Tufin Review

They give us one vendor for both TOS operating system and TSS application. I'd like to add third party RPMs to expand system functionality that's retained across updates.


What is most valuable?

Functioning monitors (not just marketing hype) for most types of firewalls and firewall managers, overall stability, scalability (could be better, but the still best on the market), and the ease of performing OS and software updates.

How has it helped my organization?

Having one vendor for both TOS operating system and TSS application makes it much easier to form relationships with Tufin sales, engineering and support, and improves product maintenance.

What needs improvement?

They should include a way for customers to add third party RPMs to expand system functionality that's retained across updates. A single central (master) database does not scale well past 1000 firewalls.

Also, it needs to expose a remote collector for central message (queues) metrics, monitor Java, Tomcat, web and database performance, to provide better intra-application data monitoring and alerting capabilities.

For how long have I used the solution?

I've used it for seven years.

What was my experience with deployment of the solution?

TufinOS 2.10 has been the easiest OS release to install to date. I haven't had the system running TSS R15-3 long enough yet to know if REST API improvements are usable.

What do I think about the stability of the solution?

None, so far with TufinOS 2.10 or SecureTrack R15-3. Postgres database (v9.0) should probably be updated to a newer version for improved performance and stability enhancements.

What do I think about the scalability of the solution?

The SecureTrack R15-3 central-database shows significant performance strain, handling policy revisions, and rule/object usage updates from our 1600+ base of firewall devices. However, it continues to function, albeit slowly, day-in and day-out.

How are customer service and technical support?

Customer Service:

USA support M-F has been very good, and with pre-arrangement, weekend assistance is also available. Over the years, US Tufin support has had to escalate distributed application (remote-center db) performance problems to their Israeli R&D and developer teams for remediation. When this happens, mean time to repair can be measured in weeks instead of hours.

Technical Support:

Very good, technical expertise from the US support staff, and exceptional technical expertise from the Israeli R&D people.

Which solution did I use previously and why did I switch?

I have looked at other vendors, but we have been a Tufin customer since 2008, and have benefit from the maturity of their TOS and TSS products.

How was the initial setup?

Upgrading from TOS 1.x to 2.x is a bit painful; the process requires wiping the system clean and reinstalling OS and applications, and then recovering data from a backup. But overall, the appliance approach that Tufin has taken greatly simplifies upgrades and patching.

What about the implementation team?

Since 2008, we have purchased products through a Value Added Reseller. Our VAR intercedes for us on annual maintenance (support and update) calculations, and helps with unexpected contractual problems.

What was our ROI?

We have not calculated ROI, because we are always changing how we use the TSS application to obtain security information.

What's my experience with pricing, setup cost, and licensing?

We have not performed a cost analysis on other similar products, but I'm confident that Tufin does and remains cost comparable.

Which other solutions did I evaluate?

In 2008-9, the choices were thin (Tufin, FireMon or AlgoSec); of those only Tufin offered the promise of an appliance based system that would scale large enough to warehouse data for reports and analysis from many hundreds of firewalls installed across the US.

What other advice do I have?

Tufin is still growing and adding new features to its TSS applications suite. I don't believe your company would make the wrong choice if the products meet your company's requirements. Their latest product offerings of TOS run on virtual machines, and their near-future promise of a distributed central database (scalability improvements) should not be overlooked.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Tufin reviews from users
...who work at a Financial Services Firm
...who compared it with AlgoSec
Add a Comment
Guest