Firewalls get simpler admin with Tufin SecureApp tool

Make firewalls application-aware

Security firm Tufin has announced SecureApp, a new product it claims dramatically simplifies firewall management by building security policies entirely around the needs of applications.

It's not often that a company claims it has come up with a new way of managing firewalls let alone one that removes their feared complexity but the Israeli company is convinced it is onto something.

According to the company's own research, firewall changes to accommodate applications are now the single biggest chore of firewall operations and the one that comes with the greatest potential for mis-configuration and risk.

Integrating as a part of the company's Tufin Security Suite, SecureApp allows security management to become completely "application aware," building a policy for each application in use.

In practice, admins can monitor, troubleshoot and de-commission individual applications without having to dive into a large numbers of different policies and rules for each.

SecureApp-defined also policies work across multiple firewalls and devices (including from different vendors), removing the need to build rules on each one.

Admins can start to look at their firewalls as systems for managing applications, drilling down to study individual users, connectivity and servers, the company said.

"The majority of our firewall changes are application related. We knew we were spending far too much time on tasks like application deployment and decommissioning, and wanted to manage application-related firewall changes from a business process perspective instead of hunting for connectivity data spread across our entire infrastructure," said SIX Group's Christoph Littwin, quoted by Tufin as a customer reference.

In Tufin's view the benefits were even more basic.

"Most firewall policies are more permissive than they need to be," said Tufin CTO, Reuven Harrison. "With this in place you can tighten your policies."

The cure to firewall complexity was to stop seeing policies as an end in themselves, something that had been inherited from generalised policies used to monitor software ports and protocols. Applications now dominated business networks, he said.

"It's a tool that improves efficiency but it also improves security," he said. A full list of features is available on Tufin's website.

SecureApp pricing is dependant on licensing of other Tufin applications SecxureTrack and SecureChange but starts at $45,000 for 10 managed applications.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos Mobile Control

Data protection, policy compliance and device control for mobile devices

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »