Tufin Orchestration Suite Benefits

Amroy Lumban Gaol - PeerSpot reviewer
Information Security Engineer at a financial services firm with 10,001+ employees

I am improving rules for hundreds of firewalls to increase security and rigidity with confidence that the solution is handling it well. 

View full review »
DS
Network Engineer Lead at a energy/utilities company with 10,001+ employees

It has helped us immensely on the compliance side. We are able to look for overly broad rules. E.g., rules with any-any using the USP to see if we have violations. This was pretty impossible to do before by just looking at the CLI on the firewall and spreadsheets.

We use Tufin to clean up our firewall policies. The biggest use in the last couple of months has been to pull rules out of firewalls rather than putting them in. We're cleaning up and pulling rules out.

We use this solution to automatically check if a change request will violate any security policy rules. Even though we've been using the product for several years, we've just now started rolling out SecureChange, updating our USPs, and building USPs. We are using those to do security checks.

This solution helped us meet our compliance mandates. With the USPs, we can control what is being put in, then we know when violations are occurring ahead of time.

View full review »
MH
Network Security Operations at a insurance company with 10,001+ employees

We use this product to sharpen our change cycle. A request used to take quite a while as we did manual assessments. A lot of that is now done through SecureTrack. 

At this stage, we are doing only manual checks. We are only using SecureTrack to verify the flows through Tufin. At a later stage, when we will also automate certain types of rules to be done through SecureChange, this will tremendously help us. We are not there yet, but this will help us in terms of time and resource costs.

In the past, we would do certain things because of private knowledge of people's own understanding of the network. We don't have to rely on just that piece of it, because of the topology. We now know which firewalls come into play. 

We use Tufin to help us clean up the firewall policies. It provides very easy reporting. We get all the aged or unused rules listed very quickly, as soon we run the report. It's a quite easy way of doing it. However, we have not automated our process. We are hoping that at some point that we will be in a position to automate that process.

We use the solution to automatically check if a change request will violate any security policy rules. If a request comes in, and it is from an Internet zone going straight out to an inside secure zone, then we definitely flag it. There are other policies that we find in our USP, which we flag. These are the type of things that we check.

We definitely use the compliance reports, which has simplified things. However, we haven't fully integrated it into the GRC process with Tufin yet. The desire is to make sure our GRC resources are fully aware and engaged in our Tufin deployment.

We are leveraging some components to provide reports for our GRC process, but there is no plan to integrate those processes. Those are run by different teams. We were planning to integrate our ticketing system (ServiceNow) with Tufin, which is ongoing. We are working on that now.

View full review »
Buyer's Guide
Tufin Orchestration Suite
March 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
EJ
Manager at PG&E Corporation

We use Tufin to clean up your Firewall policy. We can look at the historical rules and find out what is violating our USP, then make a change accordingly.

This solution has helped us to meet our compliance mandates. We implemented the Unified Security Policy (USP). This helped enforce our compliance requirements. We have mitigated and remediated issues that have been brought forth due to that USP showing us issues.

View full review »
PM
Senior Network Engineer at a financial services firm with 10,001+ employees

It has improved our organization through the beginning of automation. It has also helped in terms of auditing. Tufin is a convenient way for us to show and prove what changes were done, when they were done, and by whom they were done.

Tufin also helps ensure that security policies are followed across our entire hybrid network. We use the USP, Universal Security Profile, which is governed by our cyber team. That team sets up the parameters and then, through the automation, when a request comes in, the first thing it does is check if it meets or violates. If it violates, it sends it right back to the requester. Another way we do it is that when somebody puts a request in, it goes through the USP. Then the cyber team combs through it to make sure that whatever service they're asking for can happen. For example, if someone wants Dev going to the internet, of course that's not going to happen. They'll filter all that out before it comes to us. Once it comes to us, we'll implement it, and then we comb through all the reports and make sure that nobody missed anything.

It also helps expedite changes.

View full review »
EA
Senior Network Engineer at a pharma/biotech company with 10,001+ employees

The number one benefit this solution provides is time savings. Both I and another engineer save hours upon hours of work spent creating reports, which Tufin now does for us. This is reclaimed time now well spent on other things.

Tufin has done a very good job in improving upon the USP policy for violations.

Our engineers save quite a bit of time that was previously spent on manual processes.

View full review »
RL
Director at Visa Inc.

It is definitely a time saver. We can process more rules on a daily basis. It allows the customers to request their own rules. Sometimes, they need a little help, but they can submit it. As long as it passes the risk analysis, because it has to get through our NSA group. We just apply and push it that night.

We use Tufin to clean up our firewall policies. It benefits us, because you can run a query for whatever your cleanup criteria is, e.g., "Has it been hit in 90 days?" It displays the list, then you can see the rules right there. If you want to get rid of it (or highlight it), then it creates a ticket that goes ahead and flags them all as disabled. While you can delete them, we always disable first. Then, we have a strip that comes back, and if it's been disabled for 90 days, then the system will remove them.

The change workflow process is flexible and customizable. When we first got it, Tufin created a workflow based on our requirements. Since then we have modified and tweaked it. We added in Palo Alto, and we just keep adding steps. We can also add scripts. We have multiple scripts for a workflow, which makes it very flexible. You write the script and plug it into the workflow, then it's working.

We use the Unified Security Policy to automatically check if a change request will violate any security policy rules.

This solution has helped us ensure that our security policy is followed across our entire hybrid network. It is the same Unified Security Policy editing each request. It is the same set of rules. If it's good enough for Check Point, then it will be good enough for Palo Alto, and it's all zone based.

View full review »
SE
Security Analyst at a retailer with 10,001+ employees

We use it to aid with firewall reviews. We don't have SecureChange active, but we can take the info and use it to help. We have found a lot to work with.

Tufin has been helpful with making sure all parts of our organization are following change management:

  • If you are changing rules, then you have tickets, and there is the approval process associated with it.
  • Seeing people are sticking with those temp rules, if they end up staying there for awhile. 
  • Sometimes, there are just bad rules where something that should've been "deny" and should not be allowed.

Those are more direct examples without getting too far into the weeds.

It is greatly aided in helping us meet our compliance mandates. There used to be manual reviews for certain compliance requirements. Now, this solution helps automate a lot of that, and even the parts which are still manual. It's a lot more comprehensive than trying to read raw text files of the configs and making sense of those.

The solution helps us ensure that security policy is followed across our entire hybrid network. It is like a centralized single pane of glass where comprehensively shows things, especially coupled with the Network Topology piece that they have. You can say, "Here's where the DMZ is, and here's that. These are the amount of firewalls crosses this through." Whereas before, it was this big spreadsheet of all the firewalls and zones. Except for like two or three legacy knowledge people, no one really understood how it flowed before Tufin.

It has helped us troubleshoot, e.g., why isn't this still working? "Oh, they put it on the wrong firewall or they typoed it." The solution has helped with that.

