Author Archive

Firewall Policy Management Webcast with Gartner’s Greg Young

March 29, 2010
We recently had a chance to catch up with Greg Young, Gartner’s research VP on Firewalls, and discuss the Firewall Policy Management market.

Greg spoke about several topics:

Greg Young
  • Why has firewall policy mgmt become a challenge for companies today?
  • How effectively are companies handling firewall auditing and compliance requirements?
  • What can companies do to manage their network security operations more efficiently?
  • How can automated solutions be used to manage risk?
  • Are these issues also relevant for other parts of the network infrastructure?
  • What are the advantages of using business process automation for security change requests?
  • What is the role of firewall policy management, auditing and change automation solutions for MSSPs?
  • The result is a very interesting (IMHO) 34 minute video, with Greg talking about the topics listed above, as well as a segment featuring yours truly, sharing Tufin’s vision and thoughts on this market.


    Record sales and growth in 2009, market validation by Gartner

    March 10, 2010

    Hi everyone,

    It’s been a while since my last post…

    First off, today we announced record numbers and growth in 2009: 45% revenue growth over 2008, over 4000% aggregate revenue growth in the past 5 years, moving from 280 to over 500 customers, and much more. It was especially challenging to achieve this in a year like 2009, which was not “optimal”, to say the least. We maintained profitability and were again cash-flow positive (we’ve always been cash-flow positive, and it’s a tradition we expect to continue).

    Those of you at Tufin, as well as our customers and partners, know that the real “secret sauce” is having great people – it’s a pleasure and an honor to work with such a talented team, and I’m constantly inspired by everyone at the company.

    We are continuing our growth in 2010 with many new open positions, in sales, marketing, support and R&D – we’re always looking for great people to join the Tufin family.

    Another interesting piece I heard today was a podcast by Vic Wheatman and Greg Young, VP of research at Gartner, who specializes in network security and firewalls (podcast available for Gartner customers only). The podcast topics were mostly Next Generation Firewalls, and Firewall Policy Management. Greg indicated that the two areas of innovation around the firewall space are the NG firewalls, and of course the area of Firewall Policy Management. Firewall policy optimization and workflow were mentioned as topics that  are key, and referred to as the future of firewalls.

    Greg is absolutely right in his assessment of the market – we’ve been talking about this for the past few years, and now it seems that the concept of vendor-neutral firewall policy management has finally taken hold. The market validation is there (500 enterprise customers can’t be wrong), and the products have matured enough to be widely accepted. It’s great to have validation not just from the customers, but also from the security experts and opinion leaders out there.

    Oh yeah, almost forgot – RSA Security last week was great, here are a few pictures:

    Tufin Team at RSA Security, 2010

    Take care,


    John Pescatore on firewall complexity

    June 15, 2009

    Gartner’s John Pescatore wrote an interesting blog post today on firewall rule base complexity – “A Storm in Any Port” (firewall buffs will appreciate the pun – “Any Port”…)

    We’ve been preaching about the complexity and inherent risks of large firewall rule bases for years, and it’s always great to receive validation from one of the most influential people in IT security.

    Here are a couple of key quotes, in my opinion:

    “… it is pretty rare to find an enterprise firewall policy that anyone is really sure about exactly what policy the rule set actually implements. Most firewall rule sets have mutated through incremental adds/drops/changes over the years and have turned into gargantuan linear lists that now have a life of their own.”

    “Often you’ll find that easily 30% of the exceptions are no longer needed.”

    The only thing missing from this great post is the solution – well, guess what:  we have it… Using Tufin SecureTrack, you can manage firewall policies proactively, and clean up unused firewall rules and objects. In some cases, we’ve seen customers with close to 50% of their firewall rule completely unused over a long period of time, out of hundreds of rules.

    It’s time for some spring cleaning, folks…

    Outsourcing Firewalls to MSSP

    June 5, 2009

    To anyone that’s been around the security industry for a while, the outsourcing of firewall management to Managed Security Service Providers (MSSP) is a fact life. The main players in this industry, estimated by Forrester at $3 billion in 2008, are well known names: AT&T, Verizon Business, EDS, Verisign (now SecureWorks), and several others.

    Like many other IT outsourcing trends, the underlying reasons are cost savings and operational efficiency, with clear economic advantages for the MSSP vs. internal IT resources. The top MSSP’s focus on security operations management, retain highly-skilled personnel, maintain best practices across their customer base, and manage a 24×7 NOC / SOC. In addition, due to the sheer size of their infrastructure (hundreds to thousands of firewalls), MSSP’s receive major discounts from manufacturers for the underlying firewalls / routers / switches / servers / etc. All of these factors enable MSSP’s to dramatically reduce operational cost, and pass on the cost savings to the customer.

    There are various challenges in working with MSSP’s, mostly related to giving up control over a complex and sensitive IT process, with a fine line drawn between the internal IT team and its interface with the MSSP. Organizations that have a corporate security policy and are governed by regulations mandating operational control, need to be able to retain some control over security configuration changes, and to be able to effectively manage the potential risk inherent in the outsourcing of security operations.

    Here’s the first article in a series on the issues around outsourcing Firewalls to MSSP’s.


    May 29, 2009

    Hi everyone,

    Welcome to Tufin’s blog!

    This is the corporate blog for Tufin Technologies, which leads the Firewall Operations Management market.

    Several people are going to write, mostly about security management, Tufin, firewalls and other topics.

    I hope you find it interesting, and keep coming back!

    Take care,