SecureChange™Security Change AutomationMarch,
Table of ContentsTable of Contents...........................................................................................
The Need for Security Change AutomationBusinesses today invest substantial resources in managing and auditing network secu...
configuration change, must be made in accordance with compliance policies – corporate andregulatory – and periodically aud...
Governing and Enforcing Compliance PoliciesSecurity Change Automation is a highly effective means of implementing corporat...
   Task Management: In addition to a convenient interface for viewing request and task        status, a change management...
The Business CaseBusinesses that have not introduced automated management tools into their securityoperation know that cha...
SecureChange features:        Security change automation: Automatic processing of security change requests to         sim...
Upcoming SlideShare
Loading in...5

GDS International - Next - Generation - Security - Summit - Europe - 3


Published on

Tufin Security Change Automation Whitepaper

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

GDS International - Next - Generation - Security - Summit - Europe - 3

  1. 1. SecureChange™Security Change AutomationMarch,
  2. 2. Table of ContentsTable of Contents.......................................................................................... 2The Need for Security Change Automation ................................................ 3The Security Change Ecosystem ................................................................ 3The Security Change Lifecycle .................................................................... 4Governing and Enforcing Compliance Policies ......................................... 5Automating the Security Change Workflow ............................................... 5Proactively Assessing and Mitigating Security Risk ................................. 6Auditing Security Changes .......................................................................... 6The Business Case ....................................................................................... 7Tufin SecureChange ..................................................................................... 7Security Change Automation 2/8
  3. 3. The Need for Security Change AutomationBusinesses today invest substantial resources in managing and auditing network securityinfrastructure. As the list of compliance requirements grows, economic factors are squeezingbudgets and demanding greater operational efficiency.Daily security configuration changes involve many repetitive, manual tasks. As a result, highlyskilled security professionals spend the majority of their time configuring network devicesinstead of working on strategic projects. Configuration changes must be audited regularly,another labor-intensive activity that takes days or weeks in the absence of a central audittrail.Every configuration change introduces risk to network security and business continuity.Through continuous simulation and assessment – both before and after changes are made –this risk can be managed. However, without an automated change management process, it isimpossible to ensure that risk is being addressed proactively.To meet these challenges in a cost-effective manner, organizations need to extend ITautomation into the domain of network security configuration. Automating the security changelifecycle enables companies to:  Improve network security and uptime  Enforce corporate governance  Manage risk effectively and proactively  Increase operational efficiency  Comply with industry and regulatory standards  Audit security infrastructure quickly and accurately  Improve service levelsThe key to an effective security change automation solution is a combination of both workflowand security technologies. Generic ticketing and helpdesk systems can route requests tosecurity administrators, but since they have a limited understanding of security processes andcompliance policies, they cannot automate and enhance each of the stages in a configurationchange, from request and design, through implementation and auditing. A comprehensivesecurity change automation solution will work either alone, or in concert with a standardticketing system, to provide:  Multiple, customizable change workflows tightly coupled with security and network infrastructure, directory services and compliance policies  Automated, proactive risk and compliance analysis as an integral part of the change process  Configuration change advisory and automatic verification to reduce the risk of errors and shorten ticket resolution time  Separation of duties and enforcement of IT governance  A comprehensive audit trail with integrated reporting  SLA tracking and high-level monitoring tools to ensure continuous improvementThis paper examines the need for Security Change Automation and the requirements for aneffective solution.The Security Change EcosystemSecurity configuration changes take place within a complex and dynamic ecosystem.Business users – employees, customers and partners – need access to applications anddata. Security teams must enable that access while protecting critical resources from hackersand unauthorized users. In addition, IT regularly requests network changes in order tosupport activities such as the deployment of a new server, application or service.Network access requests generally require configuration changes on one or more networkdevices, each with its own rule base and conventions. Each access request, and everySecurity Change Automation 3/8
