Tufin Review

Helps with compliance and drastically cuts down on the time it takes us to make changes

What is our primary use case?

We use this solution for firewall rule management.

How has it helped my organization?

Using this solution has drastically cut down on our implementation time. A customer is able to submit a request for access and Tufin will automatically analyze the system to find out where the rule needs to go, and then design the rule for you. It was a very, very cumbersome process that has been cut from months to days. Some access requests used to take two months to get through the system, whereas now the average is eight days or less, and we even have a same-day turnaround in some cases.

Our engineers spend less time on manual processes. The improvement is drastic, from months to days.

Every single request that comes through, Tufin checks and does a risk assessment against our USP, the Unified Security Policy.

This solution has helped us from a compliance standpoint. During an audit, we were able to pull up the policy browser within the system and show the auditors where the rules actually live, and then show them in the firewall as well. Moreover, we could then show them the ticket and the request, along with the business justification and the entire history behind each individual rule that's in the firewall.

Tufin helps us ensure that the security policy is followed across our entire hybrid network. We have Palo Alto firewalls, Cisco firewalls, and VMware NSX firewalls as well. Tuffin sees all three of those. Every access request that comes through is checked against the USP to make sure that we're not violating any policies, and we're in compliance.

What is most valuable?

The most valuable feature is the ability to quickly identify where a rule needs to be put in place because right now we manage almost five hundred firewalls.

The visibility that this solution provides is great.

The workflow process is very customizable. I've played with it quite a bit in order to tailor it to our needs.

What needs improvement?

One of the big things that I want to see, based on feedback that I have received, is to give somebody read access to your ticket. In our previous, in-house system, this was called a "reader". Right now, Tufin's SecureChange ticketing system only allows you to see your tickets, and nobody else's unless you're a firewall administrator. That is by design. However, at our company, many people come and go and there are many large projects. We need multiple people to be able to see multiple tickets. The problem is that we can't open up the entire system to everybody because of compliance reasons. We want to have the ability for a ticket requester to add somebody, or to give somebody view rights to their ticket. A simple drop-down that would allow you to select the name would be sufficient.

What do I think about the stability of the solution?

This solution is very stable. Once we got to a certain release, somewhere in version R18, it was stable. Before that, it would slow down after about a week or two of running and would cause us to have to restart the system.

What do I think about the scalability of the solution?

We've added more servers to process the load, and it's definitely helped speed up the system.

At this time, we manage almost five hundred firewalls.

How are customer service and technical support?

Technical support for this solution has been helpful. We also have a Tufin RE (Resident Engineer) on staff, three days a week, so that helps too.

If you previously used a different solution, which one did you use and why did you switch?

The previous system that we used was something that was homegrown, just built in-house. It was only a ticketing system. Everything else was done manually. My employees would spend days just trying to figure out where the rules needed to be applied, and how the rules needed to be designed. It was a very long, manual process.

What about the implementation team?

We used a consultant from Tufin, itself, for our deployment.

What was our ROI?

Our ROI is realized through time savings, whether it's in the deployment or redeployment of something, or any other task that requires the creation of a firewall rule. The request would be made months in advance because they knew it would take months to get it place. Nowadays, sometimes they'll find out last minute they need some rules. They'll submit the ticket, contact us, and ask for a rush order on it. If we've got somebody available, which right now we can do because we're able to turn things around faster, we can do a last-minute large request and push it through within a day or two. The savings in time is something that I don't even know if I can calculate properly.

Which other solutions did I evaluate?

I believe that FireMon was considered before we chose this solution.

What other advice do I have?

This solution works very well and it does the job. The product is pretty solid. At the same time, some of the small customizations would be very useful. It just needs little minor tweaks to really take it to the next step.

My advice to anybody who is researching this or a similar solution is to give it a look. Don't overlook this solution because you haven't heard of Tufin, because it's actually a really decent product. 

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See how Tufin can simplify your network security management

Find out how automation and orchestration of security policy management can help you increase agility and efficiency, while reducing risks and ensuring compliance and audit readiness. Request a Tufin demo today.

Add a Comment
Sign Up with Email