Digital transformation, cloud deployment and other network evolution projects are providing tremendous value to enterprises by linking people to processes and data. But at the same time, when it comes to keeping infrastructures secure, they add significant complexity. The consequence is that network managers are finding it very challenging to ensure security policies are always accurate & up-to-date, across the entire company footprint. It should be a basic requirement to be able to deploy and make changes to applications and IP configurations without putting security at risk. But to achieve that nowadays requires existing functionality, as well as processes, to be enhanced.
Collaborate and automate
To help you maintain control of your network, the procedure for making configuration changes and distributing the associated, updated security policies can be be made more accurate and significantly less time-consuming by improving existing processes with automation. A typical enhancement could be achieved by making use of a third-party solution to provide IP Plan data via APIs. The IP Plan data contains the “single source of truth” on which any modification of IP resources should be based, including application access permissions for all users. Linking an IP Address Management (IPAM) solution to security orchestration processes would therefore make a lot of sense.
Tufin and EfficientIP: Complementary solutions for ensuring compliance
A good example of effective collaboration is the Tufin solution integrating with the EfficientIP IPAM solution. The integration of these two complementary technologies is fast and simple, and creates a leading solution for security automation and compliance auditing activities. It immediately brings the following enhancements:
- Improved security for entire company network
The combination of TUFIN and EfficientIP creates a best of breed solution for seamlessly controlling and deploying firewall rules throughout a company’s infrastructure.
- Ensured policy enforcement
Together, the solutions ensure that security policies defined by each organization are adhered to. EfficientIP’s IPAM solution contains all the IP “golden records” (networks and subnets data) for use by the Tufin solution to guarantee compliance to unified security policies.
- Fast, error-free updates
EfficientIP IPAM maintains TUFIN SecureTrack subnets associated with each zone are in sync, through rich API set calls which make sure updates are made in real-time and are error-free.
One obvious use of the integration is in cases where new subnets are required to be created by the network administrator. At creation time, the EfficientIP DDI (DNS-DHCP-IPAM) solution can send notification “events” to Tufin, so that Tufin SecureTrack can rapidly update the compliance information (eg zone) associated with the subnet. The list of TUFIN network zones is synchronized between both systems for easy configuration of subnets in the IPAM.
In fact, any operation performed either through the IPAM web interface or through EfficientIP’s rich APIs can trigger a notification “event” to Tufin, bringing enhanced efficiency, and guaranteeing accurate, up-to-date configurations which conform to company specifications. Please view the demo video below, to learn more.
The integration enables many other possible uses for simplifying deployment and maintenance of security rules across today’s hybrid environments. Look out for more details in our future blogs.
Bringing immediate time savings by reducing complexity
The Tufin-EfficientIP alliance brings deployment efficiency and agility across your entire infrastructure – including private, public, and hybrid cloud platforms. It allows you to securely launch critical apps in virtualized environments as well as on-premise, and most importantly to ensure compliance with both internal and external regulations.
The key benefits of combining the two solutions are numerous, helping to:
- Guarantee compliance to unified security policies
- Reduce management complexity
- Eliminate risk of misconfiguration of subnet addresses within zones
- Bring tremendous time saving for administrators
Considering the rapid pace at which modern networks grow and transform, the value of these benefits cannot be understated. For safeguarding your infrastructure against today’s ever-evolving potential threats, keeping security policies current and consistent is a major step.
The firewall has evolved into a next generation system that is application aware. Learn how IP address management acts as its foundation.IPAM: the Foundation for Efficient Firewall Management