We performed a comparison between Cisco Defense Orchestrator and Tufin Orchestration Suite based on real PeerSpot user reviews.
Find out in this report how the two Firewall Security Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is that you can push one policy or one rule out to several devices at a time."
"We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too."
"The bulk changes feature is definitely the most valuable."
"The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy."
"The most valuable feature is the Intrusion prevention."
"I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA."
"If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing."
"The ability to see the uptimes on the different VPNs that we have configured for site-to-site."
"The reporting on offer is very good. Tufin makes nice reports."
"The clarity around the auditing provides the most value for us."
"The change workflow process is flexible and customizable... If we have a firewall completed and we want to redo it, if we need to re-engineer a particular firewall and open a different destination, we can do that by creating a break-fix... That is one of its useful tools."
"It provides a great visibility around the roots: Root implementing which can be done, roots that have changed, and what has been done. So, it's pretty useful when you have an audit going on."
"The automation piece is the most valuable feature: having SecureChange make the change on the firewalls, instead of my having to go manually make the changes on the vendor product."
"The visibility is very good. We have managers who are overseeing it, and they are approving things through it."
"It is very easy to use. We can get results back quickly."
"The automated reporting on a regular basis is helping us to be compliant with legal requirements."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
"There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"They can centralize all products and provide a correlation about an incident and the response. They can also provide an on-premises solution. Currently, Cisco Defense Orchestrator is just for cloud deployments, not for on-premises deployments. Customers have to manage it on the cloud. We are based in Vietnam, and most of the customers here prefer to have on-premises deployments. Customers, especially from banking and government sectors, do not prefer to do anything on the cloud. Some of the small enterprises use the cloud."
"The dashboard needs to be more customizable to provide better reporting for our network."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"Cisco Defense Orchestrator can improve by providing more support for third-party security components."
"When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."
"In the next release I would like to see better migration in the Cloud because that will allow more visibility in the network."
"The pricing should be reviewed, as it is a little too high."
"Our project is running on Riverbed for SDN. I don't know if Tufin can integrate with Riverbed. Other than that, I have no issues with this product."
"I would like to see the hardware specifications improved."
"We would like to see more in terms of integration with other application types within the context, such as next-generation firewalls or next-generation threat devices that are out there."
"They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs."
"I feel that the user interface is a bit dated."
"We were just talking to them about usage for the F5 platform. They will not be going after specific environments, but a more OpenAPI. They will have other companies write it, etc. It's a little different than I had expected."
Earn 20 points
Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while Tufin Orchestration Suite is ranked 2nd in Firewall Security Management with 180 reviews. Cisco Defense Orchestrator is rated 8.2, while Tufin Orchestration Suite is rated 8.0. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of Tufin Orchestration Suite writes "A flexible, very secure solution that works well in Layer 2 environments". Cisco Defense Orchestrator is most compared with AlgoSec, Palo Alto Networks Panorama and Azure Firewall Manager, whereas Tufin Orchestration Suite is most compared with AlgoSec, FireMon Security Manager, Skybox Security Suite, Palo Alto Networks Panorama and Opinnate. See our Cisco Defense Orchestrator vs. Tufin Orchestration Suite report.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.