We performed a comparison between Cisco Defense Orchestrator and Tufin Orchestration Suite based on real PeerSpot user reviews.
Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management."If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time."
"I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA."
"With Cisco Defense Orchestrator, we can manage the complete Cisco Security solution. It provides a simple and centralized way to manage all products."
"The most valuable feature is the Intrusion prevention."
"There are a lot of templates that are already built-in. They give you quick-to-create and quick-to-apply policies that are typically a little more complicated for people."
"The bulk changes feature is definitely the most valuable."
"If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing."
"When we're looking to the policies, it identifies the shadow rules. It notifies us about anything that will supersede other rules."
"It provides a great visibility around the roots: Root implementing which can be done, roots that have changed, and what has been done. So, it's pretty useful when you have an audit going on."
"You can easily scale the solution if you need to."
"We use Tufin to clean up our firewall policies. It benefits us, because you can run a query for whatever your cleanup criteria is, e.g., "Has it been hit in 90 days?" It displays the list, then you can see the rules right there. If you want to get rid of it (or highlight it), then it creates a ticket that goes ahead and flags them all as disabled. While you can delete them, we always disable first. Then, we have a strip that comes back, and if it's been disabled for 90 days, then the system will remove them."
"The most valuable feature of this solution is that it reduces both the time required and the number of errors when making changes."
"We are able to discover firewall rules that are too broad and widen the security footprint."
"The most valuable feature is the compliance check and the recommendations that it makes."
"The most valuable function is the SecureChange where it is able to automate everything from the validation of the rules to the pushing of the rules."
"The visibility is huge. In order to figure out what was going on previously, we would have to pull stuff out of firewalls and put them in spreadsheets, then do sorts. Now, it's all right there in Tufin. We can write reports to look for what we need, ad hoc searches to find object groups, and know which firewalls are on. This was almost impossible to do previously."
"There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"They can centralize all products and provide a correlation about an incident and the response. They can also provide an on-premises solution. Currently, Cisco Defense Orchestrator is just for cloud deployments, not for on-premises deployments. Customers have to manage it on the cloud. We are based in Vietnam, and most of the customers here prefer to have on-premises deployments. Customers, especially from banking and government sectors, do not prefer to do anything on the cloud. Some of the small enterprises use the cloud."
"It would be a better product if it incorporated device control for third-party products easily."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring."
"If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO."
"I would like to see the hardware specifications improved."
"I think that the interface could be cleaner, and easier to use."
"I would like to see them get rid of the REST APIs and use something more modern."
"We use a lot of inline rules, and it would be beneficial to see those from within Tufin."
"A big improvement would be on the USP policy. If we could use Palo Alto to take those zone names and auto import them into the policy, then just do the policy based on the zone names instead of having to put in every single subnet."
"They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs."
"Our project is running on Riverbed for SDN. I don't know if Tufin can integrate with Riverbed. Other than that, I have no issues with this product."
"The policy browser has had trouble working. We have experienced bugs."
Earn 20 points
Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while Tufin Orchestration Suite is ranked 2nd in Firewall Security Management with 180 reviews. Cisco Defense Orchestrator is rated 8.2, while Tufin Orchestration Suite is rated 8.0. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of Tufin Orchestration Suite writes "A flexible, very secure solution that works well in Layer 2 environments". Cisco Defense Orchestrator is most compared with AlgoSec, Palo Alto Networks Panorama, Azure Firewall Manager and Cisco Secure Firewall Management Center, whereas Tufin Orchestration Suite is most compared with AlgoSec, FireMon Security Manager, Skybox Security Suite, Palo Alto Networks Panorama and Illumio.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.