Most Helpful Review
Researched Tufin but chose Skybox Security Suite: Simple to use and scalable but needs more detailed reporting
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
The solution's simplicity of use is its most valuable feature.
Change Manager is most important because of the impact on each other of a network change or a firewall change. We want to understand this and to know, beforehand, what the impact of a change will be. We are a large network so that is a very important tool.
Correlates logs and threats and prioritizes; provides network maps;p provides change result context and resulting vulnerability.
Security review is the most important feature, because it offers a single pane of glass to analyze multiple firewalls.
This type of tool does a great job of reaching into those other devices producing risk recommendations, compliance recommendations, and a single plane of glass to do your queries, so you can find where these rules might exist.
The most valuable feature is the compliance, whether it's access compliance or the configuration compliance, to make sure that all of our devices are configured as they're supposed to be, to limit access as much possible, to follow least-access guidelines.
Skybox allows organizations to reprioritize the vulnerability they attempt to patch and mitigate, based on the contextual awareness of the network.
instead of asking for firewall rules which may or may not be relevant, or could already be there, or could be over-permissioned, Skybox can be used to map out the resources that that application is going to use and provide the exact rules that an application would require to function correctly. If the traffic isn't able to flow for the application, if it's erring out, Skybox can be used to troubleshoot that and say, "All right, where is the traffic being stopped and why, and how do I fix that."
There are a lot of benefits to using the reporting. It gives us duplicate objects, duplicate services, shadow firewall rules, and the firewall rules not needed for a given number of days or months.
The most valuable feature is alerting, which lets me know when someone has made a change.
The filtering of lots of criteria is very valuable.
The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.
The automated reporting on a regular basis is helping us to be compliant with legal requirements.
Tufin assists us in maintaining a robust view of our internal network topology.
This solution has helped us to meet our compliance mandates. We implemented the Unified Security Policy (USP). This helped enforce what compliance requirements that we had. We have mitigated and remediated issues that have been brought forth due to that USP showing us issues.
It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us... ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser.
The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger.
The vendor's support is terrible.
Reporting. A lot of the reports, out of the box, are limited to a certain number of either configuration violations or access rule violations. So when you first set up a new firewall to be monitored by Skybox, you don't get a real full report. You have to really tweak it to get everything.
I've had issues with licensing where, when they were expiring and I asked for the updated licenses, I would the wrong ones. I think their process needs to be straightened out a little bit - I don't know if they fixed it already, it has been awhile. It wasn't as straightforward as it could have been.
The only place where Skybox has room for improvement, and they're working on releasing this, it's just a slow-go, is the UI. The user interface has historically been via a locally installed thick client. They are moving to a web-based console and it's slowly coming out.
If anything could be improved it would be staying on top of the collector scripts, but I understand that's a very tough challenge.
There are pros and cons to the workflow. You cannot customize it fully and there are some limitations. You cannot create a pure object, a firewall, IP, or service (single layer) object. You can only create a firewall object group. That is one of the challenges.
I would like to see visibility into the FW features like IPS/Content Filter policies, the same way it does for FW rules/policies.
I would like to see more configuration options on next-generation firewalls, defining possible standards for devices.
I would like to see better report integration in this solution.
I would like to see the setup of the Unified Security Policy simplified.
The product should integrate with the UTM features.
The metrics need improvement. They need more consistency or understanding of automation, along lines of customization of automation.
Tufin has come a long way when it comes to visibility. What we would like to see is a little bit more on the discovery level, network discovery, which Tufin does not have today.
Pricing and Cost Advice
Pricing is on the higher side. In terms of licensing, you should buy the complete suite rather than buying only the Change Manager. I think Change Manager with Vulnerability Control is something that would be interesting to look at.
The pricing has increased exorbitantly in the last few years, so now it is questionable. Now, it makes me want to review other products.
With licensing, the number of network nodes becomes very expensive to the point where you have to rationalize if the tools are warranted anymore.
