Posted on Aug 31st, 2021 by Apurva More

In the last two years, we’ve witnessed companies’ increased need to quickly adjust their resources to handle unexpected network access changes. For the most part, organizations have now stabilized their networks and access to resources; however, the impact of the changes, as well as the need to grow the business via transformation, will top the agenda at the management meetings.

Throughout this period of uncertainty, it’s been especially challenging to maintain the critical balancing act between supporting growth and managing enormous changes to ensure secure and compliant network infrastructure. Let’s take a look at three scenarios that affect the security and compliance posture of your organization due to unforeseen changes:

Manual error prone change processes 

The move to quickly address unexpected scenarios results in an abundance of network access change requests. Overreliance on manual processes to assess the impact of access changes can be both cumbersome and time consuming. This approach may work in small settings, but as you scale up to accommodate constant changes and drive growth, this manual process will limit the extent of reliable assessment, as well as losing the context and history of the changes made to your network security devices. Any changes made with improper assessment will lead to misconfigurations that can increase the attack surface and expose your network to malicious attacks.

Poor resource utilization

Organizations’ networks are diverse, and therefore, complex by nature. Network and security teams are now stretched thin to effectively support their organization’s immediate needs. Adding newer network security devices may require your teams to acquire new skills to manage these devices, as well as take the focus away from strategic projects that can potentially fuel your company’s growth.

Increasing technical debt

Today’s, fast paced network environments often lead to redundancy and introduce technical debt associated with cluttered and complex environments. Changing roles, responsibilities and employees leads to knowledge lost in transition, resulting in an excess of unwanted and unauthorized changes. Troubleshooting a network with such complexities becomes a tedious time and resource consuming operation.

Enabling a secure and compliant infrastructure with orchestration and automation

Tufin, a valued Fortinet Fabric-Ready partner, provides the necessary tools that can help you take control of your network and security needs via integration between Tufin Orchestration Suite and FortiGate Firewalls and FortiManager. 

Automation leads to efficiency

The demand for new access and change requests have reached mega proportions for two reasons -- users are now requesting access to various productivity tools and resources to work remotely and the surge in deployment of new security devices to scale and secure the new perimeter. With Tufin Orchestration Suite, you can ensure access changes will be assessed in accordance with your organizations global security and compliance policy guardrails, and that it will be deployed automatically within minutes instead of days. Even complex changes that require deeper analysis can be implemented through a simple and auditable workflow via native or third-party ITSM tools. 

The illustration below is an example of a change request workflow implemented via Tufin SecureChange. Once the request is submitted, SecureChange automatically identifies the network devices where changes will be required, as well as any risk associated with the change request as defined by the organization’s compliance policy guardrails. After the request has been reviewed and approved, SecureChange automatically provisions and verifies the changes. This workflow uses a moderate level of automation, however the level of automation can be increased or decreased according to an organization’s requirements.

Simplifying management with visibility

Managing and securing a diverse multi-vendor network environment can be simplified through comprehensive visibility of your network topology and the ability to leverage native features to secure your organization’s critical assets. Fortinet NGFW provides granular controls, such as Fortinet Web Filtering and FQDN to secure your resources. In turn Tufin Orchestration Suite will help you to leverage these NGFW features, in addition to standard firewall visibility in a diverse multi-vendor environment

By achieving full network security and compliance, your teams can now focus on priority growth projects and shorten both the learning and the management curve of complex diverse environments. The image below illustrates the network topology with Fortinet appliances in a hybrid environment.

Decluttering technical debt

Periodic review of the rule base on each security device in your network will ensure network security and stability. Obsolete and shadowed rules can be identified and decommissioned through automation, while Tufin Orchestration Suite will guarantee that only relevant access rules are retained. A clean ruleset reduces troubleshooting time, and a clear audit trail also preserves the historic context and business justifications, facilitating proper handover during transitions.

In the example below, we have highlighted the rule cleanup process to show how it works. Here, duplicate network objects, which may represent legacy objects or generally poor network hygiene, are easily identified, and can be aggregated or removed.

Conclusion

With the surge in organizations’ digital transformation, unexpected network changes are here to stay, and companies will inevitably be in a constant state of flux just to keep up. Maintaining business growth and agility requires a fine balance that can be achieved with comprehensive management and control of dynamic and complex environments. Driving security and efficiency through robust security solutions from Fortinet and orchestrating the resulting infrastructure with Tufin Orchestration Suite through visibility and automation will ensure a secure and compliant infrastructure without sacrificing speed and agility.

Watch the video below to learn how Tufin and Fortinet work together to increase your security and compliance across the hybrid cloud. 

Special offer for our readers 

Gain visibility of your Fortinet infrastructure in a multi-vendor environment with Tufin Firewall Change Tracker. Quick and easy to install, with just a few clicks, it’s up and running. Tufin provides all of the necessary documentation to help users install and use the tool. 

Download the free Tufin Firewall Change Tracker tool.