Tufin Benefits

Arturo Morante
Network Architect at a transportation company with 10,001+ employees
With path analysis, you can specify a source, a destination, and a port and it will tell you whether it's blocked or not, and where; which firewall is doing the blocking or the allowing, or whatever. That part is very useful. When you have feedback from the user and you have your source, destination, and port, instead of trying to search on the Check Point console or the Panorama console or the Juniper console to figure out where that packet being dropped, you go to Tufin, put it in and, in 30 seconds, you have your answer. It saves time on each ticket. Instead of playing around for 15 or 20 minutes, it's down to 30 seconds. Any first-line of support can go to Tufin, put in the source, destination, and port and they can at least know what to look for, who to involve to further troubleshoot the issue. It's a first-step investigation that saves time. It also helps us ensure that our security policies are followed across our entire hybrid network. View full review »
Robert Letson
Director at Visa Inc.
It is definitely a time saver. We can process more rules on a daily basis. It allows the customers to request their own rules. Sometimes, they need a little help, but they can submit it. As long as it passes the risk analysis, because it has to get through our NSA group. We just apply and push it that night. We use Tufin to clean up our firewall policies. It benefits us, because you can run a query for whatever your cleanup criteria is, e.g., "Has it been hit in 90 days?" It displays the list, then you can see the rules right there. If you want to get rid of it (or highlight it), then it creates a ticket that goes ahead and flags them all as disabled. While you can delete them, we always disable first. Then, we have a strip that comes back, and if it's been disabled for 90 days, then the system will remove them. The change workflow process is flexible and customizable. When we first got it, Tufin created a workflow based on our requirements. Since then we have modified and tweaked it. We added in Palo Alto, and we just keep adding steps. We can also add scripts. We have multiple scripts for a workflow, which makes it very flexible. You write the script and plug it into the workflow, then it's working. We use the Unified Security Policy to automatically check if a change request will violate any security policy rules. This solution has helped us ensure that our security policy is followed across our entire hybrid network. It is the same Unified Security Policy editing each request. It is the same set of rules. If it's good enough for Check Point, then it will be good enough for Palo Alto, and it's all zone based. View full review »
NetworkEng4365
Senior Network Engineer at a financial services firm with 10,001+ employees
It has improved our organization through the beginning of automation. It has also helped in terms of auditing. Tufin is a convenient way for us to show and prove what changes were done, when they were done, and by whom they were done. Tufin also helps ensure that security policies are followed across our entire hybrid network. We use the USP, Universal Security Profile, which is governed by our cyber team. That team sets up the parameters and then, through the automation, when a request comes in, the first thing it does is check if it meets or violates. If it violates, it sends it right back to the requester. Another way we do it is that when somebody puts a request in, it goes through the USP. Then the cyber team combs through it to make sure that whatever service they're asking for can happen. For example, if someone wants Dev going to the internet, of course that's not going to happen. They'll filter all that out before it comes to us. Once it comes to us, we'll implement it, and then we comb through all the reports and make sure that nobody missed anything. It also helps expedite changes. View full review »
Find out what your peers are saying about Tufin, AlgoSec, FireMon and others in Firewall Security Management. Updated: October 2019.
372,374 professionals have used our research since 2012.
Reviewer45759
Change Manager at a pharma/biotech company with 10,001+ employees
The additional visibility into network path analysis is really helpful. The ability to provide assistance with role clean up will be helpful as well. Part of the work that one of our firewall implementation teams is doing is a justification process right now. I think that a clean up is included as part of that effort. View full review »
NetworkS2695
Network Security Operations at a insurance company with 10,001+ employees
We use this product to sharpen our change cycle. A request used to take quite a while as we did manual assessments. A lot of that is now done through SecureTrack. At this stage, we are doing only manual checks. We are only using SecureTrack to verify the flows through Tufin. At a later stage, when we will also automate certain types of rules to be done through SecureChange, this will tremendously help us. We are not there yet, but this will help us in terms of time and resource costs. In the past, we would do certain things because of private knowledge of people's own understanding of the network. We don't have to rely on just that piece of it, because of the topology. We now know which firewalls come into play. We use Tufin to help us clean up the firewall policies. It provides very easy reporting. We get all the aged or unused rules listed very quickly, as soon we run the report. It's a quite easy way of doing it. However, we have not automated our process. We are hoping that at some point that we will be in a position to automate that process. We use the solution to automatically check if a change request will violate any security policy rules. If a request comes in, and it is from an Internet zone going straight out to an inside secure zone, then we definitely flag it. There are other policies that we find in our USP, which we flag. These are the type of things that we check. We definitely use the compliance reports, which has simplified things. However, we haven't fully integrated it into the GRC process with Tufin yet. The desire is to make sure our GRC resources are fully aware and engaged in our Tufin deployment. We are leveraging some components to provide reports for our GRC process, but there is no plan to integrate those processes. Those are run by different teams. We were planning to integrate our ticketing system (ServiceNow) with Tufin, which is ongoing. We are working on that now. View full review »
