex and more heterogeneous a network becomes, the more the organization needs tools like SecureTrack and SecureChange Workflow to automate the analysis of change impact and the design of change instructions. These tools reduce the human error factor that leads to potentially harmful omissions and misconfigurations.