  4. 4. configuration change, must be made in accordance with compliance policies – corporate andregulatory – and periodically audited.At the center of the ecosystem, the security team needs to maintain business continuity aswell as network security, while keeping operating costs under control. In an environmentwhere many new access requests are made every day, this is not a simple requirement.Security change automation can transform this interplay into an orderly process with built-inmechanisms to ensure compliance, manage risk, and improve productivity.The Security Change LifecycleThe security change lifecycle represents a holistic view of an organization’s securityconfiguration change processes. A typical security change lifecycle could include thefollowing stages:Request: A business user requests a service, most commonly access to an application ornetwork, or IT requests connectivity changes for a new or modified server or application.Business Approval: The request is sent for approval to an IT manager to ensure that it isjustified.Technical Design: An engineer translates the request from its business context into aspecific implementation plan on the affected firewalls or devices.Risk Analysis: A security manager performs risk analysis and checks the change forcompliance.Implementation: The change is actually implemented on the network infrastructure by one ormore administrators – with automatic change provisioning.Verification: The user checks that his/her request has been fulfilled. At this stage, a managercan also verify that the implementation was in accordance with the approved design.Audit: Periodically, all changes must be audited in order to demonstrate sufficient securitylevels and compliance with standards.In reality, each organization builds its own security change workflow, and large organizationsoften have more than one type of workflow to accommodate different types of changeprocesses; for example, emergency change requests that require immediate implementationmay follow a different approval process.Security Change Automation 4/8
  5. 5. Governing and Enforcing Compliance PoliciesSecurity Change Automation is a highly effective means of implementing corporate and ITgovernance over network security configuration. The system defines and enforces astructured process for handling security change requests that supports the necessary riskmanagement and compliance procedures. The process of defining and implementing thesystem helps the organization to translate high-level security policies into concrete securitypractices.Security Change Automation enables companies to implement key elements of governanceinitiatives including an enforced separation of duties and a rigorous request approval process.Companies can separate the business and technical approval stages and route them to theappropriate individuals. It is even possible to automatically identify approvers according to acompany’s security policy – for example, according to ownership of a network zone or aapplication, or according to the results of a risk analysis.It is important that companies have the ability to enforce change processes and ensure thatonce a workflow is defined, the participants must adhere to it. From the outset, during therequest stage, users can be restricted to specific types of requests depending on their profileand associated permissions. An automated system can significantly simplify this process withstructured request templates.The Security Change Automation system should include templates that implement securitybest practices. The workflow should also support common business practices such asmultiple approvals and automatic task dispatching to one or more handlers or teams.Automating the Security Change WorkflowAutomating the security change workflow presents an opportunity to integrate technologiesthat improve productivity and automate risk and compliance analysis.There are many ways that an automated system can enhance productivity:  Requests: From the beginning, intelligent forms can guide users to accurately define requests for service or access. The available options are already filtered in accordance with the user’s permissions. The system can also provide tools to make it easier for administrators to translate those requests into the language of security device configuration. For example, a system with Network Topology Intelligence can identify the firewalls and other devices that are relevant to a request, provide vendor- specific change recommendations and enable re-use of common access requests.  Change Design: A robust system will have access to the actual device configuration and will be able to assist with change design by analyzing both the policy and the request, and recommending the optimal and most efficient change. The system will also utilize risk analysis and compliance analysis tools at this stage to ensure that the change is fully in line with corporate security objectives.  Change Verification: Automation technology can compare the original request to the actual change, to ensure that the requirements were met within the correct scope. Automatic verification can also be used early on in the process to check the network and see if the change request is actually necessary.Security Change Automation 5/8
  6. 6.  Task Management: In addition to a convenient interface for viewing request and task status, a change management system will use e-mail to inform participants when tasks are waiting. This is especially crucial for approval requests which are often executed by business managers that are not involved in network security administration on a daily basis.  SLAs: Organizations should be able to set a Service Level Agreement for change workflows and be able to view task status according to SLA status from a visual dashboardIf the organization already has a help desk or ticketing system in place, the security changeautomation system should be integrated so that requests can initiate with, and return to, theexisting ticketing system. The change automation system complements the ticketing systemby breaking down the implementation step into multiple stages that can be supported bysecurity technology. Original tickets in the ticketing system should be updated as progress ismade so that the SLA can be managed centrally.Proactively Assessing and Mitigating Security RiskOne of the most important capabilities of Security Change Automation is proactive riskanalysis – the ability to enforce a process where risk and compliance are evaluated beforeany change is made, and are verified again after a change is completed. To make thispossible, advanced security policy analysis technology must be an integral part of theworkflow system.The system should use a baseline of corporate and regulatory policy that can be checkedagainst each change request. The system should also be able to perform risk analysis onevery design before it is implemented. Risk analysis capabilities are critical at several stagesin the change lifecycle:  Request approval: Check compliance with corporate and regulatory policy.  Design: Perform risk analysis and recommend the best way to make the change without introducing vulnerabilities.  