The firewall reviews for compliance used to be a more labor intensive process. It used to take a few months, and now, it's down to just a couple of weeks.

View full review »
AB
Manager of Security Engineering at Global Payments inc

We got Tufin from a company that we acquired, so its helping us do mitigations there. Now, we are extending the scope and implementing it in our HQ, as well. It has helped for PCI and compliance.

The solution helps us ensure that security policy is followed across our entire network. It is important to configure and define all the networks right.

One of the primary reasons why we want to use Tufin is currently we are having issues with companies from overseas who manage our firewalls. It is very inefficient where they say that they have implemented the rules, then later on we find out the implementation has not been done properly and they are missing firewalls. Hopefully, once we fully implement this tool, it should be able to tell us if firewall rules are missing. It should be able to tell them before they communicate with us. After the implementation, we can verify and make sure that everything is working and do all the validations.

View full review »
VT
Senior Network Engineer at Commercial Bank of Romania

The solution has made our operation a lot simpler. We are able to track changes in our network

View full review »
BW
Change Manager at a pharma/biotech company with 10,001+ employees

The additional visibility into network path analysis is really helpful. The ability to provide assistance with role clean up will be helpful as well.

Part of the work that one of our firewall implementation teams is doing is a justification process right now. I think that a clean up is included as part of that effort.

View full review »
WT
CyberSecurity Supervisor at a energy/utilities company with 10,001+ employees

Using this solution has drastically cut down on our implementation time. A customer is able to submit a request for access and Tufin will automatically analyze the system to find out where the rule needs to go, and then design the rule for you. It was a very, very cumbersome process that has been cut from months to days. Some access requests used to take two months to get through the system, whereas now the average is eight days or less, and we even have a same-day turnaround in some cases.

Our engineers spend less time on manual processes. The improvement is drastic, from months to days.

Every single request that comes through, Tufin checks and does a risk assessment against our USP, the Unified Security Policy.

This solution has helped us from a compliance standpoint. During an audit, we were able to pull up the policy browser within the system and show the auditors where the rules actually live, and then show them in the firewall as well. Moreover, we could then show them the ticket and the request, along with the business justification and the entire history behind each individual rule that's in the firewall.

Tufin helps us ensure that the security policy is followed across our entire hybrid network. We have Palo Alto firewalls, Cisco firewalls, and VMware NSX firewalls as well. Tuffin sees all three of those. Every access request that comes through is checked against the USP to make sure that we're not violating any policies, and we're in compliance.

View full review »
MN
Works at Daimler AG

1. Policy Optimization by using Tufin APG under SecureTrack. If you have a wide open policy, and you want to restrict it into fewer lines of policy based on last 30 or 90 days hits, you can use APG tool to build restrictive policy.

2. Firewall Cleanup: Deletering unused Rules, unsed objects, duplicate objects from firewall database, by using the report created by Tufin under SecureTrack. You can run this report on Tufin SecureChange to delete all the unwanted space. This will save tons of space on your Firewall database.

3. SecureChange Workflow: You can link Tufin to ticketing system to upload the firewall change ticket, and use the workflow to fully automate the firewall change process, from start to finish

4. Topology: If you a good topology, you don't need to see routing table on Firewall, or going through any visio network design to find the L3 networks in your enterprise. Topology under SecureTrack helped me a lot

6. Enterprise Unified Security Policy: Once I do have an Approved Unified Security Policy from the CISO, I don't need to ask approval for each low risk firewall change. USP not only saved CISO busy time, but also increased the efficiency of firewall team. The firewall change request doesn't have to stay in Approver Pending steps

View full review »
AA
Infrastructure Engineer Specialist at a healthcare company with 10,001+ employees

Using the workflow has made it easier to get approval from the manager or the CISO. Whereas earlier we used to send an email, it is now a very easy process to get approval.

I have not used the Tufin workflow to clean the firewall rules, but I have used the reports to assist me. I have built reports based on six months worth of data, then selected the rules that were not needed and performed the firewall cleanup accordingly. Now that we have SecureChange and the workflow, I think that I should use the workflow to clean the firewall rules. However, to this point, I have been using the Tufin report.

The rule cleanup and checking for rule violations are not any easier for a technical person, as they are firewall operators. At the same time, it is very much easier for the management team, such as the CISO or company managers, to perform these tasks.

With respect to visibility, many vendors claim that they are number one on the market. What I can say is that Tufin works with the Check Point firewall and the Fortinet firewalls, and this is helping us.

This solution has helped us with meeting our compliance mandates. Based on the company standards and guidelines, we configure the USP. When somethings violates it, we can make a decision whether to approve it or not, based on whether it is complying with company policies.

View full review »
DH
Senior IT Analyst at Exelon Corporation

This solution has helped us to speed up our review process. After we do make a change, we're able to quickly review what has actually changed. 

This solution has helped us with compliance because we're able to map out certain firewall rules against compliance requirements, and we're able to write reports to show us exactly what our firewalls look like in those areas.

View full review »
JF
Security Engineering at a financial services firm with 10,001+ employees

The solution's visibility is excellent for Check Point.

There's a new feature that validates standards. It allows the checks and balances against it, so it doesn't even go forward. It just says, "You're not right. Do it again."

We just got done with major audits. Tufin was able to provide information to give back to people, and say, "Hey, this is what I need to do, and what we're doing."

It's working on helping us meet our compliance mandates. We're a bank, so we're always chasing it, but it is helping us a lot. Rule recertifications are our biggest thing. However, what happens in the world of firewalls is people will put in rules to get what they need but don't ever clean them up when they stop using them.

View full review »
JC
IT Coordinator at a financial services firm with 10,001+ employees

This solution was a need for our organization to stay compliant and it has helped us in this way.

View full review »
TL
Services Engineer at AccessIT Group

It reduces human error and speeds up the whole change process.

The change workflow process is flexible and customizable. There are five default workflow processes out-of-the-box. However, every customer is different. Everybody has a different request process. That is why it's so customizable. You can add another step, you can delete a step, or you could put in an exception. It is very flexible.

We use this solution to automatically check if a change request will violate any security policy rules. E.g., we will not be allowing SSH to the Internet. That is one change request where we can be like, "Put that right on top of the policy." 

This solution has helped us to meet our compliance mandates, especially with the default out-of-the-box templates, then you can create your own.

This solution helps us ensure that security policy is followed across our entire hybrid network. You can have a Unified Security Policy which reaches across all networks, so if you are having a change submitted, it doesn't matter if you're enforcing it or not. You can get an alert saying, "This is a violation." That's a value-add.

View full review »
JB
Security Consultant at a insurance company with 10,001+ employees

This solution has somewhat helped us with meeting our compliance mandates. We’re still working on it, and it’s a work in progress, but we’re better than we were.

