Tufin Review

Handling firewall rule request tickets are more centralized and easier to manage, but its cloud-native security features are lacking in support

What is our primary use case?

The primary use case is tickets.

How has it helped my organization?

Tufin has made handling firewall rule request tickets more centralized and easier to manage.

We have previously use Tufin to clean up our firewall policies, but we are not doing that currently.

What is most valuable?

The workloads are the most valuable feature right now, as it stands.

We find that the change workflow process is flexible and customizable. We change our workflow several times a year.

What needs improvement?

The visibility is good for the most part, but there are limitations to it. E.g., there is a lack of certain routing/networking protocols across all the vendors that they support.

The solution is not sophisticated enough for us to automatically check if a change request will violate any security policy rules.

Tufin's cloud-native security features are lacking in support.

I would like the application to have faster response times. E.g., the dashboard may take up to two minutes to load. Or, when we do the topology seating its two and a half hours. I would like to get those times down and increase the efficiency of the product there.

I would like more support for Juniper and Junos Space. I would like more of the features which are offered for other platforms being extended to the Juniper platform.

The USP needs improvement. It is pretty much not usable right now for us. It is all IP-based. The issue with that is we may have one subnet, but we have multiple things that would go in different zones all in that same subnet. Therefore, to use the USP, we would have to bring it out in tons of /32s, and it's not usable. Whereas, it would be far better if we could just put tags associated with IPs, then do USP based on tags.

What do I think about the stability of the solution?

In the sense of operating, the stability is good, but in the sense of performance efficiency, it is bad.

What do I think about the scalability of the solution?

The scalability is bad.

If you previously used a different solution, which one did you use and why did you switch?

We did not have a previous solution that we were using. We were looking to work towards improving the whole requesting of firewall policies.

What about the implementation team?

We used a reseller for the deployment. Our experience was not that great, which has more to do with how our supply chain works and why we picked them. However, I don't ever really talk to them or hear from them.

What was our ROI?

We have seen ROI from the side of operations, and we'll probably get to more of that as time goes on. However it took a while to get to that point.

The solution has helped us reduce the time it takes us to make changes by at least a day.

It did reduce the time part of engineers manually spending time on processes from the aspect of manually having to go through the network and finding the path that a request would take to know where to put the rules. We have had some issues with topology, so not all of our tickets get that advantage. Probably 40 percent of them are that way, so that's why right now it is not as big of a gain.

Which other solutions did I evaluate?

We did consider other solutions.

What other advice do I have?

Do proper research. Look at Tufin and all of the other products.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See how Tufin can simplify your network security management

Find out how automation and orchestration of security policy management can help you increase agility and efficiency, while reducing risks and ensuring compliance and audit readiness. Request a Tufin demo today.

Add a Comment
Sign Up with Email