Rules, effectively applied, make customers both secure and nimble.

Lorna Garey

December 23, 2016

5 Min Read
Channeling Security: Tufin's Channel Push, Predictions Edition

Lorna GareyTufin’s specialty is network security policy orchestration, an area that CMO Pat Walsh says will become more critical in 2017 as customers move workloads to the cloud and M&A activity continues.

His logic: Organizations, especially large ones, typically have layers on layers of firewalls and other network devices to manage. Now they’re adding Azure or incorporating new employees after an acquisition. How do you help them ensure changes doesn’t open up holes that an attacker could cruise through?

“People tend to layer rules on rules,” said Walsh. “All that unnecessary complexity slows things down and makes it even more complicated.”

Tufin’s application suite helps partners or IT manage change and automate and orchestrate workflows. For partners that support multiple customers, Tufin recently launched SecureApp, which Walsh says provides visibility into application-to-application connectivity.

The 10-year-old company is seeing rapid growth — 65 percent in the first half of 2016.

“That attests to the demand that’s out there,” says Walsh. “We like the fact that we are adding new customers as well as continuing to serve our existing customers with new feature sets.”

Tufin’s customer base includes just over half of the top 50 Global 2000; it specializes in highly regulated and fast-moving enterprises.

“We have six of seven automotive manufacturers, trying to get that last one so we can say seven of seven, and three of the largest consumer financial-services companies,” said Walsh. “That being said, we have a number of what I call medium-sized businesses, targeted at half a billion and above.”

To handle growth, this summer Tufin enhanced its channel program, adding enablement tools and increasing margins. Most U.S. partners are resellers, often via distributors, but MSSPs are the fastest-growing segment.

“We have a robust vendor portal,” said Walsh. “We do a lot of lead generation, and we kind of retained those and worked them ourselves, but we found that we might not have been as effective with following up and qualifying them, just because we didn’t have a relationship with the end-user, but a lot of our partners do. So we have a lead-sharing program, and it’s been very effective because a lot of our channel partners are more regional in nature; they have stronger relationships.”

7 Looming Cybersecurity Risks For 2017: From unprecedented DDoS attacks to the convergence of physical and IoT security, plenty of threats loom over customers. Are you prepared to seize that opportunity? Download our free report now!

Tufin also has deals with firewall providers including Palo Alto and Fortinet, making the program attractive to these resellers.

“We’re enabling their customers to utilize the cloud alongside their on-premises infrastructure products,” he said. “If you have multiple [firewalls] and you’re not single source through one vendor, we could provide a single pane of glass to manage everything from.”

Cloud Complexity

Agility is a key motivation for customers moving workloads to the cloud — then reality hits, as many partners have found.

“I think when people go to the cloud they start to hear about security and security policy, and think, ‘Oh no, here we go, this is going to defeat the whole purpose,’” said Walsh, who also cites the PCI DSS 3.2 regulations that were published in April. He says the new rules, as well as the need to automate and orchestrate cloud security, play right into Tufin’s space.

“Initially PCI was just being aware,” he says. “This evolution is, how do you ensure that you remain compliant through all the changes that may be necessary? We are enabling that.”

Other selling points for partners are a robust set of REST-based APIs and professional services to add integrations that are not currently in place, important for customers with diverse sets of security products and ticketing systems.

Tufin has some advice and predictions for 2017.

In the recommendations column, Walsh says customers need to correlate threat detection data to produce meaningful information and, eventually, predictive analytics. That requires an open approach to the way suppliers do integration. Avoid silos.

Complexity is a big problem, and many customers lack a nice, organized, visual way of capturing a view of policy. Tufin released a USP, or Universal Security Policy, device that shows, zone to zone, not only whether or not zones can connect but which services are allowed and any restrictions in place. Partners can help map the customer’s actual security-policy landscape and spot possible unintended consequences. With policy automation, Tufin partners can also free up in-house security resources.

As for predictions, Tufin’s CTO, Reuven Harrison, built on Walsh’s themes:

  • Automation will help businesses address the IT security skills shortage. In 2017, businesses will invest in technology that helps them automate many IT security tasks, allowing employees to focus on the areas that truly require specialized skills.

  • We will see a data breach brought on by DevOps oversights. As technology evolves, and the threat landscape becomes more sophisticated, we must adjust and evolve accordingly. Of particular importance is the need to apply security within the DevOps process, ensuring compliance to internal and external security rules without slowing down the primary mission of the DevOps team. This will be a challenge, as security is not inherently baked into a DevOps culture of “move fast, break stuff.” In 2017, we could see a major breach that gets tracked back to the DevOps approach, causing DevOps teams to consider security more than ever.

  • President Trump will throw regulatory compliance into upheaval. With a newly-elected U.S. President entering the White House in January 2017, compliance regulations could change dramatically. If Trump holds true to his deregulation promises, and penalties for non-compliance with industry-wide security regulations are relaxed, then security teams have to find other ways to enforce security best practices. Conversely, Trump has also spoken at length about how the U.S. must strengthen cybersecurity. No one is sure yet exactly where he will stand on regulations, but either way, be prepared to react to changes.

Follow editor in chief @LornaGarey on Twitter.

Read more about:

Agents

About the Author(s)

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like