Using this solution has helped to reduce the time it takes us to make changes. Our average was about five business days, and we’re down to same-day delivery. For some of our environments like QA and non-production, where we allow changes during the day, they can be done right away. 

Our engineers are spending significantly less time on manual processes.

View full review »
it_user335712 - PeerSpot reviewer
Senior Network Security Engineer at a retailer with 10,001+ employees

I can run SecureTrack for a week and have a great idea of what’s being used. Ideally, you want to let it run for a year, accumulate data, go over a years’ worth of data and decide what really needs to be cleaned up.

You will see in one report what is being used (IP addresses or services) and what has never been used.

Gone are the days of reviewing logs to figure out, "do I still need this rule/service?" It’s been a really great piece of software.

View full review »
NH
Firewall Architect at a financial services firm with 10,001+ employees

When it comes to the turnaround of firewall rule requests, it used to take about a week to implement and have the customer test for firewall access. Now, it can take just one day. The implementation itself takes a minute or two. For the customer, it may take the rest of the day, by the time that the policy is installed and the customer tests, either that evening or the next day.

While I'm not involved in the leadership, I believe the solution has helped us to meet our compliance mandates: from a firewall perspective, as well as an audit perspective, as well as review of the rules and source and destination port requests.

As for ensuring that security policy is followed across the entire hybrid network, we're getting there. That's part of why we implemented Tufin. We are implementing that across our multiple offices. Once we get to that state, it will ensure that security policy is followed.

Finally, using the solution, our engineers are spending less time on manual processors.

View full review »
AM
Infrastructure Analyst at a manufacturing company with 10,001+ employees

With respect to visibility, my impression is that it will do what we need it to do, but it will take some work.

We have tested the system to see if it will automatically check to see if a change request will violate any security policy rules, and it will do what we need. We intend to use this feature in production.

We expect that this solution will help us to meet our compliance mandates.

View full review »
BS
Service Engineer at G2 Deployment Advisors

I have seen our customers benefit by taking out massive amounts of duplicate objects, and overly permissive rules. Tufin helps to clean up their firewall policies. A common scenario we see is one where clients have a whole lot of shadowed rules, duplicate rules, in their firewall policies. Tufin's Policy Browser allows them to filter them and search for them. They can also search for those rules that violate certain Unified Security Policies that they've defined.

Every single one of our SecureChange customers has seen significant improvement in the time it takes to make a change.

View full review »
it_user340728 - PeerSpot reviewer
Principle Mbr. Tech. Staff at a comms service provider with 10,001+ employees

Having one vendor for both TOS operating system and TSS application makes it much easier to form relationships with Tufin sales, engineering and support, and improves product maintenance.

View full review »
JP
Network Security Analyst at a energy/utilities company with 10,001+ employees

We actually review our firewalls now. Before we started using Tufin, our firewalls never got reviewed and we had no idea what was on them.

We use Tufin to clean up our firewall policies. This makes it a lot easier to find out the things that are wrong.

It removes things which shouldn't be there. It has helped with that. Things that don't get used anymore and nobody tells us that they have been retired, it helps us identify those items. Then, once we get the compliance piece going, it'll help us make sure nothing violates policies.

View full review »
JR
Senior Specialist at Cigna

When I was using Tufin for analysis, there was a tool that would tell me which rules could be consolidated. It was amazing and helped me to clean up the firewall policies.

We use this solution to automatically check to see if change requests will violate any security policy rules, but I do not have any specific details or examples.

Tufin is the only multi-vendor firewall tool that is available, and it helps to bring everything together and report on what all of the rules are.

This solution helps to ensure that security policy is followed across the network because it is the main tool that non-technical security people use to keep track of firewall rules. Without it, they wouldn't even know where to begin. 

View full review »
JF
Managing Director at Midpoint Technology

This solution has helped our clients because it allows them to leverage the tools so that they can actually reduce their overall expenses for the environment. The push is operational, and they've been able to eliminate a number of contractors, thus saving quite a bit of money by using the automation capabilities of Orchestration.

View full review »
it_user399324 - PeerSpot reviewer
Network Lead - Security Architecture at a retailer with 10,001+ employees

I've been trying to clean up the firewall policies that I inherited from different iterations across topology changes -- from Cisco to Juniper to where we are now -- that have never been cleaned up. We're not publicly traded, so there's not a mandate to do so. When I worked in the energy sector, though, there were such mandates, but we weren't properly staffed.

Our current firewall policies never had a full, comprehensive risk rating of every rule, but we have that now. I've implemented different zones for setup so that we're able to get reporting immediately for our PCI environment. We know whether or not we're in compliance. If not, we can fix it immediately without waiting for an outside auditor. We can be proactive.

View full review »
it_user355590 - PeerSpot reviewer
Senior Network Engineer at a financial services firm with 10,001+ employees

From a security standpoint, we have it in place where it will notify us if an engineer inadvertently violates a high-risk rule, and it even does this if they pre-stage a rule, so before they push it we can find out.

From an auditing standpoint, because we get audited three or four times a year, our auditors have access to see exactly what's happening in each firewall, and we've had fewer issues with auditing because of it.

For us, in man hours, it saves about 70 hours a week on checking rules and implementing the changes.

View full review »
MU
Network Security Engineer at Customer Worldpay

The plan is to integrate it into things, like ServiceNow, then use the automation. That was one of the strengths in the decision to stay with Tufin and invest more resources into it. 

My hope is to use this solution to automatically check if a change request will violate any security policy rules. It is not doing any of that right now.

Right now, our compliance mandates are all over the place, but previously, what they were doing is they were just taking screenshots of something, and I don't know how we passed our audits.

I was shocked and appalled that the current network team isn't even using it right now. In previous roles in previous companies, this product (or one of the competing products) was like the lifeblood of how we worked. It was like step two, after picking up a ticket. We went to use this tool to see where we needed to make changes. That they're not doing that explains why they're probably having to do rework 60 percent or higher limitation tickets, because they're missing devices or it is not being implemented properly.

View full review »
BB
Network Engineer at a healthcare company with 10,001+ employees

We use Tufin to clean up our firewall policies. From an auditing perspective, it is centrally managed in one place for all of our firewall vendors.

One of the biggest quick wins that we had with Tufin was cleaning up our firewall policies and rules. We cleaned out a lot of rules which helped our devices, longevity-wise, as well as speed-wise.

View full review »
MM
Regional OSH at Pos Malaysia Bhd

There was no issue with slowness, especially when it came to pulling the data in real-time.

Tufin was able to automatically check if a change request would violate any security policy rules. During our PoC I tested it by trying to do unauthorized changes and Tufin met our requirements.

We are looking to become ISO 27001 certified for information security management. We need a solution like this for the audit side. They need to be able to check our firewall policies.

View full review »
TN
CyberSecurity Architecture Manager at a computer software company with 10,001+ employees

How the solution benefits the organization is something that is currently being tested. We're considering doing something different, as we just used this product as a POC.

