Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Tufin Field CTO Talks Zero Trust Implementation, Network Security Automation, and AI Strategy for RSA 2025

vmblog-qa-rsac-2025

The RSA Conference (RSAC), the premier cybersecurity industry event, returns to San Francisco's Moscone Center April 28-May 1, 2025, bringing together thousands of security professionals, vendors, and thought leaders from across the globe. This annual gathering serves as the definitive forum for the latest cybersecurity innovations, trends, and best practices, featuring hundreds of educational sessions, keynotes from industry luminaries, and an expansive expo floor showcasing cutting-edge security solutions. For organizations navigating today's complex threat landscape, RSAC provides unparalleled networking opportunities, hands-on training, and essential insights to help bolster defense strategies against evolving cyber threats.

In this exclusive interview, Erez Tadmor, Field CTO of Tufin, discusses how organizations can manage security policies across today's complex hybrid infrastructures ahead of RSA Conference 2025. Tadmor shares insights on implementing Zero Trust architecture effectively, leveraging AI beyond the hype, and addressing the challenges of multi-cloud environments. As Tufin celebrates its 20th anniversary, Tadmor explains how the company's network security policy management solutions help security teams gain visibility, automate compliance, and reduce threat exposure.

Attendees can connect with Tufin at booth #6553 and attend Tadmor's presentation on "Enterprise Security Evolution: Zero Trust Strategies to Manage Complexity" on Tuesday, April 29th at 10:40 am PDT in the Moscone South Briefing Center.

VMblog:  Give VMblog readers a quick overview of your company and its core mission in the cybersecurity space.

Erez Tadmor:  Tufin provides a single platform for network security teams to simplify the management of security policies across today's complex, multi-vendor and hybrid infrastructure. We help some of the largest companies in the world gain the end-to-end visibility and automation tools they need to swiftly manage hybrid network access, enable security optimization, reduce threat exposure and enable application deployment, ensuring continuous compliance and audit readiness.

Tufin is the only financially strong and growing company in the network security space - and we are committed to innovation and customer success. That's what has made us the industry leader in network security policy management. Thousands of customers rely on Tufin every day to keep their network and cloud environments secure, efficient, and compliant.

VMblog:  Where can attendees find you at RSA 2025? What's your booth number, and what kind of experience can visitors expect when they stop by?

Tadmor:  We'll be at booth number 6553 in the Moscone North Expo. At the booth we'll have a team of experts ready to answer questions about network security policy management, and be showcasing demos of the latest version of the Tufin Orchestration Suite, R25-1, which was released a couple of weeks ago.

VMblog:  What is your message to RSA attendees coming out to the show this year?

Tadmor:  RSA is one of the busiest shows there is. There's a lot to see, and a lot of connections to be made. The good news is that everyone who attends is very engaged and there for the same reasons you are - to understand the biggest security problems that organizations are facing, learn about the latest innovations and solutions, and to make connections with partners, vendors and customers that can help their organization when they return back home. But that said, it's also easy to get overwhelmed or lost at RSA. My advice would be to make a plan - define your goals first and make a plan to accomplish them. Determine who you want to meet, what you want to see, and schedule your meetings beforehand - but leave yourself a little open time to explore. Then you'll feel like you truly got the most out of your time at the show.

VMblog:  What were your key learnings from 2024's security landscape, and how have those insights shaped your solutions for 2025?

Tadmor:  This year, we've already seen organizations adapting to shifting demands in digital transformation, cloud strategies, and cybersecurity. As they look to streamline operations while still bolstering security, a few key trends have emerged: the simplification of network infrastructure, the growing role of AI in cybersecurity, and a resurgence in private cloud solutions within multi-cloud strategies. There's also been a good amount of solution consolidation thus far - companies are really looking for a better way to manage their current environment instead of adding new tools.

Each of these highlights the fact that to be successful in 2025, security organizations will need to maintain a critical focus on enterprise-wide efficiency, scalability, and targeted innovation (that can drive actual ROI). Tufin has long prided itself on developing solutions that enable customers to streamline their processes, improve their knowledge, and then use that improved visibility and efficiency to be more effective across their security initiatives. This year just brings a tighter focus on the need for security innovations and investments to tie to actual ROI.

VMblog:  With AI being a major focus in cybersecurity, how is your company leveraging or addressing AI both as an opportunity and a potential threat vector?

Tadmor:  Last year, AI promised to revolutionize security - and it was hyped for its potential in threat detection, automated response, and risk management. Enterprises poured resources into AI projects, only to find that initial results often fell short of the high expectations set by vendors and industry visionaries. The staggering costs of experimentation, combined with a sobering realization that genuine ROI was elusive, led many to question the sustainability of their investments. As the year wore on, a pivot began: the industry's enthusiasm shifted from 'AI for everything' to a more calculated approach, focusing on real outcomes, data accuracy, and fostering new talent capable of bringing these lofty goals to ground. 

This year, we've already seen AI in security shift from hype-fueled experimentation to grounded, results-driven implementation. The initial frenzy around 'AI for everything' is cooling as companies sharpen their focus on projects that deliver clear returns and lasting impact.

Security teams are starting to rely on AI-driven solutions that bring proactive, adaptive defenses, allowing them to tackle threats swiftly and precisely - especially in complex multi-cloud environments where attack surfaces constantly shift.

As AI investments continue to turn toward the pragmatic, companies will emphasize strategic planning and stronger alignment between IT and business, ensuring AI truly serves as a force for resilience and protection.