Verification: After changes are made, verify that they are effective, compliant, and meet but do not exceed the scope of the original request.Auditing Security ChangesAuditing is an integral part of the security change lifecycle which often takes up adisproportionate amount of time. When risk and compliance are not managed proactively, theauditing process often takes on the role of enforcement rather than reporting.Audits should be performed periodically to demonstrate compliance with corporate, industryand government regulations. To make this possible, it is important to have an audit trail forthe entire cycle, from the end-user request through implementation on the firewall or devicerule base.Device configuration changes should be linked to the relevant business approvals. Thisprovides required documentation and enables justification of access rules, a common auditrequirement.In addition, every request should have an expiration date. When the ticket expires, anadministrator should review the change that was made and either remove it, or recertify it ifthe need is still valid.A Security Workflow Automation solution should provide a comprehensive set of reportingtools for checking and demonstrating compliance. Using the automatically-generated audittrail, reports can be generated instantly, reducing audit preparation times from days tominutes.Security Change Automation 6/8
  7. 7. The Business CaseBusinesses that have not introduced automated management tools into their securityoperation know that change management is a time-consuming, error-prone process. A greatdeal of expertise is required in order to determine and execute a configuration change.Unfortunately, these highly skilled employees are spending a large percentage of their timeon painstaking manual labor rather than on more strategic tasks.The process of implementing a change request to a firewall is a combination of many tasks.For example:  Interpretation: Every textual change request must be translated into technical specifications that can be implemented on the firewall rule base. This action takes 15 minutes on average without automation.  Implementation: After the translation of the request, the security administrator needs to implement the request in the firewall rule base. This action typically takes 10 minutes without automation.  Auditing: Manual auditing can take days if not weeks, depending on the standards required.Each of these tasks can be cut by as much as 80% using an automated change managementsolution.There are additional aspects of the manual process that increase costs to the organization,such as:  Poor communication between the requestor and security engineer: Changes that are described in text are prone to misinterpretation. A typical request may go back and forth between the requestor and the security professional two or three times before it is ready for implementation.  Implementation delays: Change requests are often the result of a business need in the organization. A request that is not completed within a reasonable time frame will cost the organization in terms of temporary business interruptions.  Support calls: The IT department receives support calls that implicate the firewall configuration. Without a clear audit trail, figuring out the root cause of the problem is a lengthy process. In addition, miscommunication between the requestor and the administrator often results in a support call.  Breach prevention: Needless to say, the cost of a breach can be devastating. Proactive risk and compliance analysis can go a long way toward preventing these incidents.Tufin SecureChangeTufin SecureChange enables companies to automate security change processes toproactively analyze risks, increase accuracy, and enforce compliance policies across all oftheir firewalls and network security devices. With unlimited customized workflows,organizations can now automate all change processes from initial design to final audit.SecureChange gives users and administrators intelligent tools that dramatically improveaccuracy and efficiency, while supporting IT governance initiatives.SecureChange automates the entire security change lifecycle for a wide variety of firewallsand related network security infrastructure. Easy to deploy, use, and integrate with otherticketing systems, SecureChange enables organizations to increase security whilestreamlining operations.Security Change Automation 7/8
  8. 8. SecureChange features:  Security change automation: Automatic processing of security change requests to simplify the user experience while making network administrators more effective.  Unlimited, customizable workflows: Unlimited number of workflows with extensive customization options. Easy to create and customize with the graphical workflow editor.  Complex workflows: A variety of tools including automatic steps, skipped steps, and parallel steps to support virtually any organizational process.  Proactive risk analysis: Powerful risk analysis console helps to identify potential security risks and ensure compliance with organizational security standards – before any change is executed.  Executive dashboard: Graphical reports on the accuracy and efficiency of the change management process.  Separation of duties: Support for multiple roles and approvals within the security change process to meet the most demanding business and regulatory standards.  Policy designer: Gives security administrators vendor-specific configuration recommendations for each of the devices in the access path along with a graphical display.  Automatic change provisioning: Saves time and eliminates human error by implementing approved changes as part of the automatic workflow.  Automatic ticket verification: Automatic comparison of actual configuration changes to the original access request ensures that the request was fulfilled accurately.  SLA tracking: Definition and tracking of service level agreements for request workflows and for individual steps from submission through verification.  Complete audit trail: From the business user through implementation on the rule base or ACL.  Integration with BMC Remedy and other ticketing and help desk systems: Simple, rapid integration with leading IT ticketing systems.  SecureChange API: Easy to use API enables customization of ticketing workflows and integration with additional systems.For more information about SecureChange, visit© 2008, 2009, 2010, 2011, 2012 Tufin Software Technologies, Ltd. Tufin, SecureChange, SecureTrack, AutomaticPolicy Generator, and the Tufin logo are trademarks of Tufin Software Technologies Ltd. All other product namesmentioned herein are trademarks or registered trademarks of their respective owners.Security Change Automation 8/8