View full review »
CM
Consultant at Critical Design Analytics

We use Tufin to clean up our firewall policies. They already have the compliance policies sort of prepopulated in there to point out violations.

Most customers will go through and check the USP to see if it violated with the designer tool.

We are in the process of working with a customer right now to set up the Unified Security Policy (USP). We got all the violations from the first phase and will go through to do the mediations, then run the scan again to show the progression of the clients.

View full review »
VV
Head of IT Security at Banco Privado

We use Tufin to clean up our firewall policies because it is so fast. A report about compliance and the clean-up process used to take about one month up before. With Tufin, it takes only one day.

Implementing roles in the firewall used to take two days, but now, it takes two hours.

The audit and policy relation reports have helped me show compliance to managers.

The product helps my cybersecurity team. Now, my cybersecurity team spends their time creating new controls for new technologies.

View full review »
JS
Senior Network Security Engineer at a retailer with 10,001+ employees

The solution has helped us to meet our compliance mandates. We have to be PCI and SOX compliant. Some of these rules and systems might meet those requirements. Knowing which system can talk with which system is definitely helpful in that sense.

This solution has helped us reduce the time it takes to make changes.

View full review »
JY
Security Compliance at Caterpillar Inc.

We use this solution to clean up firewall policy, although I do not personally do it very often.

The change workflow process is flexible and customizable. We have a couple of custom components, and my colleague was able to put them together in five minutes, so it seems pretty flexible to me.

The solution automatically checks to see if our change request will violate any of our security policy rules. This helps with general risk assessments, and when we transfer data between security zones over certain ports. It really benefits us, as well as the users who submit the rules, because they're not all familiar with all of the rules that are in place.

Implementing this solution has made everything faster. With the introduction of SecureChange, I think it has been easier for the average person to become a firewall rule setter.

Using this solution helps us to meet our compliance mandate. It does this by making everything quicker, which makes it easier to meet our SLAs.

This solution helps to ensure that the security policy is followed across our entire network. It leaves less wiggle room for people to venture out and make exceptions because it does the thinking for us. We follow it's recommendations, so there is less compromise.

View full review »
SF
Specialist in Network Security Operations Support at a financial services firm with 10,001+ employees

In our environment we have two data centers which have the same IP address for service in both. This means that in data center A, server X's IP address is the same as server X's IP address in data center B, but it's sitting in a different firewall. So we are exploring SecureChange to automate the pushing of rules in both gateways at the same time. That way we will be able to track to which firewall, in which data center, we have pushed rules.

It helps us to meet our compliance mandates because we are able to define whatever compliance we are subject to. We are a financial institution so we have to comply with PCI DSS, we have to comply with certain financial rules and regulations. We are able to do that with Tufin.

It also helps ensure that security policies are followed across our entire hybrid network. So far there have been no complaints from the auditor who is checking our firewall rules. The only exception is that, because we have so many requests in a day, some of them are not used yet by the requester. What our auditor sees is only the unused part. But we are 80 to 90 percent compliant.

Finally, I expect it will help our engineers to spend less time on manual processes, that it will cut half of the time spent looking at all the rules and validation. Currently, 70 percent of my engineers' load is looking at rule validation and requests that are not being made correctly.

View full review »
reviewer1185804 - PeerSpot reviewer
Works at a insurance company with 10,001+ employees

Using this solution saves us time and money. The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.

We are able to perform an inventory analysis for colleagues.

View full review »
it_user376773 - PeerSpot reviewer
Global Network Security Specialist at a pharma/biotech company with 10,001+ employees

From the very beginning, Tufin has kept our rule set compact so that we don't have to keep stacking up rule after rule. We still have to analyze and find rules that are too open, but it helps use make the right rules in the right places.

It's also a huge deal to us to be able to see the configurations as they change over time, and to know which firewall is responsible for which segments. It allows us to look at all our firewalls at the same time and not have to SSH one after another. We've got it all right there with Tufin -- one pane of glass that shows us everything.

With new engineers to the company, I pull them aside and show them Tufin. Within one hour, they have all the information they need to start creating firewall rules. It's incredibly easy to use. I can't imagine life should it if it should go offline. It's made a huge difference for us.

View full review »
it_user483792 - PeerSpot reviewer
Director, Enterprise IT Security and Compliance at a transportation company with 1,001-5,000 employees

Not only is it secure to use, but also we put it out to our customers for them to submit firewall requests. We train them on how to fill out a firewall request, which then goes to us for review. There's a lot of work in detailing what changes are necessary for our firewall, but that's more of the technical side. The user side just needs to understand how they submit the request appropriately, and it took Tufin to do that.

One of the reasons we got Tufin was that pre-Tufin, our firewall had more than 1,200 rules. It was very difficult for us to understand when a rule was last used and if it still existed. With Tufin, we're able to manage and say, "Okay this rule was requested, we know who is the author, and we know who it belongs to and to what application." Understanding and visibly seeing what we can do with the firewall rules and how to audit them helps us manage it better.

View full review »
it_user489261 - PeerSpot reviewer
Senior Network Security Engineer at a financial services firm with 10,001+ employees

We use it for pulling your own reports, and checking the existing rule database from different firewalls from different managers.

View full review »
it_user369300 - PeerSpot reviewer
CEO at Irvin Networks

From an organizational standpoint, it can help improve for one by streamlining the change process, assisting and streamlining the change process for firewalls, routers and switching ACLs.

Also, it can help with compliance from an organizational standpoint, maintaining a certain level of compliance. Also, reporting - it provides reporting to auditors for the organizational level that need to provide evidence and for other auditors outside the organisation.

View full review »
GK
Network Engineer at a healthcare company with 10,001+ employees

We use Tufin to clean up our firewall policies. It makes our firewalls and our security-stack devices a little bit more bulletproof. We are in constant compliance and it's nice for us to know what's out there and what's actually being used, from a business standpoint and also from an operational standpoint.

Also, what used to take us a few days to implement from inception to final, is now accomplished within a day. But our goal is to move it to a matter of a few minutes. Overall, holistically, it gives everybody a chance to focus on the more important tasks at hand and to be cognizant of automation as it comes along.

It has also helped reduce the time it takes to make changes. The process used to take a few days to a week. In some cases, given the complexity of our projects, it used to be a little bit more than a week. Now, it has come down to a day or two at the most. We want to shorten that as well, to bring it down even more. But it's far better than what we had many years ago.

Our engineers are spending a little less time on manual processes. There's always that constant time spent to keep the product and the platform up to date but, overall, they're spending a little bit less time.

View full review »
it_user475893 - PeerSpot reviewer
Manager at a pharma/biotech company with 1,001-5,000 employees

We currently use it at the most fundamental levels. There are a lot of advanced features that we've investigated but the real core strength is for our compliance team to be able to pull the rule usage reports.

