Compare Cisco Defense Orchestrator vs. Tufin

Cisco Defense Orchestrator is ranked 4th in Firewall Security Management with 11 reviews while Tufin is ranked 2nd in Firewall Security Management with 76 reviews. Cisco Defense Orchestrator is rated 8.2, while Tufin is rated 8.0. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of Tufin writes "SecureChange feature enables firewall rule automation, but Security Groups are pricey". Cisco Defense Orchestrator is most compared with FireMon, Tufin and AlgoSec, whereas Tufin is most compared with AlgoSec, FireMon and Skybox Security Suite. See our Cisco Defense Orchestrator vs. Tufin report.
Cancel
You must select at least 2 products to compare!
Tufin Logo
Read 76 Tufin reviews.
21,163 views|12,141 comparisons
Most Helpful Review
Find out what your peers are saying about Cisco Defense Orchestrator vs. Tufin and other solutions. Updated: March 2020.
408,459 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple.If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing.The bulk changes feature is definitely the most valuable.The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy.The ability to see the uptimes on the different VPNs that we have configured for site-to-site.If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time.We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too.I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA.

Read more »

There are a lot of benefits to using the reporting. It gives us duplicate objects, duplicate services, shadow firewall rules, and the firewall rules not needed for a given number of days or months.The most valuable feature is alerting, which lets me know when someone has made a change.The filtering of lots of criteria is very valuable.The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.The automated reporting on a regular basis is helping us to be compliant with legal requirements.Tufin assists us in maintaining a robust view of our internal network topology.This solution has helped us to meet our compliance mandates. We implemented the Unified Security Policy (USP). This helped enforce what compliance requirements that we had. We have mitigated and remediated issues that have been brought forth due to that USP showing us issues.It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us... ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser.

Read more »

Cons
CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring.The dashboard needs to be more customizable to provide better reporting for our network.It should have more features to manage FirePOWER appliances.When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up.I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus.The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities.I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free.There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change.

Read more »

There are pros and cons to the workflow. You cannot customize it fully and there are some limitations. You cannot create a pure object, a firewall, IP, or service (single layer) object. You can only create a firewall object group. That is one of the challenges.I would like to see visibility into the FW features like IPS/Content Filter policies, the same way it does for FW rules/policies.I would like to see more configuration options on next-generation firewalls, defining possible standards for devices.I would like to see better report integration in this solution.I would like to see the setup of the Unified Security Policy simplified.The product should integrate with the UTM features.The metrics need improvement. They need more consistency or understanding of automation, along lines of customization of automation.Tufin has come a long way when it comes to visibility. What we would like to see is a little bit more on the discovery level, network discovery, which Tufin does not have today.

Read more »

Pricing and Cost Advice
It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours.After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte.It's around £500 per unit for a three-year license.It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year.

Read more »

I believe our cost is more than $100,000 per year.I suggest talking with Tufin about the flexibility of the pricing structure.The licensing costs are a significant amount of money.I'm saving 20 man-hours a week, so I am seeing some ROI.The cost is pretty high. It's close to seven figures.For us it's around $40,000 or so.Licensing is on a customer by customer basis.The seller of Tufin, when I wanted the solution, was very flexible because the cost on the lease was very high in Latin America. So, he was able to reduce the cost.

Read more »

report
Use our free recommendation engine to learn which Firewall Security Management solutions are best for your needs.
408,459 professionals have used our research since 2012.
Ranking
Views
1,215
Comparisons
208
Reviews
11
Average Words per Review
1,686
Avg. Rating
8.3
Views
21,163
Comparisons
12,141
Reviews
73
Average Words per Review
684
Avg. Rating
8.0
Top Comparisons
Compared 32% of the time.
Compared 46% of the time.
Compared 37% of the time.
Compared 11% of the time.
Also Known As
CDO
Learn
Cisco
Tufin
Overview

Cisco Defense Orchestrator is a cloud based policy management solution to drive simple and consistent security policy across multiple Cisco security platforms.

Tufin Orchestration Suite is a comprehensive solution for network security management providing visibility, change tracking, analysis and auditing for firewall policies, network devices and cloud platforms. It also provides automatic application connectivity and firewall change management. It assures a tight security posture and regulatory compliance across all enterprise platforms.

Offer
Learn more about Cisco Defense Orchestrator
See how Tufin can simplify your network security management

Find out how automation and orchestration of security policy management can help you increase agility and efficiency, while reducing risks and ensuring compliance and audit readiness. Request a Tufin demo today.

Sample Customers
Insurance Company of British Columbia, ShawmutSIX Group Services AG, Telenor Norway, Swisscom
Top Industries
VISITORS READING REVIEWS
Comms Service Provider39%
Software R&D Company23%
Manufacturing Company10%
Healthcare Company7%
REVIEWERS
Financial Services Firm26%
Comms Service Provider9%
Retailer8%
Healthcare Company8%
VISITORS READING REVIEWS
Software R&D Company30%
Comms Service Provider14%
University14%
Financial Services Firm9%
Company Size
REVIEWERS
Small Business36%
Midsize Enterprise18%
Large Enterprise45%
REVIEWERS
Small Business11%
Midsize Enterprise6%
Large Enterprise82%
VISITORS READING REVIEWS
Small Business23%
Midsize Enterprise14%
Large Enterprise62%
Find out what your peers are saying about Cisco Defense Orchestrator vs. Tufin and other solutions. Updated: March 2020.
408,459 professionals have used our research since 2012.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.