© 2016 Cisco | Tufin. All rights reserved.

Orchestrating Application Connectivity with Cisco ACI and TufinManaging Application Connectivity and Security with Cisco Application Centric Infrastructure and Tufin Orchestration Suite

Benefits• Enhance agility with application-centric automation for network security policy changes.

• Reduce complexity by managing enterprise security policies from a single pane.

• Strengthen your security posture by extending microsegmentation across physical, virtual, and cloud networks.

• Reduce time and effort invested in audit readiness with continuous compliance.

• Gain visibility into security and connectivity across cloud and on-premises infrastructure.

• Increase control with a unified console across the various components of an application-centric infrastructure: the Cisco ACI fabric switches and firewalls.

Solution Overview

© 2016 Cisco | Tufin. All rights reserved. 2

Agility is the single most-critical competitive factor in today’s business landscape. To be successful, enterprises must develop and deploy applications faster than their competitors. To meet this need, Cisco has introduced a software-defined network (SDN) architecture: Cisco® Application Centric Infrastructure (Cisco ACI™).

Cisco ACI is a policy-based network automation solution that integrates physical and virtual environments to achieve consistent control and visibility for accelerated application delivery, reduced operating costs, and greater business agility.

At the same time, cybersecurity has become a top priority for enterprises, which are being targeted on a regular basis. Cisco ACI improves network security through microsegmentation, Layer 4 through 7 automation, and a whitelist-based policy model.

Tufin Orchestration Suite is a unified platform for orchestrating application connectivity across the enterprise network. It provides visibility, compliance, and automated provisioning for application flows across heterogeneous environments, including firewalls, hybrid cloud platforms, and now also Cisco ACI (Figure 1).

Figure 1. Cisco ACI with Multivendor Security Policy Orchestration from Tufin

Software-DefinedNetworking

Security PolicyOrchestration

Visibility

Compliance

Automation

App

Cisco APIC

APIC

Provisioning

1

2

3

Tufin at a GlanceOffices: North America, Europe, and Asia-Pacific

Customers: More than 1700 in over 50 countries

Leading Vertical Markets: Finance, telecom, energy and utilities, healthcare, retail, education, government, manufacturing, transportation, and auditors

Channel Partners: More than 240 worldwide

Technology Partners and Supported Platforms: Amazon Web Services, Blue Coat, Check Point, Cisco, F5, Fortinet, Forcepoint, Juniper, Microsoft Azure, OpenStack, Palo Alto Networks, and VMware

Supported IT Service Management Platforms: BMC Software, ServiceNow, HP Service Manager, and others

© 2016 Cisco | Tufin. All rights reserved. 3

Application Visibility and ControlThe integration of Tufin Orchestration Suite with Cisco ACI enables customers to standardize application security policies across multiple security enforcement points in the Cisco ACI fabric. It enables security teams to visualize and control changes to application profiles, including their endpoint groups (EPGs) and contracts, along with firewall policies, access control lists (ACLs), and cloud security groups, thereby gaining tight control over the network security posture. Tufin’s support for heterogeneous environments provides comprehensive security insight into the Cisco ACI fabric from a single pane (Figure 2).

Figure 2. Orchestration of Secure Application Connectivity across Heterogeneous Environments

Application Compliance and Audit Readiness with Unified Security PolicyTufin Orchestration Suite and Cisco ACI enable security managers to apply and manage a unified security policy across their on-premises infrastructure and hybrid clouds. Tufin manages all security policy changes using an auditable, documented change process with inherent security and compliance checks. With a comprehensive audit trail for all changes, the Tufin Orchestration Suite also helps ensure compliance with internal and regulatory standards. Customers can configure alerts and reports to instantly identify and remediate violations, reducing the time and effort needed to achieve audit readiness (Figure 3).

© 2016 Tufin, Unified Security Policy, Tufin Orchestration Suite and the Tufin logo are trademarks of Tufin. All other product names mentioned herein are trademarks or registered trademarks of their respective owners.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

C22-737540-00 07/16

Figure 3. Tufin’s Unified Security Policy Matrix: Define and Enforce Security Baseline across Hybrid Networks

Automated Provisioning for Application Connectivity PoliciesAfter the application connectivity requirements are defined by the application owner, you can use Tufin Orchestration Suite to automate provisioning of security policies across the leading security platforms, including enterprise firewalls and hybrid-cloud platforms. Change provisioning is performed using a predefined business workflow, which helps ensure compliance with internal and regulatory standards across the enterprise.

For More InformationVisit www.cisco.com/go/aci.