The most valuable features for us are object looking, rule documentation, and reports. We use it for cyber security as well, so risk features and violations features are huge.
Even just looking up rules before we can make changes is a lifesaver. Previously, we'd have to go to the CMS of whatever firewalls we had. So instead of having to do that, now we can go to one location and search the rules that way.
Another major thing is the topology feature for the network part. Also, the SecureChange and automation means that the checkpoints can be done automatically, and they do the provisioning throughout the process. Looking up rules and understanding how they affect your environment.
It's also quite easy to use - there's nothing hidden, it's all laid out and that is much appreciated.
Improvements to My Organization
From a security standpoint, we have it in place where it will notify us if an engineer inadvertently violates a high-risk rule, and it even does this if they pre-stage a rule, so before they push it we can find out.
From an auditing standpoint, because we get audited three or four times a year, our auditors have access to see exactly what's happening in each firewall, and we've had fewer issues with auditing because of it.
For us, in man hours, it saves about 70 hours a week on checking rules and implementing the changes.
Room for Improvement
For implementing the rules of SecureChange, and trying to implement it with all of the software we have on our side, change management, and workflow management, we need better integration with our existing tools that will make these changes a lot faster. We have so many things on our side that we need to integrate. We now have HP Switches, so we'd like to have those covered as well in order to monitor them.
Use of Solution
We've used it for three years.
We had one bug - a year or so ago - and Tufin had an update that addressed the issue. The long implementation time was on our side. No other problems.
Customer Service and Technical Support
Both customer service and technical support have improved during the three years we've used it. They're really quick to get back to us for both customer and technical support. They get on calls with us, WebEx, anything. Technical Support
We were going through a major OS upgrade. We ran into some problems on our end with four appliances. It was a weekend and we opened a case on-line. We were able to get together with someone in 30 minutes, share the screen, and they walked us through implementing a fix within an hour or less.
Even though we have a remote collector, a distributed collector, and a central server, it was pretty straightforward.
We did it internally ourselves, but with some input on architecture from Tufin's professional services.
Pricing, Setup Cost and Licensing
As far as licensing goes, the good thing is that the licensing for the firewalls is great. The licensing changes for the routers has improved because we no longer have to pay for topology monitoring.
Other Solutions Considered
We also looked at AlgoSec and FireMon. Algosec was good, but Tufin had the edge in the automation process and the reporting was even better. So it was basically between AlgoSec and Tufin.