View full review »
reviewer1185783 - PeerSpot reviewer
Works with 10,001+ employees

Due to the usage of Tufin, we reduced the manual effort during audits to a minimum. The central place to request Firewall Rule Changes supports our Operation teams in a multi-supplier environment on a daily basis.

View full review »
DY
Associate Director Program Management at a pharma/biotech company with 10,001+ employees

We use Tufin to clean up our firewall policies. It very easily shows us what is not used, so we can take it out. It shows us head counts as well, so if something is used once or twice a year, that might not be something we want to keep. Thus, we can have the conversation. We also like how it has a business owner of the firewall policy, so we'll be filling that in. So, those people will be involved ongoing with the approvals.

This solution has helped us meet our compliance mandates by providing visibility into firewall rules.

Today, we can check to see how our lockdowns have gone and what unusuals are still there. We have a long way to go, but we've done a lot already.

We were hit by the NotPetya attack. Therefore, our whole company and all its sites were down for several months. So, you don't have an attack like that and not need something like Tufin. Other companies can prevent these attacks, or at least slow them down, by having this type of a tool. We will never go back.

In the future, we will be using this solution to automatically check if a change request will violate any security policy rules.

View full review »
BB
Network Engineer at a energy/utilities company with 10,001+ employees

We use Tufin to clean up our firewall policies. We use an automatic policy generator. This is huge for us because certain rules, especially if they're overly permissive rules, have to have an analyst go through log file after log file, which is just impossible. Versus just setting Tufin, letting it run for a couple of weeks, then going back and looking at the results. That has definitely been a big win for us.

The policy comparison reporting has been a definite big improvement for our organization. 

We've used it to give read only access to look at actual policies for different departments who might not necessarily need access to the actual firewalls. This has created some efficiencies for us because an engineering team can go in and check to see if they need to engage us for firewall rule changes without having to engage us first, because they have the direct access. 

The solution has helped us meet our compliance mandates. We use the policy browser metadata to do documentation for rule justifications. That is what we supply to our external auditors.

View full review »
JJ
InfoSec Consultant at a insurance company with 10,001+ employees

We use Tufin to clean up our firewall policies, and it has benefited us by reducing our policy set. It has sped up the change request process as an overall whole.

This solution helps to ensure that our security policy is followed across the entire hybrid network. We are able to see both on-prem and cloud, and whether there are things preventing on one side or the other.

The time that we require to makes changes has been reduced from weeks to days.

Our engineers are spending less time on manual processes, with the majority of our tickets being same-day.

View full review »
SS
Automation Engineer at Cox Communications

We make use of the ability to automatically validate changes to security policy rules. For example, we have four workflows currently in SecureChange, and for two of these workflows, the very first thing that we do in response to a policy request is to evaluate it. We check to see if the new policy is needed or not, and we determine how to proceed from there.

The biggest benefit for us is from an efficiency perspective. The longest part of our firewall policy implementation has been verifying the network and finding out where policy needs to be put in place. Tufin takes this job down from a day, to sometimes five minutes.

This solution provides a more organized manner for us to track towards compliance for our PCI audits.

View full review »
FG
IT Manager at a financial services firm with 10,001+ employees

We use this solution to clean up our firewall policies.

Prior to using this solution, and according to our best practices, we didn't have a baseline of the security poster that we have with our rule sets. Now, with this reporting, we're able to provide that to our management.

It has helped us meet your compliance mandates. We are getting this from the data and reports. This was one of our requirements.

View full review »
it_user884007 - PeerSpot reviewer
Network Architect at a transportation company with 10,001+ employees

With path analysis, you can specify a source, a destination, and a port and it will tell you whether it's blocked or not, and where; which firewall is doing the blocking or the allowing, or whatever. That part is very useful. When you have feedback from the user and you have your source, destination, and port, instead of trying to search on the Check Point console or the Panorama console or the Juniper console to figure out where that packet being dropped, you go to Tufin, put it in and, in 30 seconds, you have your answer. 

It saves time on each ticket. Instead of playing around for 15 or 20 minutes, it's down to 30 seconds. Any first-line of support can go to Tufin, put in the source, destination, and port and they can at least know what to look for, who to involve to further troubleshoot the issue. It's a first-step investigation that saves time.

It also helps us ensure that our security policies are followed across our entire hybrid network.

View full review »
SK
Senior Network Engineer at a financial services firm with 1,001-5,000 employees

Change management tracking is important: Who does what when. We know if something happens by checking the reports and comparing. We know exactly what mistakes were made and corrections. 

In a financial organization, there are so many approval processes. At the designing levels, you can add any number of layers (for approval/decline), add qualifications, and traffic flow analysis.

Because it is a predefined customized, we can define whatever we want it to be and add the exceptions.

View full review »
JS
Security Engineer at a manufacturing company with 10,001+ employees

It has allowed us to be more efficient in our processing of firewall requests.

We use this solution to automatically check if a change request will violate any security policy rules. Every change request has to go through a security approval step, but we also leverage the Unified Security Policy to automate some of that decision-making.

View full review »
it_user489240 - PeerSpot reviewer
Consulting Information Security Engineer at HCA

We've used some of the rules recommendation modules. You can give it a certain data feed and it will recommend a rule set to accommodate that. That's the other tool that has been helpful for us. Our biggest problem is that we have a very complex environment. It can get a little crazy when we throw it at the rule engine. 

View full review »
it_user483819 - PeerSpot reviewer
Security Manager at a financial services firm with 10,001+ employees

We're currently using SecureTrack. We've deployed SecureChange, it's currently essentially at this point in a deaf status. But from SecureTrack, one of the most useful tools that I've had as well is the usage reports. Whether it's zero usage or if it's the higher use rules. Let's say I've got a rule at rule number four thousand that's just getting pegged like crazy. It's the number one hit rule. We're wondering why our firewall CPU is going crazy? It's spiking. So we go over to the report, see what rules are getting hit, and we see the bottom of our rule base is getting slammed. Now we know we need to move those rules up and optimize our policy.

View full review »
it_user483795 - PeerSpot reviewer
Senior Security Network Engineer at a financial services firm with 10,001+ employees

We've been using Check Point for 10+ years and some of the rules were converted from other systems, mainly from Cisco devices. The conversion process or the migration process is not the cleanest. We end up with rules that we call over-saddling. Rules which are really not needed.

We're talking about a ton of rules. We have policies that have 3,000 rules. It's able to give us reports that tell us these 10 rules or 100 rules in our policies are not needed. Either we need to fix the rule which was a bad rule or we do not need another rule.

View full review »
it_user437160 - PeerSpot reviewer
Unified Messaging Technical Architect at a financial services firm with 10,001+ employees
  • Previously, we couldn’t figure out a way to make our processes more efficient. With Tufin our goal is to automate this process. We haven’t achieved it yet but at least we have a vision.
  • The fact that tickets can be dispatched automatically and analyzed prior to them being validated by the security teams.
View full review »
TH
Team Lead of Border Protection at a manufacturing company with 1,001-5,000 employees

The biggest benefit for us was the time frame to complete a ticket. It went from approximately a week and a half to two weeks down to about three days.