NetworkS2260
Network/Security Engineer at a leisure / travel company with 51-200 employees
In terms of the change impact analysis capabilities of this solution, we get a lot of CNR queues and it has saved a lot of time when making changes. And the analysis tells us that we have made a particular change and it sends out a lot of alerts. We can analyze them and do some auditing stuff as well with Tufin. We have a lot of teams that do stuff in Tufin, management teams, auditing staff, and a team for implementation. So the time it saves us across that whole scenario is hard to pin down, but it has saved us a lot of hours in implementing the CNR queues, approximately 20 to 30 hours a week. That a big time savings. The solution will automatically check if a change request will violate any security policy rules. We have an auditing staff using this feature within Tufin. If we have an open rule, it will send us an alert and we can see why this alert has been sent and take action on it. Tufin helps us ensure that security policy is followed across our entire hybrid network. We can set up rules and policies for this and we can do a lot of auditing as a result. View full review »
Ben Stern
Service Engineer at G2 Deployment Advisors
I have seen our customers benefit by taking out massive amounts of duplicate objects, and overly permissive rules. Tufin helps to clean up their firewall policies. A common scenario we see is one where clients have a whole lot of shadowed rules, duplicate rules, in their firewall policies. Tufin's Policy Browser allows them to filter them and search for them. They can also search for those rules that violate certain Unified Security Policies that they've defined. Every single one of our SecureChange customers has seen significant improvement in the time it takes to make a change. View full review »
Michael Utech
Network Security Engineer at Customer Worldpay
The plan is to integrate it into things, like ServiceNow, then use the automation. That was one of the strengths in the decision to stay with Tufin and invest more resources into it. My hope is to use this solution to automatically check if a change request will violate any security policy rules. It is not doing any of that right now. Right now, our compliance mandates are all over the place, but previously, what they were doing is they were just taking screenshots of something, and I don't know how we passed our audits. I was shocked and appalled that the current network team isn't even using it right now. In previous roles in previous companies, this product (or one of the competing products) was like the lifeblood of how we worked. It was like step two, after picking up a ticket. We went to use this tool to see where we needed to make changes. That they're not doing that explains why they're probably having to do rework 60 percent or higher limitation tickets, because they're missing devices or it is not being implemented properly. View full review »
Syahrul Fitri
Specialist in Network Security Operations Support at a financial services firm with 10,001+ employees
In our environment we have two data centers which have the same IP address for service in both. This means that in data center A, server X's IP address is the same as server X's IP address in data center B, but it's sitting in a different firewall. So we are exploring SecureChange to automate the pushing of rules in both gateways at the same time. That way we will be able to track to which firewall, in which data center, we have pushed rules. It helps us to meet our compliance mandates because we are able to define whatever compliance we are subject to. We are a financial institution so we have to comply with PCI DSS, we have to comply with certain financial rules and regulations. We are able to do that with Tufin. It also helps ensure that security policies are followed across our entire hybrid network. So far there have been no complaints from the auditor who is checking our firewall rules. The only exception is that, because we have so many requests in a day, some of them are not used yet by the requester. What our auditor sees is only the unused part. But we are 80 to 90 percent compliant. Finally, I expect it will help our engineers to spend less time on manual processes, that it will cut half of the time spent looking at all the rules and validation. Currently, 70 percent of my engineers' load is looking at rule validation and requests that are not being made correctly. View full review »
NetworkEccd3
Network Engineer Lead at a energy/utilities company with 10,001+ employees
It has helped us immensely on the compliance side. We are able to look for overly broad rules. E.g., rules with any-any using the USP to see if we have violations. This was pretty impossible to do before by just looking at the CLI on the firewall and spreadsheets. We use Tufin to clean up our firewall policies. The biggest use in the last couple of months has been to pull rules out of firewalls rather than putting them in. We're cleaning up and pulling rules out. We use this solution to automatically check if a change request will violate any security policy rules. Even though we've been using the product for several years, we've just now started rolling out SecureChange, updating our USPs, and building USPs. We are using those to do security checks. This solution helped us meet our compliance mandates. With the USPs, we can control what is being put in, then we know when violations are occurring ahead of time. View full review »
Security8043
Security Analyst at a retailer with 10,001+ employees
