Reuven Harrison, Tufin: We advocate a top top-down approach starting at the security policy level and flowing towards the technical layer
August 2012 by Marc Jacob
The founders of Tufin, Reuven Harrison and Ruvi Kitov, realized in 2003 that it was becoming increasingly difficult to manually manage firewalls rules. With this in mind, they designed Tufin Security Suite (TSS) - a solution for automatically managing firewall rules. Today the product offers a wide range of functionality including support for routers and switches. Tufin is based in the U.S. and Europe and recently expanded to Asia. According to Reuven Harrison, CTO of Tufin, it is time for security management to adopt a top-down approach, from security policies to the network implementation.
GS Mag: Can you tell us about your business?
Reuven Harrison: My partner, Ruvi Kitov, and I started developing an automated management solution for firewalls in late 2003 with Check Point as the first supported platform. Tufin was officially established in 2005 during which we already had several customers. Today we are more than 120 people worldwide with R&D in Israel, technical support teams in Israel and the United States and sales representatives in most major countries: France, Great Britain, Italy, Germany, Scandinavia, the Netherlands... We are also present in Singapore and, recently, in India.
GS Mag: What is your core product and what are its strengths?
Reuven Harrison: Our solution is called Tufin Security Suite; it automates firewall management with focus for the five leading enterprise firewalls: Check Point, Juniper, Cisco, Palo Alto Networks and Fortinet. We also support Blue Coat. Several years ago we extended our system to provide the same management capabilities for routers and switches and in the near future we plan to add support for European firewalls.
The next step of our evolution occurred when we realized that firewall policies require ongoing tuning which can take an administrator anywhere from a few minutes to several hours a day depending on the security policies. Our solution now also provides the ability to make these ongoing changes to firewalls, routers and switches with full governance.
One of our solution’s strengths is the ability to automatically detect configuration errors in firewall rules (including ACLs on routers and switches). We also detect unused rules. Our product also detects risky open ports; it generates a report showing the problems that require correction by priority in descending order. Our dashboard allows you to see a uniform view of all rules of the firewalls that we support. It identifies fully shadowed rules, which allows the administrator to clean them up and meet auditing requirements. It also tracks all configuration changes with full accountability enabling a fast rollback in case of an error. All these actions are preformed in real time.
GS Mag: What is your marketing strategy?
Reuven Harrison: We focus on enterprises and services providers. We work with a network of partners in all countries. In France for example our partner network consists primarily of: Exclusive Networks, Dimension Data, Integralis, Nomios, Axailan, Alliacom, Quickshift and Nes Technologies.
GS Mag: What is your message to our readers?
Reuven Harrison: Our vision at Tufin is that security management practices need to evolve. They are too manual today. We advocate a top top-down approach starting at the security policy level and flowing towards the technical layer (networks, firewalls, routers, load balancers...). In the future we are going to see increasingly advanced systems for managing security at a business level. This requires synchronization between the business security policies and the network device implementation – that’s our mission.