What is our primary use case?
Primarily, it is being used as a type of security auditing control on our firewalls. We are in the middle of a new project acquiring dedicated new hardware while building out SecureTrack and SecureChange. After this initial project, and building out all that infrastructure is done, then there will be a project to kick off some of the automation and orchestration type stuff to try and improve some of those processes for the IT group.
The goal is to use it to revalidate, clean up, and optimize firewall policies, but we are not there yet.
The company has had the product in place for a while.
I am giving up the web proxy stuff, so I can become the SME on the Tufin.
How has it helped my organization?
The plan is to integrate it into things, like ServiceNow, then use the automation. That was one of the strengths in the decision to stay with Tufin and invest more resources into it.
My hope is to use this solution to automatically check if a change request will violate any security policy rules. It is not doing any of that right now.
Right now, our compliance mandates are all over the place, but previously, what they were doing is they were just taking screenshots of something, and I don't know how we passed our audits.
I was shocked and appalled that the current network team isn't even using it right now. In previous roles in previous companies, this product (or one of the competing products) was like the lifeblood of how we worked. It was like step two, after picking up a ticket. We went to use this tool to see where we needed to make changes. That they're not doing that explains why they're probably having to do rework 60 percent or higher limitation tickets, because they're missing devices or it is not being implemented properly.
What is most valuable?
In our current environment, the most valuable feature from Tufin is their Network Map because our network team can't give us a network map. Tufin has given me more than what the network team have ever given me, as far as documenting the network infrastructure. So, I'm thrilled.
The visibility is good.
What needs improvement?
The biggest area where I see a need for improvement is some of the documentation and training stuff. It does a really good job of hitting the big concepts, but it needs like another layer deeper of actually getting into some of the details of how to do some of the things. Conceptually, I understand how the product works, but now how do I start building stuff and integrating it into my environment.
Just being a bit more upfront and honest about issues, as far as like HA, distributed stuff, and the need for load balancers, if you want to do HA. Nobody ever likes talking about the fact that their solution really isn't truly HA, you got buy an F5 to sit in front of it if you want to do HA, or something like that. Everybody shies away from talking about that, but if you get that out upfront, then the engineers can be prepared for it, then they can try and figure it out and make it work. This is not unique to Tufin. Everybody is like, "Oh yeah, we do HA." Then, three months later, after you have bought some stuff, now you're just like, "Oh no, we got to have an F5 in front of this. That didn't even come up in our discussions. So, how do I get resources away for that? Because I don't have an F5 in this environment, and I need one."
I just found out some of the things that I need to use right now, like the reports from the report package are only available on 17-3 and above, and I need that as soon as possible. Hopefully, we will upgrade to 19-1 or 19-2 even before I go to bed tonight.
It is sort of an uphill battle right now to ensure that it has all the visibility that it needs, so we can be assured that it is doing what it will do.
For how long have I used the solution?
I've only been with the company about a year and a half now.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
How are customer service and technical support?
I have not used the technical support yet.
Which solution did I use previously and why did I switch?
I've used Tufin, Firemon, AlgoSec, and all the other solutions at other companies before, and seen what we've been able to do with them. So, when I came to this company, it was just like, "Okay what's our tool? Oh, it's Tufin. What do you mean nobody's using it?"
How was the initial setup?
The initial setup is not even complete yet. We bought some stuff, then had it shipped. There are some additional discussions which are going on next week after this, where there will be some design tweaks which will occur. At first, we were thinking of using VMs for the distributed stuff and collectors, but we can't get those level of resources from the server team. So, we will be better off just buying smaller hardware boxes and having them completely managed by us that way it will be easier. Also, we'll be able to complete it much faster in our environment.
What about the implementation team?
We are using a reseller, but I'm not exactly sure how that relationship even works right now. It is really early. Our stuff has been bought and shipped. We are still trying to complete internal documentation, so we can start doing stuff.
Which other solutions did I evaluate?
I wasn't part of the bake-off. I think the company went in the right direction, and I am glad that they didn't even look at FireMon.
While our UK side has Skybox, which I have never even seen, the orchestration piece was really the key to solidifying us on the Tufin solution.
I was talking to somebody earlier today who said that Skybox has a more powerful Network Map than what Tufin has, but I haven't even seen Skybox,
What other advice do I have?
If someone was looking for this type of solution, I would tell them, "Here are the top four solutions that I know of and the places that I worked on each of them. Here are the benefits, gossip, and downsides that I've seen for each one." Tufin has the best solution as far as it being self-contained, reliable, and integrating with the other things that you want it to integrate with. The customer service is also not arrogant like some of the other solutions.
We need to utilize it to its capacity and capabilities, and we're not doing that yet.
It will eventually reduce the time it takes to make changes. I don't know how much time it will save, since a lot of the manual processes are done by another team. I am still building my team underneath me.
The cloud stuff is great, but I am sort of scared to look at it because we still trying to work out our traditional stuff being compliant and under control, then doing what it's supposed to be doing. I can't even imagine what the developers are doing in the cloud stuff.
Which version of this solution are you currently using?