We use it to clean up our firewall policies, which gives us better security policy and less junk on the firewalls.

Risk analysis is automatically in our policy.

View full review »
ET
Business Director at a tech services company with 201-500 employees

The key, convincing element that made our customer go with Tufin is that they have the ability to centrally monitor and view all changes that have been made in the network, and they are able to revert any problems that they encounter, if somebody has made a problematic change.

View full review »
SB
Cyber Security Engineer at a healthcare company with 10,001+ employees

It has very good visibility with all our devices. We can see how they interact with each other, and if we're doing the right things or not.

We find it to be flexible. If we have a change that needs to be done, it will go ahead and do it for all our devices, regardless of the manufacturer that we have associated with it.

We are still in the beginning phases of it, but we're hoping that it can change how all of our policies are determined and implemented.

View full review »
JD
Network Security at a transportation company with 10,001+ employees

The visibility is very good. We have managers who are overseeing it, and they are approving things through it.

The whole process is flexible and customizable. We are building the matrix, then we're putting in exceptions. We have to add manual exceptions into it, and they have to come to us first before they can get it approved, which is good.

We use this solution to automatically check if a change request will violate any security policy rules. Similar to what we are doing with Azure, where they request a change, and if it violates policies, it gets kicked back. Then, we have to review it and figure out what they're doing. We can then move forward with it, if it's approved.

View full review »
it_user489234 - PeerSpot reviewer
Staff Specialist at a financial services firm with 10,001+ employees

We perform a lot of compares that show what was and what is now in our rule sets. In case there are issues or when somebody says, "Hey, this was working but now it doesn't," or, "Oh, I'm pretty sure that was in there and you must have removed it," we can validate those changes and go back in the history, say yes or no and do compares. There's a lot of new features that we're hoping to utilize, learn more about, and take advantage of. It's a timing thing and it's also education. We've been a Tufin customer for a long time and really like the product. We need to grow as much as the product is growing. 

There's tons of stuff in the product. The issue is more about what I don't know about it than what I am using it for. They definitely have kept up with the product and kept it moving forward. It looks like a really great partnership with Check Point and a lot of vendors. We're a Check Point shop, so it works very well.

View full review »
it_user489219 - PeerSpot reviewer
Senior Security Engineer at a hospitality company with 1,001-5,000 employees

At the moment, we have not really found any other side benefits, but we will be implementing SecureChange which will then allow us to track changes. The topology feature will show us what devices in the pack need to be touched. Depending on the complexity of the routing and knowledge of the environment by the engineers, policies could be missed that need the rules. That particular aspect is going to help us a lot.

View full review »
it_user488088 - PeerSpot reviewer
Staff Specialist at a financial services firm with 10,001+ employees

There should be a heck of a lot more benefits for us. The problem being we don't have the time or the training to do that. We just upgraded to 16.1. Now that we're on a supported version, we hope to get some training so that we can utilize the product a lot more than we currently are. It does exactly what we need it to do. I think with some tweaking and some more knowledge of the product, I think we'll get to where we need to be.

View full review »
it_user466632 - PeerSpot reviewer
Manager, Security Engineering and Operations at a retailer with 1,001-5,000 employees

We are in the process of automating our firewall rule management and requests, and we are looking into SecureChange and SecureApp. We're also trying to use it as a tool to collaborate with the application owners so that we can better manage documentation around data flows.

View full review »
it_user437130 - PeerSpot reviewer
Head of I.T. Security at a insurance company with 1,001-5,000 employees

It prevents human error. That is the biggest benefit for me as you can load in as much high availability as you wish. Human error is always the thing that is hardest to get rid of as well because now the change team don't question any rule base that we are putting in because of the checks Tufin does prior to the change, so we know the impact is not going to impact anybody else. What the biggest problem was whenever we would change a rule before there was always the question, what is the small thing doing. Now I can do production changes during production time. Due to this, we have a seen a positive impact for the company, and that is what they wanted.

View full review »
it_user400740 - PeerSpot reviewer
Sr. Security Architect at a tech services company with 1,001-5,000 employees

On one of my earlier deployments, I was actually able to quickly diagnose about 100 VPNs that went down because one the administrators made a wrong encryption domain in the tech point, so we were able to catch it right away as the change happened. We were able to revert the changes very, very quickly, and it did not cause a long amount of downtime.

We are able to look at any objects that are not used, rule usage, which, for wide-open rules, we can put in tracking on those rules so we can turn down the rulebase, so those are the good benefits. The rulebase actually shows the same way for all the devices, so if you have checkpoint firewalls, or if you have five load balancers, you can actually have a similar view of all this, so you can understand it very easily.

The other good part is that whenever changes happen, we have to go through change control. We can put in our changer card numbers, and then those all come in the dashboard as the changes that were done on that particular change record, so then you can correlate the changes to a particular request which was approved.

View full review »
FG
IT Manager at a financial services firm with 10,001+ employees

The change workflow process is flexible and customizable. 

It has helped us to meet our compliance mandates. We have some requirements that we need to provide more visibility on the risk levels of our firewall base, and Tufin helped us with that requirement. 

View full review »
CM
Manager at a manufacturing company with 10,001+ employees

We use Tufin to automatically check if a change request will violate any security policy rules. One of the things we want to do is to have a blacklist/whitelist policy. A blacklist of things that can never be allowed and a whitelist of things which are always allowed. I want this tool to block or report ports that should not be used, putting somebody in a change. In addition to that, I want it to be able to block people from mapping IP addresses in North Korea, Iran, or whatever is on the blacklist.

Our corporate policy mandates that we can only make changes to our firewalls daily. Once we get ServiceNow integrated with our whitelist policy, Tufin should be able to initiate the change and get us to reduce time.

It should help us meet our compliance mandates going forward. It is replacing AlgoSec.

View full review »
JR
Security Engineer at Allegiant Air

Tufin is our audit trail for all changes. We have to be PCI compliant, and it is the tool that we go to for enforcing PCI on the network side.

The change workflow process has customizable and functional for us.

It has helped us meet our compliance mandates.

View full review »
ST
Network Security at a tech services company with 5,001-10,000 employees

The change impact analysis has been very good. We continue to improve. 

The change workflow process is flexible and customizable. Right now, we are using SecureChange, which is improving the rules that get applied to Check Point.

We use the solution to automatically check if a change request will violate any security policy rules by generating a Sunday email report in these type of situations.

Using the Tufin reports, for internal and external audits, is a way we can demonstrate how we made compliance. After any of the observation that we get from the audits, we just run the reports one more time to see if our changes are being successfully applied and everything is working according to the requirements.

Tufin has been very helpful to get a lot of groups changed and getting all the information inputted on a tool, then later to applied on the device. 

