Compare Cisco Defense Orchestrator vs. Tufin

Cisco Defense Orchestrator is ranked 4th in Firewall Security Management with 11 reviews while Tufin is ranked 2nd in Firewall Security Management with 75 reviews. Cisco Defense Orchestrator is rated 8.2, while Tufin is rated 8.0. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of Tufin writes "SecureChange feature enables firewall rule automation, but Security Groups are pricey". Cisco Defense Orchestrator is most compared with Tufin, FireMon and AlgoSec, whereas Tufin is most compared with AlgoSec, FireMon and Skybox Security Suite. See our Cisco Defense Orchestrator vs. Tufin report.
Cancel
You must select at least 2 products to compare!
Tufin Logo
Read 75 Tufin reviews.
20,087 views|11,003 comparisons
Most Helpful Review
Find out what your peers are saying about Cisco Defense Orchestrator vs. Tufin and other solutions. Updated: September 2019.
372,906 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing.The bulk changes feature is definitely the most valuable.The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy.The ability to see the uptimes on the different VPNs that we have configured for site-to-site.If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time.We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too.We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple.I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA.

Read more »

The filtering of lots of criteria is very valuable.The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.The automated reporting on a regular basis is helping us to be compliant with legal requirements.Tufin assists us in maintaining a robust view of our internal network topology.This solution has helped us to meet our compliance mandates. We implemented the Unified Security Policy (USP). This helped enforce what compliance requirements that we had. We have mitigated and remediated issues that have been brought forth due to that USP showing us issues.It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us... ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser.The Topology Map, which feeds into our SecureChange - the latter being an automation platform - there's a lot of synergy between the two.In our current environment, the most valuable feature from Tufin is their Network Map.

Read more »

Cons
The dashboard needs to be more customizable to provide better reporting for our network.It should have more features to manage FirePOWER appliances.When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up.I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus.CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring.The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities.I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free.There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change.

Read more »

I would like to see more configuration options on next-generation firewalls, defining possible standards for devices.I would like to see better report integration in this solution.I would like to see the setup of the Unified Security Policy simplified.The product should integrate with the UTM features.The metrics need improvement. They need more consistency or understanding of automation, along lines of customization of automation.Tufin has come a long way when it comes to visibility. What we would like to see is a little bit more on the discovery level, network discovery, which Tufin does not have today.More API integration with third-party platforms is something that we would definitely like to see in upcoming releases.The biggest area where I see a need for improvement is some of the documentation and training stuff. It does a really good job of hitting the big concepts, but it needs like another layer deeper of actually getting into some of the details of how to do some of the things. Conceptually, I understand how the product works, but now how do I start building stuff and integrating it into my environment.

Read more »

Pricing and Cost Advice
It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours.After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte.It's around £500 per unit for a three-year license.It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year.

Read more »

I suggest talking with Tufin about the flexibility of the pricing structure.The licensing costs are a significant amount of money.I'm saving 20 man-hours a week, so I am seeing some ROI.The cost is pretty high. It's close to seven figures.For us it's around $40,000 or so.Licensing is on a customer by customer basis.The seller of Tufin, when I wanted the solution, was very flexible because the cost on the lease was very high in Latin America. So, he was able to reduce the cost.Our licensing costs are three million total and then we pay for maintenance, which is an additional cost for three years.

Read more »

report
Use our free recommendation engine to learn which Firewall Security Management solutions are best for your needs.
372,906 professionals have used our research since 2012.
Ranking
Views
646
Comparisons
93
Reviews
11
Average Words per Review
1,689
Avg. Rating
8.3
Views
20,087
Comparisons
11,003
Reviews
72
Average Words per Review
698
Avg. Rating
7.9
Top Comparisons
Compared 49% of the time.
Compared 52% of the time.
Compared 32% of the time.
Compared 10% of the time.
Also Known As
CDO
Learn
Cisco
Tufin
Overview

Cisco Defense Orchestrator is a cloud based policy management solution to drive simple and consistent security policy across multiple Cisco security platforms.

Tufin Orchestration Suite is a comprehensive solution for network security management providing visibility, change tracking, analysis and auditing for firewall policies, network devices and cloud platforms. It also provides automatic application connectivity and firewall change management. It assures a tight security posture and regulatory compliance across all enterprise platforms.

Offer
Learn more about Cisco Defense Orchestrator
See it in Action

Schedule Your Tufin Demo Now

Sample Customers
Insurance Company of British Columbia, ShawmutSIX Group Services AG, Telenor Norway, Swisscom
Top Industries
No Data Available
REVIEWERS
Financial Services Firm27%
Comms Service Provider9%
Healthcare Company8%
Retailer7%
VISITORS READING REVIEWS
Software R&D Company28%
Financial Services Firm15%
Comms Service Provider12%
University8%
Company Size
REVIEWERS
Small Business36%
Midsize Enterprise18%
Large Enterprise45%
REVIEWERS
Small Business12%
Midsize Enterprise6%
Large Enterprise83%
VISITORS READING REVIEWS
Small Business11%
Midsize Enterprise4%
Large Enterprise86%
Find out what your peers are saying about Cisco Defense Orchestrator vs. Tufin and other solutions. Updated: September 2019.
372,906 professionals have used our research since 2012.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Sign Up with Email