Article icon
  • Article
  • Tufin

 A customer since 2017, this multinational financial services institution operates in retail, corporate, and investment banking segments. Based in Asia, it is in the top 20 banks in the world, based on total assets, and it operates across 137 offices in more than 40 countries.

 Challenge I: Gain visibility across 33 Firewalls from two vendors

 The network security team required visibility into their security policies, as well as audit capabilities across 40 countries and 33 firewalls from both Palo Alto Networks and Check Point Software. Their existing network security policy management (NSPM) platform was falling short in its ability to automate workflows and track changes across a multi-vendor environment. There was urgency to solve these challenges and enable global policy enforcement, because they were in the midst of a merger with another company, which would only make their visibility and tracking challenges worse

Challenge II: Automating Rule Recertification and Change Workflows

 The company had defined a global security policy, but these 4000+ rules were being managed outside of their existing NSPM. This resulted in a 12-month backlog of rules that required review and recertification. They lacked an efficient way of making any changes to clean up legacy rules, and they were unable to automatically track any changes being made. So, to reduce workload, the team resorted to annual reviews, which was far from ideal, and the task remained monumental.

Challenge III: Eliminate Manual Tasks to Document and Prove Compliance

 All rules and changes were being tracked through spreadsheets and emails. Therefore, demonstrating compliance with various regulations and security standards, such as NIST 800-53 and PCI-DSS, took a significant toll on a team that would have been better utilized on more strategic projects.

Why Tufin?

 The bank took a hard look at its existing NSPM platforms and determined it was time for a change. They needed broader support for visibility into and control over their next-gen firewalls.

 They also sought a vendor with a long-term vision and roadmap that was aligned to their network expansion plans. The netsec team understood Tufin’s offerings would future proof their security policy orchestration, helping them to bridge gaps between on-premises and cloud teams as they expanded their networks.

Automation Maturity Across Hybrid and Multi-Cloud Networks

 Tufin’s advanced automation capabilities provided incentive for change. The team’s long-term goal was to achieve zero-touch automation. They felt Tufin was best suited to deliver automation within massive, complex environments and that Tufin’s roadmap aligned with their maturity plan – something other vendors could not offer. maturity plans – something other vendors could not offer.

We were really keen to develop the USP [Unified Security Policy] and have no- touch automation… We can approve that request and then the rest is done by Tufin and the install on the firewall is done automatically… That was one of the key reasons why we felt Tufin would be a product that we could mature [with] along the way.” — Manager, Network Security, Top 20 Global Bank

The Results

Full Network Visibility Delivered “Instant Benefit”

 With Tufin’s SecureTrack and SecureChange, the netsec team was able to review, approve and implement changes across their multiple firewall vendors—with full topology visibility and an audit trail. Upon deployment, they saw “instant benefit” with Palo Alto Networks firewall monitoring, something that was previously unavailable to them.

Automated Rule Review and Recertification

 Within 12 months, the bank implemented automated rule review and recertification workflows with variable rule expiration timeframes. Using the Tufin dashboard, the team was able to perform daily rules reviews against their unified security policy, remediate or allow exceptions as warranted.

Continuous Compliance with Minimal Audit Preparation

 Tufin automates policy enforcement against the company’s unified security policy by delivering impact assessment and provisioning automation that ensures continuous compliance. Automated enforcement and comprehensive reporting has dramatically reduced the amount of time required for the team to prepare for audits.

The Future: Zero-Touch Automation

 The company has been keen to further develop its Unified Security Policy (USP) model on a path to zero-touch automation. They envision a process in which a user submits a request which is approved following a structured review process and “the rest is done by Tufin” to make changes to the firewall without additional human intervention. This degree of automation is expected to drive significant efficiencies for business users and security experts alike while preventing misconfiguration errors.

Tufin Orchestration Suit: A Unique Solution for the Ukrainian IT Market in NWU's Portfolio

Tufin Orchestration Suit is a truly advanced and unique solution from a global leader in cybersecurity, now available in the Ukrainian IT market through NWU, Tufin's official distributor in Ukraine. This gives you the opportunity to purchase Tufin in Ukraine. Tufin Orchestration Suit is a coveted solution for SOC teams in any Ukrainian company.

Purchase Tufin or for more information and consultation on the new features of Tufin TOS R24-1, please contact This email address is being protected from spambots. You need JavaScript enabled to view it.