We use it to aid with firewall reviews. We don't have SecureChange active, but we can take the info and use it to help. We have found a lot to work with. Tufin has been helpful with making sure all parts of our organization are following change management: * If you are changing rules, then you have tickets, and there is the approval process associated with it. * Seeing people are sticking with those temp rules, if they end up staying there for awhile. * Sometimes, there are just bad rules where something that should've been "deny" and should not be allowed. Those are more direct examples without getting too far into the weeds. It is greatly aided in helping us meet our compliance mandates. There used to be manual reviews for certain compliance requirements. Now, this solution helps automate a lot of that, and even the parts which are still manual. It's a lot more comprehensive than trying to read raw text files of the configs and making sense of those. The solution helps us ensure that security policy is followed across our entire hybrid network. It is like a centralized single pane of glass where comprehensively shows things, especially coupled with the Network Topology piece that they have. You can say, "Here's where the DMZ is, and here's that. These are the amount of firewalls crosses this through." Whereas before, it was this big spreadsheet of all the firewalls and zones. Except for like two or three legacy knowledge people, no one really understood how it flowed before Tufin. It has helped us troubleshoot, e.g., why isn't this still working? "Oh, they put it on the wrong firewall or they typoed it." The solution has helped with that. The firewall reviews for compliance used to be a more labor intensive process. It used to take a few months, and now, it's down to just a couple of weeks. View full review »
NetworkE78f6
Network Engineer at a healthcare company with 10,001+ employees
We use Tufin to clean up our firewall policies. It makes our firewalls and our security-stack devices a little bit more bulletproof. We are in constant compliance and it's nice for us to know what's out there and what's actually being used, from a business standpoint and also from an operational standpoint. Also, what used to take us a few days to implement from inception to final, is now accomplished within a day. But our goal is to move it to a matter of a few minutes. Overall, holistically, it gives everybody a chance to focus on the more important tasks at hand and to be cognizant of automation as it comes along. It has also helped reduce the time it takes to make changes. The process used to take a few days to a week. In some cases, given the complexity of our projects, it used to be a little bit more than a week. Now, it has come down to a day or two at the most. We want to shorten that as well, to bring it down even more. But it's far better than what we had many years ago. Our engineers are spending a little less time on manual processes. There's always that constant time spent to keep the product and the platform up to date but, overall, they're spending a little bit less time. View full review »
John_Ford
Managing Director at Midpoint Technology
This solution has helped our clients because it allows them to leverage the tools so that they can actually reduce their overall expenses for the environment. The push is operational, and they've been able to eliminate a number of contractors, thus saving quite a bit of money by using the automation capabilities of Orchestration. View full review »
NetworkE9856
Network Engineer at a energy/utilities company with 10,001+ employees
We use Tufin to clean up our firewall policies. We use an automatic policy generator. This is huge for us because certain rules, especially if they're overly permissive rules, have to have an analyst go through log file after log file, which is just impossible. Versus just setting Tufin, letting it run for a couple of weeks, then going back and looking at the results. That has definitely been a big win for us. The policy comparison reporting has been a definite big improvement for our organization. We've used it to give read only access to look at actual policies for different departments who might not necessarily need access to the actual firewalls. This has created some efficiencies for us because an engineering team can go in and check to see if they need to engage us for firewall rule changes without having to engage us first, because they have the direct access. The solution has helped us meet our compliance mandates. We use the policy browser metadata to do documentation for rule justifications. That is what we supply to our external auditors. View full review »
Nathan Hulsey
Firewall Architect at a financial services firm with 10,001+ employees
When it comes to the turnaround of firewall rule requests, it used to take about a week to implement and have the customer test for firewall access. Now, it can take just one day. The implementation itself takes a minute or two. For the customer, it may take the rest of the day, by the time that the policy is installed and the customer tests, either that evening or the next day. While I'm not involved in the leadership, I believe the solution has helped us to meet our compliance mandates: from a firewall perspective, as well as an audit perspective, as well as review of the rules and source and destination port requests. As for ensuring that security policy is followed across the entire hybrid network, we're getting there. That's part of why we implemented Tufin. We are implementing that across our multiple offices. Once we get to that state, it will ensure that security policy is followed. Finally, using the solution, our engineers are spending less time on manual processors. View full review »
Tch32Dr8392
Technical Director at a tech services company with 201-500 employees
The key, convincing element that made our customer go with Tufin is that they have the ability to centrally monitor and view all changes that have been made in the network, and they are able to revert any problems that they encounter, if somebody has made a problematic change. View full review »
William Temple
CyberSecurity Supervisor at a energy/utilities company with 10,001+ employees
Using this solution has drastically cut down on our implementation time. A customer is able to submit a request for access and Tufin will automatically analyze the system to find out where the rule needs to go, and then design the rule for you. It was a very, very cumbersome process that has been cut from months to days. Some access requests used to take two months to get through the system, whereas now the average is eight days or less, and we even have a same-day turnaround in some cases. Our engineers spend less time on manual processes. The improvement is drastic, from months to days. Every single request that comes through, Tufin checks and does a risk assessment against our USP, the Unified Security Policy. This solution has helped us from a compliance standpoint. During an audit, we were able to pull up the policy browser within the system and show the auditors where the rules actually live, and then show them in the firewall as well. Moreover, we could then show them the ticket and the request, along with the business justification and the entire history behind each individual rule that's in the firewall. Tufin helps us ensure that the security policy is followed across our entire hybrid network. We have Palo Alto firewalls, Cisco firewalls, and VMware NSX firewalls as well. Tuffin sees all three of those. Every access request that comes through is checked against the USP to make sure that we're not violating any policies, and we're in compliance. View full review »