View full review »
CG
Security Engineer at BCBSMA

Tufin allows us to perform self-audits and use rule-based accountability. 

View full review »
QL
Senior Information Security Architect at First Citizens Bank

One of the main things is to look at what policies haven't been hit, so we can remove those remnant policies when people come in, use it, and it's still left on the Check Point. So when a couple of users say, "This is not needed anymore." We'll remove it.

View full review »
it_user489246 - PeerSpot reviewer
Network Engineer at a financial services firm with 10,001+ employees

It has come a long way. Compared to where we were, it's significantly better. We were using an internal process that was intensive. This is clearly better.

View full review »
it_user483810 - PeerSpot reviewer
VP of Engineering at Netanium

The integration with other parts of the system, so it  a lot about process. If you have ticketing systems, other things that you're using can be helpful. For the really leading edge customers, they're able to integrate it with their other processes to the end users. The end users can be the ones requesting, saying, "I have this application and I need it to work this way." Take the technical out of it and make it a lot more business oriented so that's pretty powerful.

View full review »
it_user483786 - PeerSpot reviewer
Network Security Engineer at a transportation company with 1,001-5,000 employees

Before Tufin, we had a very antiquated way of doing firewall requests. It was a terrible workflow system. Workflow was one of the main reasons we looked at Tufin, since it is really easy for users.

View full review »
HS
Security Analyst at Equifax Inc.

The auditing reports generated by this solution help us to find issues.

This solution has helped us to meet our compliance mandates. We have very strict standards and security policies that we must follow. This tool is very flexible for the management team. It also helps us to ensure that our security policy is followed across our entire hybrid network, but we have a lack of security in some points.

View full review »
CL
Senior Adviser Cyber Security at a comms service provider with 10,001+ employees

Some clients wanted to have more latitude with root deployment. Instead of deploying through us every time, they want to deploy a new root, making quick roots or small roots, like adding an object to a root. They now have the possibility to go direct.

It has helped our clients to meet their compliance mandates. They will ask us for evidence that we can provide them.

View full review »
it_user489210 - PeerSpot reviewer
Security Engineer at a healthcare company with 1,001-5,000 employees

It understands my need to make sure that there are specific metrics that we are looking at and with those seeing across our technologies, as opposed to just a vendor technology building reports. It's easier for us.

So far, with the asks that have been requested, we have been able to find the metrics we need. 

View full review »
it_user488118 - PeerSpot reviewer
Security Engineer at a financial services firm with 10,001+ employees

Tufin analyzes tens of thousands of rules for us. Not all one firewall, but there's thousands and thousands of rules that Tufin analyzes.

Reporting is great. The only issues that we ever run into are with usage reports. You can run into things where something will have been modified and it ends up changed or something like that. Other than that, reporting is great.

View full review »
JS
Network Infrastructure Engineer at Ropes & Gray

Using Tufin makes it easy to visualize when investigating or auditing configs.

View full review »
BB
Networking Engineer at a comms service provider with 1,001-5,000 employees

Tufin has made handling firewall rule request tickets more centralized and easier to manage.

We have previously use Tufin to clean up our firewall policies, but we are not doing that currently.

View full review »
BN
Network Security at a insurance company with 1,001-5,000 employees

The product is good at auditing the changes that we make in our environment.

We use this solution to automatically check if a change request will violate any security policy rules. For example, if the engineer is making a change that hasn't been authorized, we will know about it.

The product streamlines our change management process. It assists us in reporting on some of the compliance for our auditing department. It helps us in managing the process and having some auditing capabilities.

View full review »
it_user363600 - PeerSpot reviewer
Founder at a tech services company

The product suite itself brings together organizational units. So when you talk about operations, development, management and auditing, all of these organizations have their own interface and abilitie to understand what different parts of the company are doing.

View full review »
it_user489207 - PeerSpot reviewer
Security Architect at a healthcare company with 1,001-5,000 employees

A lot of policy is legacy. With SecureTrack, I can track the policy and find all the policies that we're not using. Basically, we create a process out of it and actually get rid of those legacy policies.

I don't have a real idea of how many policies we’ve found, but the outcome for that policy management is usually better for our file work because it runs much more smoothly because of less policy, less memory usage, and less CPU.

We try to make the file work much more efficient. We also do auditing for file work, such as who made changes on the file work. You can use it for accountability, if needed. 

We also use some of the compliance features. We define policy on what is compliant. If anyone tries to create certain stuff that is not compliant, we get notified. I haven't fully utilized Tufin yet and I'm working toward that area. Hopefully I can give it a higher rating as we explore more functions. We know the capability; we just need to get to that point. If we reach that point, it'll be much better actually. We’re just not there yet.

View full review »
it_user488103 - PeerSpot reviewer
Security Consultant at a tech services company with 1,001-5,000 employees

We primarily use Tufin to alert us whenever a firewall policy change has occurred. We immediately get an email with a summary of what changed, the objects, any kinds of rules that were created, and so on. We can review that from our email client to see what the other admin changed and visually see if they did something that was against our standards, if it was just a poorly written rule or something like that.

View full review »
it_user437136 - PeerSpot reviewer
Network System Architect / Technical Project Leader at a local government with 1,001-5,000 employees

Our company has a common policy that we need to ensure covers three different vendors we work with. Tufin helps us to manage this as it's where we've defined the common policy and also where we manage it.

View full review »
it_user288696 - PeerSpot reviewer
Network & Security Operations Manager at a retailer with 1,001-5,000 employees

Thanks to Tufin we're able to manage the life cycle of rules and to keep logs of each firewall modification. Policies are also optimized using the tool.

View full review »
reviewer1188195 - PeerSpot reviewer
Works

The workflows save time and speed up the authorization processes for applications. For network operators, it enhanced visibility. For application operators, it increased knowledge of dependencies and also provided them with impact awareness.

View full review »
HM
Network/Security Engineer at a leisure / travel company with 51-200 employees

In terms of the change impact analysis capabilities of this solution, we get a lot of CNR queues and it has saved a lot of time when making changes. And the analysis tells us that we have made a particular change and it sends out a lot of alerts. We can analyze them and do some auditing stuff as well with Tufin.

We have a lot of teams that do stuff in Tufin, management teams, auditing staff, and a team for implementation. So the time it saves us across that whole scenario is hard to pin down, but it has saved us a lot of hours in implementing the CNR queues, approximately 20 to 30 hours a week. That a big time savings.

The solution will automatically check if a change request will violate any security policy rules. We have an auditing staff using this feature within Tufin. If we have an open rule, it will send us an alert and we can see why this alert has been sent and take action on it.

Tufin helps us ensure that security policy is followed across our entire hybrid network. We can set up rules and policies for this and we can do a lot of auditing as a result.