VMblog:  What role does zero trust play in your security strategy and solutions? How are you helping organizations implement zero trust effectively?

Tadmor:  Zero Trust architecture is rapidly becoming the de facto security framework for global enterprises. That said, implementing Zero Trust in large and complex organizations is challenging. Integrating this framework with existing, often legacy technologies - like data centers and traditional firewalls - can be particularly challenging.

This is where Tufin can really help. Tufin's automation solutions provide an efficient pathway to manage networks under Zero Trust principles. We help organizations to simplify the implementation of network policy changes with pre-built templates, cutting down SLAs and improving audit accuracy, while maintaining up-to-date security policies and postures automatically and verifiably. Tufin can help organizations manage network and micro segmentation effectively, reducing the attack surface and remaining audit-ready across the entire network.

With Tufin you can also easily enforce least-privilege access to ensure only verified and authorized access to your critical resources, data center, and hybrid-cloud networks. Tufin can empower Zero Trust initiatives by minimizing organizational risk, ensuring continuous compliance, and streamlining security operations across on-premise and cloud environments.

VMblog:  Are you participating in any speaking sessions or panel discussions at RSA 2025? Can you tell us more about these presentations?

Tadmor:  Actually, I'll be giving a presentation at RSA this year entitled ‘Enterprise Security Evolution: Zero Trust Strategies to Manage Complexity.' I'm giving it on Tuesday, April 29th at 10:40 am PDT in the Moscone South Briefing Center. I invite everyone trying to manage today's complex enterprise networks to stop by. Come and say hi to me afterwards!

VMblog:  How is your company addressing the challenges of securing hybrid and multi-cloud environments?

Tadmor:  Tufin's goal is to help organizations simplify - and unify - their security operations. We do this by facilitating collaboration between network and cloud security teams, empowering them to implement an enterprise-wide Zero Trust architecture across hybrid and multi-cloud environments.

We've been around for 20 years - this year's our 20th anniversary - and as such, we've witnessed this transformation happen in real time across our customer base. Organizations have moved from a perimeter-driven "castle and moat" security approach through the cloud transformation to edge-based networks. As these changes have happened, we've evolved alongside our customers, helping them manage the growing complexity along the way.

Tufin empowers teams to centralize and automate the design and deployment of security policy, protecting both cloud-native services and on-premises devices and data. We automate risk analysis, network security alerting, and policy enforcement - thereby increasing operational agility and reducing human error.

Manual security audit tasks are streamlined across on-prem and cloud platforms with automation, and compliance across legacy firewalls, next-gen firewalls, SDN, SASE, and edge devices is consolidated using a central console for continuous regulatory adherence - and internal policy enforcement.

This all helps teams gain real-time visibility into non-compliance with security policies, and then to rapidly troubleshoot issues and misconfigurations, solving problems faster than ever before.

VMblog:  What's your perspective on the most critical cybersecurity trends that will shape the industry in 2025-2026?

Tadmor:  Heading into 2025-2026, the cybersecurity landscape will be shaped by the intersection of AI-driven automation, the standardization of tools across hybrid infrastructure, and the growing importance of securing edge environments like IoT and OT.

AI is evolving from a detection aid to a strategic orchestrator, enabling consistent policy enforcement across fragmented infrastructures. While often labeled 'consolidation,' what's really happening is a push for standardized control and visibility across environments that are fundamentally different; cloud, on-prem, and edge each have unique risks and requirements. Organizations that succeed will adopt platforms that unify policy and automation across this diverse landscape, making complexity manageable without compromising security.

VMblog:  How does your solution help organizations address regulatory compliance and emerging privacy requirements?

Tadmor:  Tufin enables teams to automatically generate security attestations that document regulatory and internal control compliance. This reduces third-party audit costs while improving audit preparation and reporting efficiencies by 95%.

We also make continuous compliance possible for our clients, ensuring organizations remain compliant with industry regulations and best practices across the entire network. Tufin lets organizations centrally define policies to govern resources and traffic, unifying network security policy management, risk mitigation, and compliance monitoring across firewalls, next-generation firewalls, routers, switches, SASE, SDN, and multi-cloud instances.

Non-compliance alerts, remediation efforts, and change processes are automated, ensuring policies remain enforced - even across today's evolving, complex multi-vendor hybrid networks.

VMblog:  How can security leaders better prepare their organizations for the evolving threat landscape in 2025 and beyond?

Tadmor:  To navigate the 2025 threat landscape, security leaders must prioritize strategic standardization, intelligent automation, and cross-environmental visibility. The days of siloed security are over; today's attackers don't respect infrastructure boundaries, and neither can our defenses.

Leaders need to adopt platforms that can enforce consistent policy across cloud, on-prem, and edge (IoT/OT) environments while leveraging AI to automate routine tasks, accelerate response times, and reduce human error.

Just as importantly, they must shift from reactive risk management to proactive posture control, ensuring security is embedded into every change and deployment. The future demands agility, but also demands guardrails, which comes from aligning people, processes, and technologies around a unified, scalable security strategy.

##

Published Monday, April 14, 2025 7:36 AM by David Marshall
Get This Featured White Paper: See It, Fix It, Manage It: Ensuring Hybrid and Multi-cloud Applications Are Reliable and Secure
You may also be interested in this white paper: The Guide to Choosing Backup Storage
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<April 2025>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910