Tufin Introduces Change Automation for Cisco Firepower
June 2018 by Marc Jacob
Tufin® introduced enhanced support and integration with Cisco Firepower, further advancing Tufin’s Network Security Policy Management (NSPM) solution by uniquely providing automation for Cisco Firepower. In addition, Tufin Orchestration Suite R18-1 offers significant enhancements to Tufin’s industry-leading automation capabilities.
Enhanced Cisco Support
Tufin Orchestration Suite (TOS) R18-1 is the first solution to offer change automation capabilities for Cisco Firepower policies, enabling customers using Firepower devices managed by Cisco Firepower Management Center (FMC) to implement access changes in minutes across their complex, hybrid networks. Tufin also offers Cisco customers an automated migration solution from Adaptive Security Appliance (ASA) to Firepower that will help users save time and ensure accuracy and connectivity while enforcing policy compliance. The enhanced Cisco support in TOS R18-1 will allow users to:
• Increase the efficiency and reduce cost associated with designing and implementing access changes in minutes across a hybrid network that includes Cisco Firepower Next-Generation Firewalls (NGFW)
• Eliminate policy misconfigurations and mistakes with change automation support for the Cisco Firepower platform
• Reduce risk of non-compliance with an auditable, documented change process for Cisco Firepower policy changes
• Reduce costs and complexity of migrating from Cisco ASA to Cisco Firepower
Automating Policy Compliance with Rule Recertification Mandates
With Tufin Orchestration Suite R18-1, customers can fully automate the recertification process to track, monitor and manage the expiration of firewall rules and meet compliance mandates. The new release allows customers in compliance-heavy industries, like retail and finance, to comply with PCI DSS rule review requirements. This enables them to automatically identify expiring rules, speed up processing with full visibility of rule metadata, and automatically re-certify rules across vendors and platforms. As a result, customers can:
• Reduce cybersecurity risk and non-compliance by automatically tracking and recertifying rules with a fully-documented process
• Maintain continuous compliance and simplify audit preparation through the automated enforcement of rule recertification policies
• Increase efficiencies and reduce misconfigurations with end-to-end automation of the recertification process across vendors and platforms
• Retain control over the recertification process flow by leveraging a fully customisable workflow
New Automation Triggers
Tufin Orchestration Suite R18-1 also includes new automation triggers to SecureChange workflows, allowing customers to further customise their change process. New triggers include:
• Trigger before assigning workflow steps, allowing customers to use custom logic to automatically escalate approvals, delegate recertification and pull teams into the change process as necessary
• Trigger to run a script upon failure of an automatic step, such as firewall target selection, to ensure automated troubleshooting for tickets
• Trigger and API to confirm that a ticket was resolved on behalf of the requester; for example, when the ticket should be confirmed through a third-party ticketing system
The new triggers increase agility and flexibility in aligning to specific organisational guidelines and simplify integrations with ticketing systems, vulnerability management solutions and other third-party vendors.
Tufin Orchestration Suite R18-1 is available immediately.