Tufin Review

Reduces human error and speeds up the whole change process

What is our primary use case?

We do risk, cleanup, and change.

How has it helped my organization?

It reduces human error and speeds up the whole change process.

The change workflow process is flexible and customizable. There are five default workflow processes out-of-the-box. However, every customer is different. Everybody has a different request process. That is why it's so customizable. You can add another step, you can delete a step, or you could put in an exception. It is very flexible.

We use this solution to automatically check if a change request will violate any security policy rules. E.g., we will not be allowing SSH to the Internet. That is one change request where we can be like, "Put that right on top of the policy." 

This solution has helped us to meet our compliance mandates, especially with the default out-of-the-box templates, then you can create your own.

This solution helps us ensure that security policy is followed across our entire hybrid network. You can have a Unified Security Policy which reaches across all networks, so if you are having a change submitted, it doesn't matter if you're enforcing it or not. You can get an alert saying, "This is a violation." That's a value-add.

What is most valuable?

  • Cleanup
  • Visibility
  • Scalability

Cleanup is its most valuable feature. We use Tufin to cleanup our firewall policies. You can see unnecessary, unused objects. A lot of times, you will create a host, then it's not used. It's like, "Delete that, because we don't need that in the database." Or, it's a rule that is not needed: unused rules.

Its cloud-native security features are good. They add even more visibility to your environment.

What needs improvement?

I would like more out-of-the-box workflows in SecureChange with more default config, so you don't have to create those workflows yourself. This would be the biggest thing.

I would also like more enforcement. Right now. it's a lot of alerting. You see it in Tufin, but you have to go to Check Point or whatever device to make the actual action.

We already know the user interface is getting redesigned in TOS 2.0. That's naturally been the customer complaint in my experience, "Where are things in the GUI? The GUI is cumbersome." Now, I'm used to it, but when your first learning it, it is unintuitive.

What do I think about the stability of the solution?

The stability is very good, especially now that they are developing a lighter weight operating system on top of the OS with 2.0 coming out this year. 

The current version is slow. I deal with a lot of large environments, which is mostly what Tufin has. It is slow because it is a database, Tomcat Server, and web server. Reports are slow. If you're generating manually on the fly, you can set them to run at night, then it's not a big deal.

What do I think about the scalability of the solution?

The scalability is good, because you can have a central server, distributed server, and remote collectors. You can have remote land sites or branch offices. You can have the collectors collect the data for you. You don't have to rely on just one server.

How are customer service and technical support?

The technical support is very good. It is a lot better than the firewall vendors themselves.

If you previously used a different solution, which one did you use and why did you switch?

There were not enough resources to do the changes themselves. We definitely went offshoring. Now, you see a lot of that coming back because there is not enough people. We needed a system to do it.

How was the initial setup?

At first, the initial setup is complex. Once you know it, the initial setup is straightforward.

First, you have to install the operating system. Then, you have to install the application, where there are certain version requirements. You can't just go right to the latest OS version. You have to go back to the older one, then upgrade those as well. It is a little cumbersome.

What about the implementation team?

I am an integrator. Sometimes, we have to use Tufin on the back-end.

What was our ROI?

We have seen ROI just in the time savings and knowledge. Knowledge is power. Having the solution do it automatically for you without you doing the work is huge. If you are spending $50,000 a year, it could have cost you a $100,000 in man-hours without it, especially if you are working with a team..

This solution has helped reduce the time it takes our customers to make changes by 50 percent.

Engineers are spending less time on manual processes by 50 percent.

What's my experience with pricing, setup cost, and licensing?

While licensing varies greatly, it is about $50,000 a year.

Which other solutions did I evaluate?

We did consider other vendors, but Tufin is the market leader. We only deal with the best of breed. We like to go with the best.

What other advice do I have?

Do a proof of concept or proof of value. You will see the value right there.

The visibility is top-notch. I know the vendors as well, like Check Point and the firewall product underneath it. I know with Check Point, specifically, and I have seen some issues with it. However, overall, there is still a lot of value in the cleanup.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
See how Tufin can simplify your network security management

Find out how automation and orchestration of security policy management can help you increase agility and efficiency, while reducing risks and ensuring compliance and audit readiness. Request a Tufin demo today.

Add a Comment
Sign Up with Email