Most Helpful Review
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing.
The bulk changes feature is definitely the most valuable.
The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy.
The ability to see the uptimes on the different VPNs that we have configured for site-to-site.
If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time.
We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too.
We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple.
I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA.
The filtering of lots of criteria is very valuable.
The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.
The automated reporting on a regular basis is helping us to be compliant with legal requirements.
Tufin assists us in maintaining a robust view of our internal network topology.
This solution has helped us to meet our compliance mandates. We implemented the Unified Security Policy (USP). This helped enforce what compliance requirements that we had. We have mitigated and remediated issues that have been brought forth due to that USP showing us issues.
It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us... ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser.
The Topology Map, which feeds into our SecureChange - the latter being an automation platform - there's a lot of synergy between the two.
In our current environment, the most valuable feature from Tufin is their Network Map.
The dashboard needs to be more customizable to provide better reporting for our network.
It should have more features to manage FirePOWER appliances.
When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up.
I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus.
CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring.
The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities.
I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free.
There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change.
I would like to see more configuration options on next-generation firewalls, defining possible standards for devices.
I would like to see better report integration in this solution.
I would like to see the setup of the Unified Security Policy simplified.
The product should integrate with the UTM features.
The metrics need improvement. They need more consistency or understanding of automation, along lines of customization of automation.
Tufin has come a long way when it comes to visibility. What we would like to see is a little bit more on the discovery level, network discovery, which Tufin does not have today.
More API integration with third-party platforms is something that we would definitely like to see in upcoming releases.
The biggest area where I see a need for improvement is some of the documentation and training stuff. It does a really good job of hitting the big concepts, but it needs like another layer deeper of actually getting into some of the details of how to do some of the things. Conceptually, I understand how the product works, but now how do I start building stuff and integrating it into my environment.
Pricing and Cost Advice
It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours.
After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte.
It's around £500 per unit for a three-year license.
It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year.
I suggest talking with Tufin about the flexibility of the pricing structure.
The licensing costs are a significant amount of money.
I'm saving 20 man-hours a week, so I am seeing some ROI.
The cost is pretty high. It's close to seven figures.
For us it's around $40,000 or so.
Licensing is on a customer by customer basis.
The seller of Tufin, when I wanted the solution, was very flexible because the cost on the lease was very high in Latin America. So, he was able to reduce the cost.
Our licensing costs are three million total and then we pay for maintenance, which is an additional cost for three years.
out of 7 in Firewall Security Management
Average Words per Review
out of 7 in Firewall Security Management
Average Words per Review
Compared 49% of the time.
Compared 39% of the time.
Compared 12% of the time.
Compared 52% of the time.
Compared 32% of the time.
Compared 10% of the time.
Also Known As
Cisco Defense Orchestrator is a cloud based policy management solution to drive simple and consistent security policy across multiple Cisco security platforms.
Tufin Orchestration Suite is a comprehensive solution for network security management providing visibility, change tracking, analysis and auditing for firewall policies, network devices and cloud platforms. It also provides automatic application connectivity and firewall change management. It assures a tight security posture and regulatory compliance across all enterprise platforms.
Learn more about Cisco Defense Orchestrator
See it in Action
Schedule Your Tufin Demo Now
|Insurance Company of British Columbia, Shawmut||SIX Group Services AG, Telenor Norway, Swisscom|
No Data Available
Financial Services Firm27%
Comms Service Provider9%
Software R&D Company28%
Financial Services Firm15%
Comms Service Provider12%