The most valuable feature for us is SecureTrack. With it, we have rule documentation, change documentation, and the ability to create various reports. We can also enforce compliance with our security policy, as well as to define exceptions.
Another valuable feature is SecureChange, which enables us to have individual workflows. Individual workflows have to be followed step-by-step without skipping a step. That's the great thing that we can do with automation so that firewall administrators don't have to do so much manual, routine work.
Improvements to My Organization
There's an automatic compliance check. If you have an accessory test from A to B, the system will check the entire firewall infrastructure to see if it's possible immediately or not, and if it's not possible now, then the change will be started, and if it's a standard change, the standard change will be run more or less automatically, and it's not necessary to involve the technical team for a standard change.
Room for Improvement
The GUI is not really adaptable as you cannot configure it. The buttons are fixed and it's not really intuitive. It's good for selling training, but in daily work, it's not very easy for those who are new at it.
We've had no issues deploying it.
I think the stability is very good. We've had no issues with instability.
It scales from small network segments up to very, very big companies with thousands of firewalls.
Customer Service and Technical Support
Once I heard from a German Tufin guy something about enthusiastic support, and I thought he was crazy. But now, I think it's true. Even when there's standard support, I become nervous when I don't get feedback within one or two hours, even if the SLA says twenty-four hours. They're very responsive, and also very technical. Technically, they're quite good.
It depends, but mostly the initial setup is straightforward. Just install the operating system, take the appliance, install the software, and then connect all the devices you want to monitor, then you have the basis. Maybe it takes some effort to implement or to import unsupported devices, or defining generic devices and so on. But the standard installation is very straightforward and easy.
Other Solutions Considered
I don't evaluate other vendors every two weeks, but I've evaluated them before, and I think Tufin is quite a technically-leading solution. It's very robust and Tufin has focused on stability and topology. Correct topology is the main factor for authorization speed, and Tufin is the best.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
May 25 2016