What is IPAM Security Policy App?

To view the TOS Classic Knowledge Center for IPAM Security Policy App, click here.

Overview

IPAM Security Policy App (ISPA) is a Tufin extension (formerly Tufin Marketplace app) that integrates between SecureTrack and external IP address management solutions (IPAMs). You can use ISPA to create and maintain accurate SecureTrack zones, increase the value gained from your existing security tools, and maintain consistent visibility over network risk. This will enable you to define better governing policies within the USP and help ensure that the network address accuracy is consistent with ongoing changes to your network.

The integration is accomplished through regularly-scheduled (or optional manually-initiated) syncs with your existing IPAMs. ISPA collects the subnets from your existing solutions and imports them directly into SecureTrack, already mapped to the correct domain and network zones. The scheduled syncs allow you to automate your subnet data retrieval and sync processes, which will enable you to receive alerts on inadvertent policy violations, and ensure more accurate change management.

ISPA offers the following capabilities:

Why do I Need ISPA?

ISPA offers analytics capabilities that can be used to gain valuable insights on important KPIs, such as subnet distribution between multiple IPAMs or SecureTrack zones, shadowed and duplicate subnets, and time-based network management trends that will help you analyze and understand the impact of the changes to your broader network.

With this information, you will be able to use ISPA to better analyze how your network is managed:

  • Total number of subnets gathered
  • Total number of duplicate and shadowed subnets
  • Breakdowns of subnets by SecureTrack zone or IPAM
  • Trends in network changes

This knowledge allows you to take better advantage of TOS's network management capabilities, give you greater visibility of weaknesses and redundancies on your network, define better governing policies in the USP, and track your progress to achieving a single source of truth in your IPAM.

In addition to the automated scheduled syncs, ISPA also supports manual syncs if you need to gather subnet data outside the predefined schedule.