Tufin, a leader in network security policy management, has announced the general availability of Tufin Orchestration Suite (TOS) R25-2. This release is designed to provide expanded visibility, deeper automation, and stronger security controls, enabling organizations to enhance their security posture and streamline operations across complex hybrid environments.

Enterprise security and network teams frequently manage multiple vendors from disparate consoles, leading to inefficiencies and challenges. This complexity often results in siloed visibility, the need to support separate tools and security policies, and unintended security policy drift. Such issues can slow application rollouts, create security gaps, and increase compliance risks. Tufin addresses these by offering a unified control plane that centralizes visibility, automates policy orchestration, and ensures continuous compliance across hybrid networks.

With the R25-2 release, Tufin enhances its unified control plane through four key advancements: improved topology accuracy, stronger cloud compliance and automation, streamlined SASE policy control, and refined AI-driven insights with TufinAI.

Improved topology accuracy in R25-2 expands multi-vendor visibility and troubleshooting with enhanced support for Palo Alto Networks and Cisco rule sets and traffic paths. New features include visibility into Palo Alto EDLs, Cisco FMC AppID and URL categories, and Cisco ACI Endpoint Security Groups (ESGs) and Policy-Based Routing (PBR). These improvements help organizations resolve connectivity issues and misconfigurations, providing security and network teams with a clearer understanding of policy application across diverse environments, thereby reducing blind spots and accelerating troubleshooting.

For cloud environments, R25-2 introduces significant enhancements to cloud automation and risk detection to simplify operations and bolster Zero Trust initiatives across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Key updates include end-to-end automation for Microsoft Azure Network Security Groups (NSGs) and any Open Policy Model (OPM) devices, proactive violation detection for AWS and GCP environments for continuous compliance, and organization-level cloud management with automatic onboarding of AWS and Microsoft Azure accounts. Additionally, the release optimizes overly permissive rules at scale for AWS Security Groups and Microsoft Azure NSGs to reduce attack surfaces and improve compliance.

As SASE architectures become more prevalent, R25-2 introduces automated change design and proactive risk analysis for Zscaler Internet Access (ZIA) environments, providing consistent workflows for SASE policy management. The Tufin Rule Optimizer now extends to Zscaler ZIA, allowing for the automatic identification and remediation of overly permissive rules, which helps tighten access control while maintaining application continuity. These enhancements consolidate security policy management across traditional firewalls, cloud infrastructure, and SASE deployments.

Jeffrey Spear, Tufin CISO, stated, “It’s no secret that enterprise networks are more fragmented than ever before. Organizations need a modern security platform that is engineered to handle this reality. With these updates to our unified control plane, Tufin does just that; helping teams to see more, automate more, and reduce more risk across their entire environment, no matter what that comprises.”

Finally, R25-2 includes additional enhancements to TufinAI Assistant, Tufin’s AI-powered natural language search. This feature simplifies searches, enabling users to instantly find rules based on specific criteria with high-quality, relevant results. TufinAI aims to remove technical barriers and accelerate access to policy insights, promoting collaboration and informed decision-making across security and network operations teams.