Fully understand the total cost of ownership. They have gone to a new model where you have to replace the hardware every X amount of years at a very substantial cost and fully understand your intended number of nodes. To operate a firewall, you have to pay two licenses, a firewall node and a network node. If you are a reasonable-sized organization, this gets expensive very quickly.
I've seen the pricing of every solution on the market. When you compare apples to apples, where Skybox becomes exceedingly expensive is if you look at it compared to something like FireMon that only does a fraction of what Skybox does. But if you include everything that Skybox does, it becomes way more expensive than the competition, but you're also not comparing apples to apples. If you look at FireMon, and you look at like just the firewall assurance piece, they are fairly comparable and, actually, Skybox comes in a little bit cheaper in some cases, depending on which product you're looking at.
The product's pricing is excellent value. In terms of licensing, make sure you understand your network components, all your hops through your network, thoroughly, before you decide on the total cost. If you want to do point-to-point flow analysis and such, you need to have the configuration of all the devices in between point A and point B. A lot of people don't realize all their network components until they start using this product.
The pricing is high, and the licensing model needs more flexibility.
I believe our cost is more than $100,000 per year.
I suggest talking with Tufin about the flexibility of the pricing structure.
The licensing costs are a significant amount of money.
I'm saving 20 man-hours a week, so I am seeing some ROI.
The cost is pretty high. It's close to seven figures.
For us it's around $40,000 or so.
Licensing is on a customer by customer basis.
The seller of Tufin, when I wanted the solution, was very flexible because the cost on the lease was very high in Latin America. So, he was able to reduce the cost.
out of 7 in Firewall Security Management
Average Words per Review
out of 7 in Firewall Security Management
Average Words per Review
Compared 28% of the time.
Compared 22% of the time.
Compared 14% of the time.
Compared 48% of the time.
Compared 35% of the time.
Compared 11% of the time.
The Skybox Security Suite platform combines firewall and network device data with vulnerability and threat intelligence, prioritizing security issues in the context of your unique environment. Powerful attack vector analytics reduce response times and risks, bringing firewall, vulnerability and threat management processes for complex networks under control.
Firewall Assurance brings all firewalls into one normalized view, continuously monitoring policy compliance, optimizing firewall rulesets and finding attack vectors that others miss. Skybox covers the most comprehensive list of firewall vendors, complex rulesets, even virtual and cloud-based firewalls. With proven scalability in 1,500+ firewall deployments, Firewall Assurance keeps rules optimized and ensures changes don’t introduce new risk.
Gain total visibility of the vulnerabilities in your attack surface without waiting for a scan. Leverage Skybox Research Lab's vulnerability and threat intelligence, and automatically correlate it to your unique environment. With network modeling and advanced simulations, pinpoint exposed vulnerabilities and other attack vectors. And use context to prioritize vulnerabilities in terms of actual risk and respond to threats with accuracy and efficiency.
For more information or to view a demo, visit www.skyboxsecurity.com.
Tufin Orchestration Suite is a comprehensive solution for network security management providing visibility, change tracking, analysis and auditing for firewall policies, network devices and cloud platforms. It also provides automatic application connectivity and firewall change management. It assures a tight security posture and regulatory compliance across all enterprise platforms.
Learn more about Skybox Security Suite
See how Tufin can simplify your network security management
Find out how automation and orchestration of security policy management can help you increase agility and efficiency, while reducing risks and ensuring compliance and audit readiness. Request a Tufin demo today.
|ADP, Blue Cross Blue Shield, BT, USAID, Delta Dental, EDF Energy, EMC, HSBC, Johnson & Johnson||SIX Group Services AG, Telenor Norway, Swisscom|
Software R&D Company31%
Comms Service Provider14%
Financial Services Firm10%
Financial Services Firm26%
Comms Service Provider9%
Software R&D Company24%
Financial Services Firm13%
Comms Service Provider12%