On This Page
SecureChange Overview
SecureChange is a change management application with features designed especially for firewall policy change requests. SecureChange is part of Tufin Orchestration Suite (TOS), along with SecureTrack and SecureApp.
SecureChange manages the entire lifecycle of a security policy change request, from request submission through design, security assessments, approvals, and implementation. The workflow and steps for handling each type of request are fully customizable.
SecureChange Capabilities
SecureChange lets you:
-
Submit requests for network access
-
Design policy rule changes according to access request types and network and service objects from firewall databases retrieved from SecureTrack. This simplifies and reduces errors in workflow and request configuration.
-
Enforce compliance with organizational policy by correlating change requests with SecureTrack Compliance Policies.
-
See automated policy change recommendations with Policy Designer, which uses SecureTrack data to define the correct rule to provide the requested access.
-
Verify automatically against the firewall policy in SecureTrack that the requested change is implemented.
-
Track and Audit policy changes against the actual change requests.
-
Automatically provision changes to supported devices.
The SecureChange Solution
SecureChange automates network security access requests using business process automation and in-depth security analysis. SecureChange makes changes easier, and more accurate, for everybody involved from the person submitting the request, to the manager who has to approve, and especially for the network and security administrators.
Vendor-Neutral Change Processes
Most large organizations manage more than one type and brand of firewall and router. Network teams need to acquire expertise in multiple systems and to integrate each of them with management systems. SecureChange provides a uniform interface for managing all leading enterprise firewalls and routers.
Network Topology Intelligence
SecureChange analyzes both the request and the network Interactive Map to automatically identify the relevant devices and policy elements. It provides a network-wide view of the access request making it easy to understand whether or not the access is already permitted, and which devices are allowing or blocking it.
Intelligent Policy Design
After identifying the relevant devices, SecureChange recommends the optimal policy change. It provides vendor-specific suggestions on the rule and ACL changes needed in order to provide access while maximizing security and performance.
Automated Change Provisioning
If SecureChange 's recommended rule or ACL change is accepted by the administrator, SecureChange automatically implements the change, thereby reducing the time and increasing the accuracy involved in implementing access requests.
Proactive Risk Analysis
SecureChange assesses risk and compliance before – and after – changes are made. During the initial change design process, SecureChange checks the change request against corporate security and compliance policies and alerts you to possible conflicts, so you can make an informed decision. After a change is completed, automatic verification determines whether the actual configuration change is aligned with the original request.
Change History and Documentation
Throughout the change lifecycle, SecureChange maintains comprehensive ticket and process documentation, eliminating the need for painstaking information gathering and analysis before internal and external audits.
Interoperability through RESTful APIs
SecureChange features a RESTful API framework to enable interoperability with other systems. It easily integrates with service management systems, including BMC Remedy and ServiceNow to support a continuous change process. Self-service portals can integrate with SecureChange to enable automated change provisioning for network configuration changes.
Customizable Workflows
SecureChange’s visual workflow editor, allows you to create an unlimited number of businesses processes out of simple building blocks such as steps, forms, fields, assignments, and conditions. Task assignment and workflow logic can be based on conditions such as risk level, network zones and custom field values.
Separation of Duties
SecureChange uses the organizational LDAP directory to apply permissions to users and groups. These permissions effectively define SecureChange administrators, requesters, and task handlers for each step of each workflow.
Service Level Agreements
SecureChange provides tools for managing service-level agreements and request expiration.
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague
