Tufin Software Technologies Ltd. (Tufin), together with its subsidiaries, develops, markets, and sells software-based solutions that help organizations visualize, define, and enforce a unified security policy across complex, heterogeneous network environments.
Tufin’s solutions automate security policy management, and allow organizations to gain visibility and control over their IT and cloud environments. Substantially all of the company’s sale of products and services worldwide are made throug...
Tufin Software Technologies Ltd. (Tufin), together with its subsidiaries, develops, markets, and sells software-based solutions that help organizations visualize, define, and enforce a unified security policy across complex, heterogeneous network environments.
Tufin’s solutions automate security policy management, and allow organizations to gain visibility and control over their IT and cloud environments. Substantially all of the company’s sale of products and services worldwide are made through a global network of distributors and resellers, which sell the products and services to their end-user customers.
The company is pioneering a policy-centric approach to security and information technology (IT) operations. The company transforms enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud environments. The company’s products govern how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers to reduce the time to securely implement complex network changes from days to minutes. The company has developed highly differentiated technology with four main pillars, as described below.
Policy-Centric Approach: The company enables enterprises to visualize, define and enforce a unified security policy that acts as the foundation of governance and control, replacing ad-hoc configurations across fragmented networks.
Automated Network Changes: The company automates the network change process across complex, heterogeneous environments, increasing business agility, enabling faster application deployment and reducing human error.
Data-Driven Insights: The company’s approach draws data from across a customer’s IT and cloud environments, providing insights on connectivity and end-to-end visibility across the network.
Open and Extensible Framework: The company’s open solutions serve as a centralized control layer for its customers’ networks and cloud environments, and can connect to a wide range of third-party technologies through application program interfaces, or APIs.
The company offers four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. The company also offers a digital platform of applications and extensions through the Tufin Marketplace. SecureTrack, SecureChange and SecureApp enable enterprises to visualize, define and enforce their security policy across heterogeneous networks, both on premise and in the cloud. SecureTrack serves as the foundation of SecureChange and SecureApp. SecureTrack provides visibility across the network and public cloud, and helps organizations define a unified security policy and maintain compliance. SecureChange provides customers with the ability to automate changes across the network and public cloud while maintaining compliance with policy and security standards. SecureApp provides application connectivity management and streamlines communication between application developers and network engineers. SecureCloud provides cloud security policy management for cloud-native environments. The Tufin Marketplace provides apps and extensions from Tufin and the company’s community of cybersecurity partners that maximize return-on-investment by enhancing the overall value of security policy management implementations.
While historically the company sold its products primarily as an on-premises perpetual license with annual maintenance, in 2021 the company initiated its transition to a term-based subscription license model. The company sells its products and services through its sales force, including its field sales team and its inside sales team, which works closely with its global network of over 150 active channel partners as of December 31, 2021. The company’s channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain its products and services.
Products
Security and IT operations management has become an increasingly resource-intensive and high-risk task for enterprises. The accelerating pace of business and technological developments require numerous application and infrastructure changes, and enterprise networks are becoming increasingly complex. Enterprises often rely on their in-house network and security teams to manually process change requests, which increases the risk of human error and cybersecurity vulnerabilities and delays the pace of application releases.
Enterprises use the company’s security policy management products to create a unified security policy and give them the ability to implement accurate network changes in minutes instead of days while improving their security posture and business agility. The company offers four products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and SecureCloud. SecureTrack, SecureChange and SecureApp enable enterprises to unify, visualize and control their security policy across heterogeneous networks, both on premise and in the cloud. SecureCloud provides visibility and control into the security posture of cloud-native and hybrid cloud environments.
In 2020, the company launched the Tufin Marketplace, a digital platform where customers can find and deploy apps and extensions that enhance the overall value of their security policy management implementations. Powered by Tufin and the company’s community of cybersecurity partners, the Tufin Marketplace provides apps that maximize return-on-investment by integrating security policy data with other security technologies and practices.
As of December 31, 2021, the most popular apps developed by Tufin and offered through the Tufin Marketplace are the SecureTrack Reports Pack, SecureChange Reports Pack and the Vulnerability Mitigation App.
Security Policy Automation for the Extended Enterprise
The Tufin Orchestration Suite provides a policy-centric solution for automatically designing, provisioning, analyzing and auditing enterprise security changes. From applications to firewalls, the company’s products provide advanced automation capabilities to increase business agility, eliminate errors stemming from manual processes and ensure continuous compliance through a single interface. The company’s unified security policy empowers network and IT security teams to effectively safeguard complex, heterogeneous environments through a central security policy, which can be applied over all of their IT and cloud environments and across different platforms.
The majority of the company’s customers initially purchase SecureTrack to monitor a portion of their networks. Initial product deployments frequently expand across networks, departments, divisions and geographies in response to a need for an enterprise-wide approach for security policy management, as well as the need to automate the network change process. The company’s land and expand sales strategy capitalizes on this potential. As it expanded its portfolio of solutions within the Tufin Orchestration Suite, customers have increasingly purchased SecureChange and SecureApp on top of their initial transactions. With the accelerated adoption of cloud infrastructure for application workloads, customers are purchasing SecureCloud to expand their visibility and control through security policy management into cloud-native and hybrid cloud environments.
SecureTrack: Enterprises use SecureTrack to understand their enterprise security infrastructure and manage a wide range of devices from a central console. SecureTrack enables security administrators to define and manage a centralized security policy, minimize the attack surface and ensure continuous compliance across the network. SecureTrack also provides a foundation for the company’s customers to use SecureChange and SecureApp, and delivers the following key benefits:
Policy Definition: SecureTrack includes the company’s unified security policy, which visualizes, defines and enforces a zone-to-zone segmentation policy that dictates how users, systems and applications can communicate across the entire enterprise. The company’s unified security policy serves as the security policy framework for the Tufin Orchestration Suite.
Security and Compliance: SecureTrack provides monitoring, assessment and alerts on security and compliance risk, ensuring real-time accountability, transparency and consistency with the unified security policy. It also generates a variety of configurable audit reports that support regulatory compliance standards.
Visibility: SecureTrack builds a dynamic topology map of network connectivity across the enterprise and the cloud. It also provides real-time visibility into all security policy configurations and changes. This visibility enables security teams to efficiently manage configuration changes, troubleshoot problems and prepare for audits.
SecureChange: SecureChange is the change management and automation component of the Tufin Orchestration Suite. Enterprises use SecureChange to quickly and accurately assess, provision and verify security configuration changes across physical networks and cloud platforms, while maintaining security and compliance. SecureChange delivers the following key benefits:
Business Agility: SecureChange increases business agility through security change automation. It automates manual change processes, giving them the ability to implement changes in minutes instead of days.
Security and Compliance: SecureChange proactively checks every change request for risk and compliance against the unified security policy before and after changes are implemented. It also maintains comprehensive ticket and process documentation, which reduces the need for painstaking information gathering and analysis before internal and external audits.
Control and Accuracy: SecureChange reduces inaccuracies due to human error through automated change design and provisioning for multi-vendor environments.
SecureApp: SecureApp is the application management and secure connectivity automation component of the Tufin Orchestration Suite. Enterprises use SecureApp to define, manage and monitor network connectivity for their applications. SecureApp delivers the following key benefits:
Visibility and Control: SecureApp provides an intuitive interface to define application-critical connectivity needs. It serves as a central repository of application connectivity requirements and indicates current connectivity status.
Business Continuity and Agility: SecureApp monitors network device configurations and alerts security administrators to changes that could affect application availability. SecureApp also provides graphical diagnostic tools that help the company’s customers identify, troubleshoot and automatically repair connectivity issues. By providing detailed insight into an application’s connectivity needs and status, SecureApp accelerates service deployment, provides business continuity and simplifies network operations.
Security and Compliance. SecureApp proactively creates clean, reliable network configurations. It automatically recommends policy rule changes and decommissions unnecessary network access paths that can lead to a security breach.
SecureCloud: SecureCloud is a security policy management service for cloud-native, multi-cloud, and hybrid-cloud applications and workloads. Enterprises use SecureCloud to gain visibility into their cloud security posture, establish security policy guardrails, and ensure compliance with these security policies by integrating with DevOps processes and tools to reduce risk and maintain security without compromising speed and agility. SecureCloud delivers the following key benefits:
Visibility: SecureCloud provides visibility into the security of application connectivity in the cloud through the assessment of cloud access controls. SecureCloud displays vulnerabilities and overly permissive access paths. ensuring adherence to industry standards and best practices.
Security Guardrails: SecureCloud defines policies to secure application connectivity across cloud-native, multi-cloud, and hybrid-cloud -platforms. SecureCloud automatically generates the cloud-native control code required to enforce these policies, saving enterprises the cost and overhead of using third-party products that introduce proprietary control points across their cloud environment.
Continuous Compliance: SecureCloud integrates directly into cloud-native application development processes and DevOps CI/CD automation pipelines, ensuring continuous compliance checks of enterprise security policy throughout the entire life-cycle of cloud application development and deployment efforts.
Enterprise-Wide Security Policy Management: With SecureCloud, Tufin Orchestration Suite provides a comprehensive platform that enterprises can use to manage security policies across their entire estate, from on-premise to hybrid cloud environments.
Vulnerability Mitigation App (VMA): The Tufin Vulnerability Mitigation App (VMA), offered as part of the Tufin Marketplace, enables organizations to prioritize remediation?and mitigation?efforts by enhancing vulnerability scanner output with network insights. By combining vulnerability measures (e.g. CVSS and severity) with insights into?how these vulnerabilities may be accessed?and exploited via the network, customers have the context to identify and address vulnerabilities that pose the greatest threat to their critical business assets.
Out-of-the-Box Integration: VMA provides out-of-the-box integration with the most widely used vulnerability management solutions, including Rapid7 Nexpose, Rapid7 InsightVM, Qualys VMDR, Tenable.io, and Tenable.sc.
Risk Mitigation: Tufin VMA automates risk mitigation by implementing network changes that block access to the critical asset until vulnerability remediation efforts can be fully implemented.
Comprehensive Dashboard: VMA also includes a comprehensive dashboard, monitors and measures risk exposure over time, and highlights overall vulnerability exposure and the impact of mitigation and remediation efforts networkwide.
Technology
The company’s comprehensive security policy management solutions rely on a set of proprietary technologies that provide a high level of security, scalability and performance. The company’s core technologies, which serve as the foundation of both its network and cloud-based products, include analysis engines, a provisioning engine, Application Programming Interface (API) integrations and infrastructure technology.
Analysis Engines
Topology Intelligence: The company’s topology intelligence engine uses network routing algorithms to calculate the paths between different points on the network and provides its customers with a graphic display of devices and data flows. Network administrators use the company’s topology intelligence to quickly determine, which devices and cloud platforms a network connection can traverse, which enables them to automate network path analysis and troubleshoot issues.
Network Usage Analysis Engine: The company’s network usage analysis engine detects unused elements of a security policy by analyzing network flows and traffic hits over a specified time period. The company’s technology leverages an automated workflow process to decommission unnecessary access and reduce the attack surface.
Policy Analysis Engine: The company’s policy analysis engine calculates the expected connectivity and access behavior of network devices and cloud platforms. Security administrators can use different parameters and logic to determine in real time if supported network devices and cloud security groups will allow or block specific connections.
Risk and Compliance Analysis Engines: The company’s risk engine proactively analyzes risk by identifying potential security violations, checking the existing configuration or the proposed access changes against the unified security policy. The company’s compliance analysis engine creates an audit trail in real time by automatically documenting any remedial changes.
The company’s technology also provides cloud-based security automation for applications developed in CI/CD mode. The company’s CI/CD vulnerability scanning and compliance validation embeds security at the development and testing stage, and enables its customers’ DevOps teams to quickly identify security issues, reducing the probability of vulnerabilities in production environments.
Change Designer Engine: The company’s change designer engine automates enterprise security access requests. It first identifies the connection-relevant network devices and cloud platforms based on topology intelligence, and then recommends the optimal policy change based on information from the policy analysis engine. The company’s technology provides vendor-specific suggestions that maximize security and performance, while offering accurate configuration changes designed to be intuitive and user friendly.
Provisioning Engine
Change Provisioning Engine: The company’s technology automatically implements policy changes approved by security administrators. The company’s automated change provisioning engine supports all major network, security and cloud vendors. In zero-touch automation mode, the company’s technology automatically applies recommended policy changes without the need for human intervention.
API Integrations
Extensible APIs: The company’s technology features a RESTful API framework to enable extensibility and interoperability with third-party systems, including ticketing and service management systems, such as ServiceNow and BMC Remedy. The company’s professional services team, as well as its customers and partners, use the API framework to supplement the Tufin Orchestration Suite with additional functionality by integrating with the third-party security ecosystem. The company integrates with leading network and cloud platforms, such as Checkpoint, Cisco, Fortinet, Palo Alto Networks, F5 Networks, Forcepoint, Juniper Networks, VMware, Amazon Web Services (AWS), Google Cloud, Microsoft Azure and Kubernetes, to provide vendor agnostic solutions, which is key to its value proposition. In addition, the company’s technology alliance partner program, which is an ecosystem of technology partners who build certified integrations to its products, helps to expand its common use cases.
Infrastructure Technology
Distributed Architecture: Customers can deploy the company’s products across multiple distributed servers. Rather than monitoring all devices and platforms from a single server, remote collectors monitor local network devices (e.g., firewalls and routers), process the raw data and upload compressed data to a central server over a secure connection. Using a fully distributed architecture, the company’s products can easily scale to meet the demands of large organizations.
SaaS Architecture: SecureCloud, is offered as Software-as-a-Service, and is able to scale up and scale out to meet the demands of various customer deployment scenarios and architectures, with built in multi-tenancy and high availability.
Tufin Orchestration Suite Aurora: Aurora is the next generation of the Tufin Orchestration Suite, which runs in microservices on Kubernetes. This architecture will enable the company to offer SecureTrack, SecureChange, and SecureApp to its customers as a service in the future. Aurora allows for more agile research and development and gives the company the ability to scale out to the largest networks in the world, advancing its leadership in scalability. Also, Aurora provides a refresh and more modern user interface that customers will find easy and intuitive to use.
Services
Professional Services
The company’s professional services team helps customers with product deployment, integration, customization, optimization, operation and training. The company supports initial product setup, implementation and configuration, and help customers integrate its products with existing third-party applications and internally developed tools. The company’s professional services team also helps customers define their unified security policy, model their network topology, configure workflows, discover application connectivity and deliver customized reporting according to their requirements. In addition, the company provides technical training so that its customers can use its products with confidence. The company also enables its authorized service delivery partners to provide similar professional services.
Maintenance and Support
The company offers several levels of technical support for its products by providing customers with access to its user and partner portal, its knowledge center and its regional support centers. The company provides customers with software bug repairs, system enhancements and updates, as well as access to its technical support experts. The company’s support engineers liaise with its product experts to diagnose and solve its customers’ technical challenges. In addition to post-sales support activities, the company emphasizes service readiness by coordinating with its product management team to define prerequisite product and service quality levels prior to their release. Additionally, the company’s designated support engineers serve as ongoing, accessible customer resources.
Sales and Marketing
Sales
The company sells its products and services through its sales force, including its field sales team and its inside sales team, which works closely with its global network of over 150 active channel partners as of December 31, 2021.
The company’s highly trained sales force is responsible for overall market development. The company’s sales force consists of its field sales team, which accounts for most of its sales, and its inside sales team. The company’s field sales team targets large organizations, which it defines as those comprising the Global 2000, while its inside sales team targets mid-market companies that do not belong to the Global 2000. Within its field sales team, the company’s regional field sales representatives develop new business relationships with its key customers, and its channel account managers support and expand existing relationships with its channel partners. The company’s sales engineers provide technical expertise and support, and architect its solutions to address the business needs of its customers. The company’s sales cycle usually lasts several months from proof of concept to purchase order, and is often longer for larger transactions. As of December 31, 2021, the company had sales personnel in 19 countries.
The company’s channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain its products and services. In addition, on October 2, 2018, the company launched its Tufin as a Service program – a consumption-based, pay-per-use services model that enables Managed Security Service Providers, or MSSPs, to offer its security policy management solutions to their customers.
Marketing
The company markets its products and services as enterprise security policy management solutions for complex networks and cloud-based environments. The company executes its marketing strategy by leveraging a combination of internal marketing professionals, external marketing partners and a network of platform and technology partners. The company’s internal marketing enterprise is responsible for branding, digital content generation and targeted advertising through active digital channels. The company actively drives thought leadership by providing community education through its online technical webinars in multiple regions. The company hosts and sponsors demand-generation events, including its channel and technical partners’ events and or annual worldwide customer conferences, Tufinnovate, as well as local events for specific customers and prospect accounts in multiple regions. In 2021, the company hosted the Tufinnovate conferences virtually, and plans to do the same in 2022. The company’s conferences and events demonstrate its strong commitment to enabling its partners and customers to succeed, and provides an opportunity to create a pipeline for new sales to prospective customers and additional sales to existing customers.
Research and Development
For the year ended December 31, 2021, the company’s research and development expenses were $39.6 million.
Intellectual Property
As of December 31, 2021, the company had registered three trademarks in the United States, six trademarks in Israel and two trademarks in the European Union. As of December 31, 2021, the company had 14 issued patents in the United States and five issued patents in Israel.
Customers
The company’s solutions are purchased by over 2,000 customers in over 70 countries, including approximately 19% of the Global 2000. The company sells substantially all of its products and services through its global network of channel partners, including distributors and resellers, who then sell to end-user customers. For the year ended December 31, 2021, the company’s two largest channel partners accounted for 15% and 12% of its revenues. The company’s agreements with these channel partners provide that each partner agrees to sell and distribute its products within certain territories for one year. These agreements are nonexclusive and non-transferable, and automatically renew unless terminated by either party after providing prior written notice.
The company’s customers include leading enterprises across a broad range of geographies in a diverse set of industries, including financial services, telecommunications, automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government, retail and business services. The company’s diverse global footprint is evidenced by the fact that, for the year ended December 31, 2021, it generated 51.3%, 42.3% and 6.4% its revenues from customers in the Americas, EMEA and APAC, respectively.
Competition
The company’s direct competitors include vendors, such as AlgoSec, Inc.; FireMon, LLC; and Skybox Security LLC. The company also indirectly competes with large IT companies that offer a broad array of traditional security management solutions, such as Palo Alto Networks and Cisco Systems, Inc., for a share of enterprises’ IT security budgets.
History
Tufin Software Technologies Ltd. was founded in 2005. The company was incorporated under the laws of the state of Israel in 2005.
The Analyst Price Target shows the analysts’ low, high, and average target at a glance.
