Tufin Review

Helps us with our approval process, but their technical support could be improved

What is our primary use case?

We make use of the SecureChange and SecureTrack modules. In SecureChange, we use the Workflow, and we use the USP to see if there are any rule violations.

How has it helped my organization?

Using the workflow has made it easier to get approval from the manager or the CISO. Whereas earlier we used to send an email, it is now a very easy process to get approval.

I have not used the Tufin workflow to clean the firewall rules, but I have used the reports to assist me. I have built reports based on six months worth of data, then selected the rules that were not needed and performed the firewall cleanup accordingly. Now that we have SecureChange and the workflow, I think that I should use the workflow to clean the firewall rules. However, to this point, I have been using the Tufin report.

The rule cleanup and checking for rule violations are not any easier for a technical person, as they are firewall operators. At the same time, it is very much easier for the management team, such as the CISO or company managers, to perform these tasks.

With respect to visibility, many vendors claim that they are number one on the market. What I can say is that Tufin works with the Check Point firewall and the Fortinet firewalls, and this is helping us.

This solution has helped us with meeting our compliance mandates. Based on the company standards and guidelines, we configure the USP. When somethings violates it, we can make a decision whether to approve it or not, based on whether it is complying with company policies.

What is most valuable?

The most valuable feature is the workflow.

Using this solution makes it easier to manage the firewall policy.

The reports that this solution provides are very useful. The report includes information about duplicate objects, duplicate services, shadowed firewall rules, and the firewall rules that have not been needed for a specified number of days or months. It sets my Check Point database.

What needs improvement?

My team does not have a good relationship with Tufin because the provisioning team, and even our Tufin account manager, are not friendly or helpful to us. The product, itself, is fine.

I would like to see Tufin as a standalone product that does not strictly manage other firewalls, such as Check Point, but works independently. Ideally, it should not have to rely on other products.

This solution increases the time it takes to make changes. It is easy to manage the firewall policy with the Check Point management server, so the time spent with Tufin is extra.

The fact that all of the firewall policies are pushed to the CMA is a major drawback of the schedule window.

What do I think about the stability of the solution?

Tufin is very stable, and I would say that there are no major outages. Sometimes the connection between Tufin and the management servers gets broken, and I don't know the reason, but apart from that, it is very stable.

What do I think about the scalability of the solution?

We can add as many firewalls as we need to, as long as we purchase the licenses, so it has good scalability.

How are customer service and technical support?

Technical support for this solution is the worst. I would give it a zero ranking. Compared to Check Point and Fortinet, Tufin technical support is the worst.

Even the provision service team does not like to respond to email, which is poor service.

If you previously used a different solution, which one did you use and why did you switch?

Prior to this solution, we used email to request approval, and it is now handled by the Tufin workflow.

How was the initial setup?

The initial setup of this solution was straightforward.

What's my experience with pricing, setup cost, and licensing?

Our licensing fees are more than $100,000 USD per year.

Which other solutions did I evaluate?

We did not evaluate other products before choosing this solution.

What other advice do I have?

I do find that the change workflow process is flexible and customizable, but not fully. I would say that it is seventy percent customizable, as there are pros and cons in the workflow. You cannot fully customize the workflow by yourself. There are certain limitations in the workflow, such as the inability to create a Firewall object or an IP object. You can only create or modify the Firewall object group. The other problem is the schedule window, as it pushes all of the firewalls on the CMA.

For us, this solution is a supplement. Tufin is partners with Check Point and Fortinet firewalls, but I can manage firewalls without using it. At the same time, while it is not mandatory, it is helping us.

For anybody who is considering this solution, I would say that Tufin helps you to get approval and it will help you to push your firewall policies. In the long run, when you have to manage hundreds of firewalls, it is a good thing to have.

I would rate this solution a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See how Tufin can simplify your network security management

Find out how automation and orchestration of security policy management can help you increase agility and efficiency, while reducing risks and ensuring compliance and audit readiness. Request a Tufin demo today.

Add a Comment
Sign Up with Email