Tufin Review

Enables us to automatically check if a change request will violate any security policy rules but they should get rid of the REST APIs


What is our primary use case?

Our primary use case is for automation and orchestration.

How has it helped my organization?

We use Tufin to automatically check if a change request will violate any security policy rules. One of the things we want to do is to have a blacklist/whitelist policy. A blacklist of things that can never be allowed and a whitelist of things which are always allowed. I want this tool to block or report ports that should not be used, putting somebody in a change. In addition to that, I want it to be able to block people from mapping IP addresses in North Korea, Iran, or whatever is on the blacklist.

Our corporate policy mandates that we can only make changes to our firewalls daily. Once we get ServiceNow integrated with our whitelist policy, Tufin should be able to initiate the change and get us to reduce time.

It should help us meet our compliance mandates going forward. It is replacing AlgoSec.

What is most valuable?

The ease of use is the most valuable feature. 

The change workflow process is flexible and customizable. We have one guy who has never logged into Tufin ever in his life. He sits down and in 30 minutes had written an automation routine, then went back and changed it. He did that with no training. For me, that is a major benefit.

The two reasons that we wanted Tufin

  1. The single pane of glass, so our Tier 1 and Tier 2 could make changes.
  2. The network mapping which is something that we have never had before.

What needs improvement?

  • I would like to see them get rid of the REST APIs and use something more modern. 
  • I would also like to see them do more cloud integration within the Tufin Orchestration Suite, not within a SaaS solution. 
  • I would like them to move their community support off of Google and onto something more long-term.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

So far, stability has been good. 

What do I think about the scalability of the solution?

It has already pulled in all our Layer 3 switches and routers across the company.

I don't know if I can expand on the cloud yet.

How are customer service and technical support?

We bought premium support. I have heard from my team that they are great. 

If you previously used a different solution, which one did you use and why did you switch?

We switched from AlgoSec because they had horrible customer support, and difficult change management and processes. 

How was the initial setup?

The initial setup was very straightforward. It was done in five days, which is pretty cool.  

What about the implementation team?

We used Tufin for the deployment. We had a positive experience with them. 

Which other solutions did I evaluate?

We compared AlgoSec, Tufin, and Skybox side-by-side. Originally, the team chose Skybox. They threw in what a lot of other groups had wanted, like the network team, security team, and DevOps team. When I sat them down (because I voted Tufin), I asked them why and they gave me all of the explanations that were all somebody else's reasons, not ours. I told them that this tool is for us and we needed a true orchestration automation tool. Not one that supports everyone else's automation, and we need one for firewalls.

What other advice do I have?

I would rate it a seven out of ten. 

I would advise someone considering this type of solution to not listen to the sales teams among the competitors. They all throw each other under the bus and a lot of it is not true. Tufin's competitors will tell you how bad of a company that Tufin is and how you can't trust them, and how their stuff doesn't work. Then, Tufin doesn't say anything bad about their competitors. So, don't trust everything that you hear. 

Do your own research. Do a proof of concept. Get all of the vendors in. Give it a month to test drive. Set it up and let them prove it out. In the end, the correct tool, not the better salesman, will win.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Schedule Now

Sign up for a free demo

Add a Comment
Guest

Sign Up with Email