I'm wondering what is the best firewall change management product. I'm looking into Tufin, AlgoSec and RedSeal. Looking for Firewall Control Management tools that will handle making changes to firewalls, routers, switches. It should also able to handle different hardware such as Juniper and Fortinet, all while making sure it is in compliance with standards NIST 800-53 and 800-171, CIS csc 4 & 20.
What are the pros and cons of these products listed above?
Just looking for a tool that is easy to use, implement and keep running smoothly.
I work for Tufin and hopefully my response will be helpful, though I do not have experience with other products.
From my conversations with some of our customers, I believe a solution for firewall change management has to be reliable, scalable and auditable. Reliable because network and security teams need to be sure that the only changes implemented in the network are ones that do not compromise network security or connectivity, and that all changes are recorded and auditable.
Tufin puts a lot of efforts into reliability, whether by proactively examining every change against a central network security baseline, or by providing the most accurate change design and topology simulation (based on the most comprehensive support for routing technologies and protocols). Our customers leverage end-to-end automation, including full provisioning, with confidence that they are not introducing risks of security violations or connectivity outages, and that the changes that are implemented fully correspond to the original requested change.
I also learn from our customers that the solution must scale to their environment, whether by supporting different platforms and vendors (including Juniper, Fortinet, Cisco, Check Point, Palo Alto and Stonesoft), or by supporting a large and complex network with thousands of routers and firewalls and a growing number of changes, or by extending to SDN and cloud platforms to enable security policy orchestration across hybrid networks. Tufin is committed to supporting the largest enterprise networks and the broadest set of platforms and vendors, whether in physical networks, SDN platforms or public cloud, so we can support our customers as they migrate their network infrastructure.
Last but not least, our customers are looking for a change management solution that is fully auditable and can ensure compliance with industry regulations. Audit readiness is not a single feature or report. To ensure continuous compliance:
* The change process must adhere to the compliance policies of each enterprise (including integration with any other change management system like BMC Remedy, or Service Now),
* Each change has to be recorded and justified and examined for compliance violations, and
* There has to be a way to prove auditability and accountability to the auditor.
To facilitate continuous compliance, Tufin provides a flexible workflow engine and reporting mechanism, as well as the proactive and reactive analysis capabilities for each change.
I hope this was helpful and would like to extend an invitation to contact us so we can connect you to a reference customer who can answer all your questions.
It depends which Industry you are in and how big the size of your organization is. Redseal requires more money than any other solution. Overall Tufin is cost effective and easy to use. It will work for different types of hardware and we have not seen issues with it other than a few minor ones. I highly recommend looking into Tufin.