ORCHESTRATING SECURITY POLICIES

MICROSEGMENTATION V LEGACY CONCEPTS - HETEROGENEOUS

NETWORKS & HYBRID CLOUDS

Mark WellinsVP Solutions

Tufin Software Technologies

SDN

• Ecclesiastes 1:9 - What has been will be again, what has been done

will be done again; there is nothing new under the sun

• The Internet was designed for resilience – distributed architecture

• Enterprises adopted the same architecture for their WAN

25 years later…

• Distributed is too complicated,

let’s try Centralized Enter SDN.

And all the mainframe guys say “I told you so…”

HYBRID CLOUD IS THE PREFERRED STRATEGY

WHAT’S SO GOOD ABOUT THE CLOUD?

• The Cloud provides IT as a resource

• It is always available for use, like water, gas and electricity

• You can consume as much as you need

WHAT ARE THE BUSINESS DRIVERS?

Efficiency

Cost

Agility

MODERN IT

ModernIT

SDN

Virtualization

Cloud

Will it be moresecure?

ARE YOU SLEEPING WELL AT NIGHT???

Source:Enterprise Security Group2014

WHAT IS HAPPENING IN THE CYBER SPACE?

• Growing cyber threats

• Security technology continues to evolve – you can easily get lost!

• Many new types of cyber defenses

o NGFW

o APT

o Adaptive Security

o Context-Aware security – IP addresses losing dominance as the identifier

• Enterprises are less secure than 20 years ago

• Hackers today are much more sophisticated than 5 years ago

SECURITY CHALLENGES IN THE CLOUD

• New Stakeholders

• Private and Public clouds are usually managed by Server & App teams

• These people were traditionally less involved in security (bypass security)

• Agility

• Changes in the cloud are made on-the-fly (within minutes)

• How can we ensure security & compliance?

• Visibility & Control

• How to maintain visibility and control when everything is automated?

How can enterprises roll out mission-critical applications to the cloud?

HOW DO WE MAINTAIN SECURITY IN A MULTI-VENDOR, MULTI-

TECHNOLOGY, HETEROGENEOUS IT?

Data center

Data center

Firewalls & NGFWs

Firewalls & NGFWs

Micro Segmentation

Subnets & Zones

Security Groups

Security Groups

WHAT CAN WE DO TO IMPROVE SECURITY?

Abstraction

Central Security Management Single Pane of Glass Across All Platforms

AutomationModern Security

WHY DO YOU NEED ABSTRACTION?

• There will be no standard across all platforms

• Applications are the future focal point for security

o They allow us to focus on the layer that matters to business without dealing with the underlying network complexity

Abstraction of Complexities

Multi-vendor environments

Large enterprise networks

Multiple networking & security

technologies

Multiple command-lines, GUIs an APIs

AUTOMATION

Removing manual intervention = Less MISTAKES

MANUAL CHANGE IMPLEMENTATION

Slow, Error-prone, Not scalable

CENTRAL SECURITY MANAGEMENT

• IT is becoming even more heterogeneous

Central Security Management (Single Pane of Glass Across All Platforms)

Traditional networks

Private cloud and SDDC

Public cloud(multiple vendors)

• We must control network security across all of these platforms

THE TUFIN VISION

Enable Application ConnectivityAcross Heterogeneous Platforms

POLICY ORCHESTRATION SOLUTION

SECURITY POLICY ORCHESTRATION

Gain Visibility across Heterogeneous Environments

• Control policies across all platforms—physical networks, virtualized and cloud

SECURITY POLICY ORCHESTRATION

Centralize Management

• Enforce a Unified Security Policy across platforms, each with

its specialized capabilities

• Manage and visualize application connectivity centrally

SECURITY POLICY ORCHESTRATION

Automate Management of Network Security Policies

• Start to apply automation, not only to IT but to security

• Security automation must preserve control, yet still be

hands-free

• Security automation is application centric

SUMMARY

• The world of network security is changing – disruptions are

coming

• Cloud platforms enable agility and flexibility, but also increase

complexity

• What do I need from my security solution?

o Accept a multi-vendor, multi-technology, heterogeneous IT

o Gain a central view across all platforms

o Take advantage of platform specific capabilities but decouple from technical details

o Avoid complex home-grown scripting

o Automate all security activities but maintain visibility and control

o Move your focal point from the network to the app

o Manage Application connectivity and enhance delivery

THANK YOU!