As Ron Kehoe wrapped up his Data Center World session about Network Security Policy Management (NSPM) this past Wednesday, an attendee, sounding as though he had just learned about the Holy Grail of security, asked: “And, this technology is available and being sold right now?”
Kehoe, a senior security engineer at Tufin, simply smiled and answered, “Yes, it is.”
According to Gartner, a proponent of the new solution, “Upwards of 95 percent of breaches can be prevented by better managing existing technologies and making sure to cover the security basics, such as removing unused firewall rules, ensuring systems are patched, and removing unnecessary admin rights.”
Here's Kehoe on NSPM: “It’s a holistic solution that gives you full visibility through a single pane of glass across multi-vendor hybrid environments to ensure that all firewall policies are in alignment with corporate needs. Network Security Management gives you security without sacrificing agility.”
Here are three major contributors to the complex nature of data centers today and drivers behind Network Security Policy Management, according to Kehoe:
Firewall Management: Hundreds of change requests are processed by the security team each week. Due to the size and complexity of an enterprise network, many of the rules in a typical firewall or router policy are redundant or obsolete. This can cause security risks to your network. No one seems to have heterogeneous environments any more so you are charged with understanding and knowing rules for any number of products. Multiple firewall vendors just make firewall management even more complex.
Rapid Cloud Adoption: With more and more companies turning to the cloud in some form, it’s often difficult to keep track and monitor what’s going on. In fact, Kehoe said that 62 percent of data security folks report it is difficult to get same level of visibility into cloud-based workloads as in physical networks.
The Compliance Jungle: Increasing pressure to comply with an expanding “alphabet soup” of regulatory requirements and standards, such as PCI DSS, SOX, NERC CIP make management of security even more crucial. Audit preparation and reporting can be time consuming and violations very costly to the bottom line.