Tufin Review

Gives us real-time firewall policy management


What is our primary use case?

Our primary use case was firewall policy management. We did a PoC with Tufin.

How has it helped my organization?

There was no issue with slowness, especially when it came to pulling the data in real-time.

Tufin was able to automatically check if a change request would violate any security policy rules. During our PoC I tested it by trying to do unauthorized changes and Tufin met our requirements.

We are looking to become ISO 27001 certified for information security management. We need a solution like this for the audit side. They need to be able to check our firewall policies.

What is most valuable?

The goal was policy management and Tufin's policy management features met our requirements. It allowed us to crosscheck policies.

I like the fact that Tufin was able to integrate with our firewalls, which include Palo Alto and FortiGate.

What needs improvement?

I work on the network and security sides. The network visibility side needs improvement. I need to be able to see what the configuration changes are inside. On the firewall side, there are no visibility issues.

Also, I'm not sure if it integrates with Riverbed.

What do I think about the stability of the solution?

So far we have had no issues. We're running it on a VM and there are no issues with the VM.

What do I think about the scalability of the solution?

We had no issues with scalability.

We are a big company and our network is complex. We have a lot of servers and we have about 700-plus branches connecting to HQ. HQ is our main site to go with the ISP. But we only implemented Tufin at our HQ and two of our main branches.

There were only four users on my team.

How are customer service and technical support?

I did not engage with Tufin's technical support. We used a third-party.

How was the initial setup?

The setup was not too complex but not completely straightforward. It was so-so, at least for our environment.

We had an issue with how to push the policy changes. It took about a week, during which our engineer conferred with Tufin. Tufin had to do some fine-tuning.

In terms of an implementation strategy, at that time we were only doing a PoC to see the policy management functionality. Tufin can also integrate networking and security to show an overall network mapping, from site to site. We have a lot of branches. And we are now moving to SD-WAN, to see the mapping. We need to see if Tufin can integrate with that.

What was our ROI?

On the technical side, the Tufin solution was very helpful for my team. It would save my team time. Using Tufin they could check all the firewall policies in one console, for both Palo Alto and FortiGate, at the same time.

What's my experience with pricing, setup cost, and licensing?

There is no issue with the pricing because we used a VM. That kept the cost low, as compared to an appliance. The licensing cost quote met our budget.

Which other solutions did I evaluate?

We have done other PoCs with AlgoSec and FireMon. But as we compared Tufin with them I preferred Tufin rather than AlgoSec. They were basically the same, but then Tufin came out with a lot of changes in their recent update. Also, Tufin is real-time while AlgoSec is near-real-time, for policy management.

What other advice do I have?

In terms of advice, it depends on what a user's needs are. For us, we only considered Tufin for the security and the network parts, especially the network mapping. I need to see the hop-by-hop, from this site to that site, how many hops for a transfer packet. 

Tufin is good for beginners. Tufin filters based on rules, even if a beginner doesn't know what to do, how to configure the firewall. Tufin can then monitor based on those rules.

It's a good value for what it does. We had no issues with this product. It was good for us. We could deploy it in our environment without any issue.

I rate it at eight out of ten because we are still evaluating Tufin. Our project is running on Riverbed for SDN. I don't know if Tufin can integrate with Riverbed. Other than that, I have no issues with this product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See how Tufin can simplify your network security management

Find out how automation and orchestration of security policy management can help you increase agility and efficiency, while reducing risks and ensuring compliance and audit readiness. Request a Tufin demo today.

Add a Comment
Guest
Sign Up with Email