ManagerOc5c3
Manager of Security Engineering at Global Payments inc
We got Tufin from a company that we acquired, so its helping us do mitigations there. Now, we are extending the scope and implementing it in our HQ, as well. It has helped for PCI and compliance. The solution helps us ensure that security policy is followed across our entire network. It is important to configure and define all the networks right. One of the primary reasons why we want to use Tufin is currently we are having issues with companies from overseas who manage our firewalls. It is very inefficient where they say that they have implemented the rules, then later on we find out the implementation has not been done properly and they are missing firewalls. Hopefully, once we fully implement this tool, it should be able to tell us if firewall rules are missing. It should be able to tell them before they communicate with us. After the implementation, we can verify and make sure that everything is working and do all the validations. View full review »
Tom Loeber
Services Engineer at AccessIT Group
It reduces human error and speeds up the whole change process. The change workflow process is flexible and customizable. There are five default workflow processes out-of-the-box. However, every customer is different. Everybody has a different request process. That is why it's so customizable. You can add another step, you can delete a step, or you could put in an exception. It is very flexible. We use this solution to automatically check if a change request will violate any security policy rules. E.g., we will not be allowing SSH to the Internet. That is one change request where we can be like, "Put that right on top of the policy." This solution has helped us to meet our compliance mandates, especially with the default out-of-the-box templates, then you can create your own. This solution helps us ensure that security policy is followed across our entire hybrid network. You can have a Unified Security Policy which reaches across all networks, so if you are having a change submitted, it doesn't matter if you're enforcing it or not. You can get an alert saying, "This is a violation." That's a value-add. View full review »
Shaun Slatton
Automation Engineer at Cox Communications
We make use of the ability to automatically validate changes to security policy rules. For example, we have four workflows currently in SecureChange, and for two of these workflows, the very first thing that we do in response to a policy request is to evaluate it. We check to see if the new policy is needed or not, and we determine how to proceed from there. The biggest benefit for us is from an efficiency perspective. The longest part of our firewall policy implementation has been verifying the network and finding out where policy needs to be put in place. Tufin takes this job down from a day, to sometimes five minutes. This solution provides a more organized manner for us to track towards compliance for our PCI audits. View full review »
Arnold Adu-Darko
Infrastructure Engineer Specialist at a healthcare company with 10,001+ employees
Using the workflow has made it easier to get approval from the manager or the CISO. Whereas earlier we used to send an email, it is now a very easy process to get approval. I have not used the Tufin workflow to clean the firewall rules, but I have used the reports to assist me. I have built reports based on six months worth of data, then selected the rules that were not needed and performed the firewall cleanup accordingly. Now that we have SecureChange and the workflow, I think that I should use the workflow to clean the firewall rules. However, to this point, I have been using the Tufin report. The rule cleanup and checking for rule violations are not any easier for a technical person, as they are firewall operators. At the same time, it is very much easier for the management team, such as the CISO or company managers, to perform these tasks. With respect to visibility, many vendors claim that they are number one on the market. What I can say is that Tufin works with the Check Point firewall and the Fortinet firewalls, and this is helping us. This solution has helped us with meeting our compliance mandates. Based on the company standards and guidelines, we configure the USP. When somethings violates it, we can make a decision whether to approve it or not, based on whether it is complying with company policies. View full review »
Mahendra Neopane
User at Daimler AG
It saves space in our Check Point database. We are able to manage the Check Point firewalls and our Fortinet firewalls through Tufin. It provides us with good correlation. The approval process is a lot easier through the workflow. Also, the firewall cleanup is a lot easier with Tufin. The USP violations process is not easier for us, the technical firewall operators, but it makes things much easier for the management team, including the CSO. Once we build the USP and they approve it, they can then blindly approve based on the USP results. But it is not that convenient for us. It has helped us meet compliance mandates. We configure the USP based on the company's standard policy and guidelines. If something violates the USP we will know, and then we can make a decision to approve or reject. It is helping in complying with the company's policies. View full review »
Jeffrey Belanger
Security Consultant at a insurance company with 10,001+ employees
This solution has somewhat helped us with meeting our compliance mandates. We’re still working on it, and it’s a work in progress, but we’re better than we were. Using this solution has helped to reduce the time it takes us to make changes. Our average was about five business days, and we’re down to same-day delivery. For some of our environments like QA and non-production, where we allow changes during the day, they can be done right away. Our engineers are spending significantly less time on manual processes. View full review »
NetworkEae6b
Network Engineer at a healthcare company with 10,001+ employees
We use Tufin to clean up our firewall policies. From an auditing perspective, it is centrally managed in one place for all of our firewall vendors. One of the biggest quick wins that we had with Tufin was cleaning up our firewall policies and rules. We cleaned out a lot of rules which helped our devices, longevity-wise, as well as speed-wise. View full review »
Associate8c2
Associate Director Program Management at a pharma/biotech company with 10,001+ employees
We use Tufin to clean up our firewall policies. It very easily shows us what is not used, so we can take it out. It shows us head counts as well, so if something is used once or twice a year, that might not be something we want to keep. Thus, we can have the conversation. We also like how it has a business owner of the firewall policy, so we'll be filling that in. So, those people will be involved ongoing with the approvals. This solution has helped us meet our compliance mandates by providing visibility into firewall rules. Today, we can check to see how our lockdowns have gone and what unusuals are still there. We have a long way to go, but we've done a lot already. We were hit by the NotPetya attack. Therefore, our whole company and all its sites were down for several months. So, you don't have an attack like that and not need something like Tufin. Other companies can prevent these attacks, or at least slow them down, by having this type of a tool. We will never go back. In the future, we will be using this solution to automatically check if a change request will violate any security policy rules. View full review »
Mohd Majmi Mohamad
Regional OSH at Pos Malaysia Berhad
There was no issue with slowness, especially when it came to pulling the data in real-time. Tufin was able to automatically check if a change request would violate any security policy rules. During our PoC I tested it by trying to do unauthorized changes and Tufin met our requirements. We are looking to become ISO 27001 certified for information security management. We need a solution like this for the audit side. They need to be able to check our firewall policies. View full review »
Managerfac3
Manager at a manufacturing company with 10,001+ employees
We use Tufin to automatically check if a change request will violate any security policy rules. One of the things we want to do is to have a blacklist/whitelist policy. A blacklist of things that can never be allowed and a whitelist of things which are always allowed. I want this tool to block or report ports that should not be used, putting somebody in a change. In addition to that, I want it to be able to block people from mapping IP addresses in North Korea, Iran, or whatever is on the blacklist. Our corporate policy mandates that we can only make changes to our firewalls daily. Once we get ServiceNow integrated with our whitelist policy, Tufin should be able to initiate the change and get us to reduce time. It should help us meet our compliance mandates going forward. It is replacing AlgoSec. View full review »
InfoSecC1266
InfoSec Consultant at a insurance company with 10,001+ employees
We use Tufin to clean up our firewall policies, and it has benefited us by reducing our policy set. It has sped up the change request process as an overall whole. This solution helps to ensure that our security policy is followed across the entire hybrid network. We are able to see both on-prem and cloud, and whether there are things preventing on one side or the other. The time that we require to makes changes has been reduced from weeks to days. Our engineers are spending less time on manual processes, with the majority of our tickets being same-day. View full review »
Securitya49e
Security Engineer at a government with 10,001+ employees
This has helped us to better clean up and audit changes to the firewall policy. Also, giving access to the other teams without giving them direct access to the firewalls, themselves, is very helpful. This solution has also saved our architects time. They are unable to view the firewall policy directly, so they use this product to find the rules that they need. If something is being moved then they can easily create a document that has all of the existing rules. View full review »
Samuel Taxis
Information Security Engineer at a tech company with 1,001-5,000 employees
My team uses it heavily to audit the changes made by junior engineers, going back and figuring out what they messed up, and correcting their mistakes. We generate reports for customer compliance and audits, as well as for regulatory audits. We use it to generate reports that we are in compliance, but don't necessarily use it to mitigate any compliancy requirements then only to report on them. View full review »
John Fulater
Security Engineering at a financial services firm with 10,001+ employees
The solution's visibility is excellent for Check Point. There's a new feature that validates standards. It allows the checks and balances against it, so it doesn't even go forward. It just says, "You're not right. Do it again." We just got done with major audits. Tufin was able to provide information to give back to people, and say, "Hey, this is what I need to do, and what we're doing." It's working on helping us meet our compliance mandates. We're a bank, so we're always chasing it, but it is helping us a lot. Rule recertifications are our biggest thing. However, what happens in the world of firewalls is people will put in rules to get what they need but don't ever clean them up when they stop using them. View full review »
Ed Aguila
Senior Network Engineer at a pharma/biotech company with 10,001+ employees
The number one benefit this solution provides is time savings. Both I and another engineer save hours upon hours of work spent creating reports, which Tufin now does for us. This is reclaimed time now well spent on other things. Tufin has done a very good job in improving upon the USP policy for violations. Our engineers save quite a bit of time that was previously spent on manual processes. View full review »
Joseph Yanacheck
Security Compliance at Caterpillar Inc.
We use this solution to clean up firewall policy, although I do not personally do it very often. The change workflow process is flexible and customizable. We have a couple of custom components, and my colleague was able to put them together in five minutes, so it seems pretty flexible to me. The solution automatically checks to see if our change request will violate any of our security policy rules. This helps with general risk assessments, and when we transfer data between security zones over certain ports. It really benefits us, as well as the users who submit the rules, because they're not all familiar with all of the rules that are in place. Implementing this solution has made everything faster. With the introduction of SecureChange, I think it has been easier for the average person to become a firewall rule setter. Using this solution helps us to meet our compliance mandate. It does this by making everything quicker, which makes it easier to meet our SLAs. This solution helps to ensure that the security policy is followed across our entire network. It leaves less wiggle room for people to venture out and make exceptions because it does the thinking for us. We follow it's recommendations, so there is less compromise. View full review »
Networki9624
Networking Engineer at a comms service provider with 1,001-5,000 employees
Tufin has made handling firewall rule request tickets more centralized and easier to manage. We have previously use Tufin to clean up our firewall policies, but we are not doing that currently. View full review »
NetworkS6585
Network Security at a transportation company with 10,001+ employees
The visibility is very good. We have managers who are overseeing it, and they are approving things through it. The whole process is flexible and customizable. We are building the matrix, then we're putting in exceptions. We have to add manual exceptions into it, and they have to come to us first before they can get it approved, which is good. We use this solution to automatically check if a change request will violate any security policy rules. Similar to what we are doing with Azure, where they request a change, and if it violates policies, it gets kicked back. Then, we have to review it and figure out what they're doing. We can then move forward with it, if it's approved. View full review »
Shawn Babinyecz
Cyber Security Engineer at a healthcare company with 10,001+ employees
It has very good visibility with all our devices. We can see how they interact with each other, and if we're doing the right things or not. We find it to be flexible. If we have a change that needs to be done, it will go ahead and do it for all our devices, regardless of the manufacturer that we have associated with it. We are still in the beginning phases of it, but we're hoping that it can change how all of our policies are determined and implemented. View full review »
Securitye949
Security Engineer at Allegiant Air
Tufin is our audit trail for all changes. We have to be PCI compliant, and it is the tool that we go to for enforcing PCI on the network side. The change workflow process has customizable and functional for us. It has helped us meet our compliance mandates. View full review »
Infrastra69d
Infrastructure Analyst at a manufacturing company with 10,001+ employees
With respect to visibility, my impression is that it will do what we need it to do, but it will take some work. We have tested the system to see if it will automatically check to see if a change request will violate any security policy rules, and it will do what we need. We intend to use this feature in production. We expect that this solution will help us to meet our compliance mandates. View full review »
David Higgins
Senior IT Analyst at Exelon Corporation
This solution has helped us to speed up our review process. After we do make a change, we're able to quickly review what has actually changed. This solution has helped us with compliance because we're able to map out certain firewall rules against compliance requirements, and we're able to write reports to show us exactly what our firewalls look like in those areas. View full review »
Consulta38b6
Consultant at Sirius Computer Solutions
The visibility is pretty good because it's a cross-vendor platform, so it provides visibility across different vendors. We use this solution to automatically check if a change request will violate any security policy rules. We have a huge policy base, and we have certain compliancy requirements which we have to meet for the rules that we have. If we are planning to have a change in the policy base which could possibly violate the compliancy requirements, then we'd get the help of the tool to alert us in a way, which would make us aware of that. It makes us aware when there will be any compliance violations possibly, and we can pro-actively prevent those violations from happening. View full review »
NetworkSc6b0
Network Security Analyst at a energy/utilities company with 10,001+ employees
We actually review our firewalls now. Before we started using Tufin, our firewalls never got reviewed and we had no idea what was on them. We use Tufin to clean up our firewall policies. This makes it a lot easier to find out the things that are wrong. It removes things which shouldn't be there. It has helped with that. Things that don't get used anymore and nobody tells us that they have been retired, it helps us identify those items. Then, once we get the compliance piece going, it'll help us make sure nothing violates policies. View full review »
Security4691
Security Engineer at a manufacturing company with 10,001+ employees
It has allowed us to be more efficient in our processing of firewall requests. We use this solution to automatically check if a change request will violate any security policy rules. Every change request has to go through a security approval step, but we also leverage the Unified Security Policy to automate some of that decision-making. View full review »
Jim Robinson
Senior Specialist at Cigna
When I was using Tufin for analysis, there was a tool that would tell me which rules could be consolidated. It was amazing and helped me to clean up the firewall policies. We use this solution to automatically check to see if change requests will violate any security policy rules, but I do not have any specific details or examples. Tufin is the only multi-vendor firewall tool that is available, and it helps to bring everything together and report on what all of the rules are. This solution helps to ensure that security policy is followed across the network because it is the main tool that non-technical security people use to keep track of firewall rules. Without it, they wouldn't even know where to begin. View full review »
ITManage3885
IT Manager at a financial services firm with 10,001+ employees
We use this solution to clean up our firewall policies. Prior to using this solution, and according to our best practices, we didn't have a baseline of the security poster that we have with our rule sets. Now, with this reporting, we're able to provide that to our management. It has helped us meet your compliance mandates. We are getting this from the data and reports. This was one of our requirements. View full review »
SrAdvisof832
Senior Adviser Cyber Security at a comms service provider with 10,001+ employees
Some clients wanted to have more latitude with root deployment. Instead of deploying through us every time, they want to deploy a new root, making quick roots or small roots, like adding an object to a root. They now have the possibility to go direct. It has helped our clients to meet their compliance mandates. They will ask us for evidence that we can provide them. View full review »
Salvador Teran
Network Security at a tech services company with 5,001-10,000 employees
The change impact analysis has been very good. We continue to improve. The change workflow process is flexible and customizable. Right now, we are using SecureChange, which is improving the rules that get applied to Check Point. We use the solution to automatically check if a change request will violate any security policy rules by generating a Sunday email report in these type of situations. Using the Tufin reports, for internal and external audits, is a way we can demonstrate how we made compliance. After any of the observation that we get from the audits, we just run the reports one more time to see if our changes are being successfully applied and everything is working according to the requirements. Tufin has been very helpful to get a lot of groups changed and getting all the information inputted on a tool, then later to applied on the device. View full review »
SrInfoseb35c
Senior Information Security Architect at First Citizens Bank
One of the main things is to look at what policies haven't been hit, so we can remove those remnant policies when people come in, use it, and it's still left on the Check Point. So when a couple of users say, "This is not needed anymore." We'll remove it. View full review »
TeamLeadc1d6
Team Lead of Border Protection at a manufacturing company with 1,001-5,000 employees
The biggest benefit for us was the time frame to complete a ticket. It went from approximately a week and a half to two weeks down to about three days. We use it to clean up our firewall policies, which gives us better security policy and less junk on the firewalls. Risk analysis is automatically in our policy. View full review »
Christian Myers
Consultant at Critical Design Analytics
We use Tufin to clean up our firewall policies. They already have the compliance policies sort of prepopulated in there to point out violations. Most customers will go through and check the USP to see if it violated with the designer tool. We are in the process of working with a customer right now to set up the Unified Security Policy (USP). We got all the violations from the first phase and will go through to do the mediations, then run the scan again to show the progression of the clients. View full review »
Security7b20
Security Engineer at a insurance company with 201-500 employees
We find that the change workflow process is flexible and customizable. If we want to change approvers, that is very easy. If we wanted to add a step or get rid of a step, this is easily customizable. We are using the visibility with notifications on every firewall change and what those changes were. We have visibility to see who is making the changes, and when. This is the biggest thing because we are underutilizing the product right now. This solution has helped us meet our compliance mandates. Everything is all auditable. Every change is tracked down to the person and time. View full review »
Viktor Vera
Head of IT Security at Banco Privado
We use Tufin to clean up our firewall policies because it is so fast. A report about compliance and the clean-up process used to take about one month up before. With Tufin, it takes only one day. Implementing roles in the firewall used to take two days, but now, it takes two hours. The audit and policy relation reports have helped me show compliance to managers. The product helps my cybersecurity team. Now, my cybersecurity team spends their time creating new controls for new technologies. View full review »
HugoSanchez
Security Analyst at Equifax Inc.
The auditing reports generated by this solution help us to find issues. This solution has helped us to meet our compliance mandates. We have very strict standards and security policies that we must follow. This tool is very flexible for the management team. It also helps us to ensure that our security policy is followed across our entire hybrid network, but we have a lack of security in some points. View full review »
ITSecuri31c4
IT Security Analyst at a retailer with 10,001+ employees
The solution has helped us to meet our compliance mandates. We have to be PCI and SOX compliant. Some of these rules and systems might meet those requirements. Knowing which system can talk with which system is definitely helpful in that sense. This solution has helped us reduce the time it takes to make changes. View full review »
SrNetwor9adb
Senior Network Engineer at a financial services firm with 1,001-5,000 employees
Change management tracking is important: Who does what when. We know if something happens by checking the reports and comparing. We know exactly what mistakes were made and corrections. In a financial organization, there are so many approval processes. At the designing levels, you can add any number of layers (for approval/decline), add qualifications, and traffic flow analysis. Because it is a predefined customized, we can define whatever we want it to be and add the exceptions. View full review »
Erik Johansen
Manager at PG&E Corporation
We use Tufin to clean up your Firewall policy. We can look at the historical rules and find out what is violating our USP, then make a change accordingly. This solution has helped us to meet our compliance mandates. We implemented the Unified Security Policy (USP). This helped enforce our compliance requirements. We have mitigated and remediated issues that have been brought forth due to that USP showing us issues. View full review »
Profferefb28
Professional Services Engineer at a tech services company
I tested it for the change orchestration. That is what my evaluation recently was specifically for. While the product was a little slow, it did look full-featured. View full review »
SeniorCofe32
Senior Consulting Manager at a tech services company with 10,001+ employees
Tufin has improved my organization with its configuration management. It has tremendously improved operation's success and has made life easier. It has also increased the amount of gateways there, which has really helped us. Information is readily visible. Tufin has ensured that the security policy is followed across our entire hybrid network in the way that it has given us what is in place now. We're trying to impose the security policies of the organization. There is still time to get in there. View full review »
Security1d40
Security Analyst at a government with 1,001-5,000 employees
The change work flow process is flexible and customizable. We found it pretty easy, particularly when we were implementing new rules and with our cleanup. We found that the rule change was fairly easy to implement. It has allowed us to monitor rule changes. This way we know exactly what would happen behind the scenes in the event of an after-hours change. View full review »
NetworkS3480
Network Security at a insurance company with 1,001-5,000 employees
The product is good at auditing the changes that we make in our environment. We use this solution to automatically check if a change request will violate any security policy rules. For example, if the engineer is making a change that hasn't been authorized, we will know about it. The product streamlines our change management process. It assists us in reporting on some of the compliance for our auditing department. It helps us in managing the process and having some auditing capabilities. View full review »
reviewer1188195
User
The workflows save time and speed up the authorization processes for applications. For network operators, it enhanced visibility. For application operators, it increased knowledge of dependencies and also provided them with impact awareness. View full review »
reviewer1185804
User
Using this solution saves us time and money. The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs. We are able to perform an inventory analysis for colleagues. View full review »
Firewallcf07
Firewall Administrator Security Engineer at a comms service provider with 1,001-5,000 employees
We use Tufin to clean up our firewall policies of unused policies. It gives our firewall administrators visibility into the total infrastructure. View full review »
ITManage3885
IT Manager at a financial services firm with 10,001+ employees
The change workflow process is flexible and customizable. It has helped us to meet our compliance mandates. We have some requirements that we need to provide more visibility on the risk levels of our firewall base, and Tufin helped us with that requirement. View full review »
reviewer1185783
User
Due to the usage of Tufin, we reduced the manual effort during audits to a minimum. The central place to request Firewall Rule Changes supports our Operation teams in a multi-supplier environment on a daily basis. View full review »
Marko Martin
Technical Team Lead at Paragon
We have a better view of our compliance status. Most of our network is on-premise, so we don't have a cloud. We don't have a hybrid network, but it provides visibility for what we do have right now. View full review »
NetwEng3023
Network Engineer at a tech services company with 11-50 employees
Before, we had to manage each file individually. Now, they can all be managed as a single entity. View full review »
ITSecuri46f3
IT Security Professional at a pharma/biotech company with 10,001+ employees
Our company has a grid, and there are different blocks of public domains and internal domains. It checks all that on our security grid. That has been customized by our administrator. Tufin allows our say junior guys to learn how to view policies. It gives them a tool that will help them consolidate and optimize. View full review »
ChiefInf4325
Chief Information Security Officer at a tech services company with 501-1,000 employees
It provides me great insight into my firewalls across my organization. We are able to stay compliant with many of the regulations. View full review »
Valentino Kusmic
Owner at a tech services company with 1-10 employees
We now spend less time auditing rules with reports: * The designer helps us in creating rules * It tells us what rule is missing and where to put it. * The predefined reports are then sent to administrators. * It provides an exact image of how to improve security. View full review »
Peter Cheng
Owner at SIS International HK Limited
Tufin assists us in maintaining a robust view of our internal network topology. This topology may be built with a certain period, but it saves lots of operational and audit time in the long run. View full review »
NetwEng3023
Network Engineer at a tech services company with 11-50 employees
Now we can confidently remove firewall rules that are not needed and make the configuration of firewalls more strict. View full review »
Davison Marques
Regional Manager at a tech services company with 11-50 employees
The solution helps us meet our compliance needs. View full review »
Carlo Gardener
Security Engineer with 1,001-5,000 employees
Tufin allows us to perform self-audits and use rule-based accountability. View full review »
Find out what your peers are saying about Tufin, AlgoSec, FireMon and others in Firewall Security Management. Updated: October 2019.
372,374 professionals have used our research since 2012.
Sign Up with Email