Tufin has announced that its Orchestration Suite addresses network security compliance needs for North American Electric Reliability Corp. Critical Infrastructure Protection Standard Version 5, which will become mandatory as of April 1, 2016.
NERC CIP V5 is a set of sophisticated requirements that demand cyber security tools to achieve stringent compliance objectives for today's complex power grid networks, which include a challenging mix of multi-vendor, legacy and new technologies. The Tufin Orchestration Suite enables Bulk Electric System (BES) covered entities to be fully network compliant with NERC CIP by providing:
- Visibility and central management of all organizational security policies via a single pane of glass – enforcing zone-based Unified Security Policy (USP) that facilitates the grouping of Cyber Assets, BES Cyber Systems and Impact Ratings
- Application-driven automation and network security change management – performing security automation activities while simultaneously ensuring that network changes adhere to the desired security and NERC CIP compliance policies
- Continuous compliance in physical, virtual and hybrid environments – delivering the required extensive audit-ready evidence of policy and NERC CIP regulatory compliance
"According to a recent University of Cambridge report, a cyber-attack on the North American power grid 'could cause between $243 billion to more than $1 trillion in economic damage.' Tufin not only understands the necessity of NERC CIP V5, but also the pain points that our customers in this industry face when transitioning to and implementing these new cyber security standards. This is especially true in multi-vendor, multi-technology environments with manual processes and legacy technologies in place," said Reuven Harrison, CTO, Tufin. "The Tufin Orchestration Suite meets this critical need for network security, automation and continuous compliance by providing the essential tools for a smooth transition to and compliance with NERC CIP V5."
Major energy companies in New England, the Southwest, Florida and California recently selected Tufin to help prepare for NERC CIP V5 compliance, as well as support their enterprise policy needs after discovering that their current processes were inefficient.
Benefits of Tufin's network change management solution for power companies include:
- Accelerated security change process with built-in documentation, auditing and reporting, as well as adhering to internal and external regulatory compliances
- Rule base clean-up, reporting, auditing and provisioning implemented to not only serve day-to-day network management, but also help adhere to NERC CIP compliance
- Significant cost savings with network security change management by dramatically reducing implementation time and the probability of human error while also addressing compliance with NERC CIP V5
"We are stressing the value of continuous auditing and automation tools like Tufin to our customer base," said Christopher Beyer, Co-Founder and CTO, SYNACKTEK, LLC. "In addition to automating, monitoring and reporting tasks required for compliance with NERC CIP Version 5, Tufin Orchestration Suite provides visibility across the entire network and allows enterprises to view the true impact of changes to their end-to-end security policy."
"Our customers chose Tufin because of the urgent need for more efficient firewall rule change management instead of current manual processes which in some cases take upwards of 30 days for a single change," said Reuven Harrison. "Meeting the required compliance standards is not only essential, but also aids in reducing the network attack surface. This all affects the bottom-line since compliance violations can result in heavy fines and lost business. Tufin's Orchestration Suite provides the necessary automation to speed up processes, increase accuracy, reduce cyber risk and—above all—ensure continuous compliance."