Tufin Review

Increases your productivity and simplifies your workflow

What is our primary use case?

Right now, we are just using it for SecureTrack. Next year, we have plans to buy the license for SecureChange as well.

I think we're using version 18, and we are in the process of upgrading it to 19-2

How has it helped my organization?

We got Tufin from a company that we acquired, so its helping us do mitigations there. Now, we are extending the scope and implementing it in our HQ, as well. It has helped for PCI and compliance.

The solution helps us ensure that security policy is followed across our entire network. It is important to configure and define all the networks right.

One of the primary reasons why we want to use Tufin is currently we are having issues with companies from overseas who manage our firewalls. It is very inefficient where they say that they have implemented the rules, then later on we find out the implementation has not been done properly and they are missing firewalls. Hopefully, once we fully implement this tool, it should be able to tell us if firewall rules are missing. It should be able to tell them before they communicate with us. After the implementation, we can verify and make sure that everything is working and do all the validations.

What is most valuable?

It is a great solution. If you have all the devices and firewalls in place, the amount of details that you get along with the network topology is very good.

If we had the budget and money, the SecureChange is really great. What you can do and where you can push everything from one console. You can create a change and do the whole automation: create the change, implement the change, and close the change. Right now, I have to go to two, three, or four different consoles. Whereas if I had SecureChange, I could do everything in one place. From an auditing perspective, it becomes easy. Right now, I have to give a change ticket number, then show the auditor and tell them to search for that change ticket number in a different place. If everything is in one place, that makes your life easier.

The change workflow process is flexible and customizable.

What needs improvement?

I would like more API integration, API integration with the cloud, and API integration with other chain management solutions. I would also like more scripts, which would help us not have to write scripts. If you give me all this, I can use the scripts to automate stuff, making my life easier.

I haven't seen the cloud integration yet, and I would like to see if we could audit the cloud firewalls, like the cloud-native, Azure, and Amazon. That would be nice. You want one tool to do everything. I don't want to use another tool, or manually go and audit the cloud firewalls.

What do I think about the stability of the solution?

I have seen some issues with the stability. One of the things that we noticed was when R18 was released about one or two years back, it couldn't discover the newer versions of firewalls, then we had to upgrade it. After the upgrade we ran into some other issues. However, it looks like with the patches it is getting there.

What do I think about the scalability of the solution?

With the scalability, you have to use different components: the reporting server and distribution server. When we implemented it earlier, we didn't design it properly, which I feel is our issue. Once we design it properly, the way that we are implementing it now, I feel the scalability should be there.

If you previously used a different solution, which one did you use and why did you switch?

I have used auditing tools in the past, so I was already aware of Tufin. When I saw the processes in my company where I worked were manual, I recommended a solution, saying, "We need to expand the solution from our other company to here, as well. It will simplify our processes."

How was the initial setup?

The initial implementation was done at an acquired company, so it was already installed. However, we are doing upgrades now.

What about the implementation team?

I think we will be using Tufin for the upgrades.

What was our ROI?

We have seen ROI:

  • The productivity has increased. The team is more productive.
  • It will decrease the time of firewall implementation, which will increase the productivity in the sense that now other teams don't have to wait for their projects. 
  • This helps us simplify our processes.

Our engineers are spending less time doing manual processing. Their productivity has at least increased by 50 percent.

What's my experience with pricing, setup cost, and licensing?

We haven't purchased the license yet for SecureChange. We do have plans to buy it next year.

The additional piece, which we are buying and doesn't include our other solution, is close to 300,000.

Which other solutions did I evaluate?

We did not have have time to evaluate other solutions. Also, we already had Tufin in place in our other company. 

This seems to be a better solution than AlgoSec, which I have used in the past. I have also seen FireMon, and Tufin gave us what we needed. I didn't see a reason to explore other solutions.

What other advice do I have?

It is a great tool. It will help you increase your productivity and simplifies your workflow.

We should use it to clean up our firewall policies since the tool is there.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See how Tufin can simplify your network security management

Find out how automation and orchestration of security policy management can help you increase agility and efficiency, while reducing risks and ensuring compliance and audit readiness. Request a Tufin demo today.

Add a Comment
Sign Up with Email