View full review »
it_user489222 - PeerSpot reviewer
Security Engineer at a retailer with 1,001-5,000 employees

I think we knew we needed to invest in the solutions because of a replacement we had to do last year. We had no other way of gathering the information. It wasn’t replacing anything.

View full review »
it_user479343 - PeerSpot reviewer
Senior Advisor Security Architect at a comms service provider with 10,001+ employees

From a security point of view, Tufin can provide the posture of your environment, meaning whether your rule base is secure or not. It will analyze the file rule base, tell you if the service you enabled is secure, and give you some advice how to deal with the situation.

View full review »
it_user477891 - PeerSpot reviewer
IT Security Engineer at a energy/utilities company with 1,001-5,000 employees

We use reports a lot for cleaning up, which is part of our regulatory requirement. You need to review the policies for any old reports, used objects or used services. That's basically what draws the purchase of this product.

I also like the product’s ability to reduce security risks. Being able to do some of the compliance checks has been very good for us.

View full review »
it_user437133 - PeerSpot reviewer
Network & Security Service Delivery Manager in Spain at a transportation company with 10,001+ employees

Tufin's given us the ability to correlate between policy and firewall rules. We can even search for the correlations to determine violations and exceptions. Also, it's a solution where we can define our entire company's security policies.

View full review »
JN
Security Engineer at a government with 10,001+ employees

This has helped us to better clean up and audit changes to the firewall policy. Also, giving access to the other teams without giving them direct access to the firewalls, themselves, is very helpful.

This solution has also saved our architects time. They are unable to view the firewall policy directly, so they use this product to find the rules that they need. If something is being moved then they can easily create a document that has all of the existing rules.

View full review »
OJ
Consultant at Sirius Computer Solutions

The visibility is pretty good because it's a cross-vendor platform, so it provides visibility across different vendors.

We use this solution to automatically check if a change request will violate any security policy rules. We have a huge policy base, and we have certain compliancy requirements which we have to meet for the rules that we have. If we are planning to have a change in the policy base which could possibly violate the compliancy requirements, then we'd get the help of the tool to alert us in a way, which would make us aware of that.

It makes us aware when there will be any compliance violations possibly, and we can pro-actively prevent those violations from happening.

View full review »
it_user489228 - PeerSpot reviewer
Security Architect at HCA

It provides pretty decent visibility to the rule set that we have. Right now, we're looking to better utilize the zoning. When we start utilizing the zoning better, I think it will be a lot more useful tool. 

View full review »
it_user476727 - PeerSpot reviewer
Security Engineer at a financial services firm with 1,001-5,000 employees

Before we had Tufin, we had to do firewall policy cleanup and it was pretty painful. It would take us 6 weeks just to get through one review, and we had to do it quarterly. With Tufin, you can generate a report in 20 minutes and start taking action on it right away. It's a huge difference. You build up trust with the product. When you are looking at a rule and you don't know if it's been used before, you're kind of rolling the dice. When you have a tool that can look out 6 months and it hasn't been used, then you have a lot more confidence in cleaning that rule up.

View full review »
it_user437142 - PeerSpot reviewer
Senior Security Consultant at a comms service provider with 10,001+ employees

Before we'd have to manually go down rule bases three-thousand lines long, rule by rule finding the stuff that's missing. So it saves us a lot of time.

View full review »
it_user437187 - PeerSpot reviewer
General Manager at a tech services company with 51-200 employees

There's an automatic compliance check. If you have an accessory test from A to B, the system will check the entire firewall infrastructure to see if it's possible immediately or not, and if it's not possible now, then the change will be started, and if it's a standard change, the standard change will be run more or less automatically, and it's not necessary to involve the technical team for a standard change.

View full review »
it_user437145 - PeerSpot reviewer
Head of Network and Security at a financial services firm with 1,001-5,000 employees

It's given us an easier workflow since we go through the different steps of network validation to make sure that the request coming from the user is technically sound and implementable. It also helps us with security validation, that is, compliance with company goals and so on. We've also added change management so that we're able to implement solutions at the at the optimal time.

View full review »
NK
Firewall Administrator Security Engineer at a comms service provider with 1,001-5,000 employees

We use Tufin to clean up our firewall policies of unused policies.

It gives our firewall administrators visibility into the total infrastructure.

View full review »
MM
Technical Team Lead at Paragon

We have a better view of our compliance status. Most of our network is on-premise, so we don't have a cloud. We don't have a hybrid network, but it provides visibility for what we do have right now.

View full review »
SB
Senior Consulting Manager at a tech services company with 10,001+ employees

Tufin has improved my organization with its configuration management. It has tremendously improved operation's success and has made life easier. 

It has also increased the amount of gateways there, which has really helped us. Information is readily visible.

Tufin has ensured that the security policy is followed across our entire hybrid network in the way that it has given us what is in place now. We're trying to impose the security policies of the organization. There is still time to get in there.

View full review »
VK
Owner at Concepts Solutions Informatiques

We now spend less time auditing rules with reports: 

  1. The designer helps us in creating rules
  2. It tells us what rule is missing and where to put it. 
  3. The predefined reports are then sent to administrators.
  4. It provides an exact image of how to improve security.
View full review »
it_user489237 - PeerSpot reviewer
Network Security Operations Manager at a non-tech company with 1,001-5,000 employees

We're using it to write down policy changes. We have lots of jobs making firewall changes. We track down all of those in the reports and we can see what is going on. If something goes wrong, we can track down the latest changes and determine how to fix it.

View full review »
it_user489264 - PeerSpot reviewer
Sr Network Security Engineer with 1,001-5,000 employees

We use Tufin for object lookup. We often get requests from the business. They give us an IP and they request something like, "We need to know what the rules are for this.", so they can add more similar rules. We go into the object lookup, give the IP that we're looking for, and then it generates a report, either Excel or PDF.

We have probably a hundred policies using Tufin.

View full review »
it_user466629 - PeerSpot reviewer
Manager, Information Security at Neustar

We are starting to use it more as a compliance tool as opposed to just for tracking changes and backups. Because it tracks changes, SecureTrack maintains a complete CVS (Concurrent Versions System of all of the configurations of a lot of our systems. Because we're a multi vendor environment, it's not just Check Point. We have licenses for all of the different firewall vendors’ products and things like that.

View full review »
it_user437169 - PeerSpot reviewer
IT Sec Operations at a tech company with 10,001+ employees

Tufin has allowed us to do much faster analysis. We don't have to analyze the entire rule set anymore because it tells us whether each specific rule matches policy or not.

View full review »
it_user437175 - PeerSpot reviewer
Telecommunication Engineer at Vodafone

In the design team, everything is based on things that already exists and Tufin helps us make changes safely.

View full review »
it_user437121 - PeerSpot reviewer
Manager, Group Leader at a tech services company with 1,001-5,000 employees

We can very quickly understand the admin configuration made by the administrator.

Also, year to year the policies always grow and every day we need to check and remove rules, policies, and objects that we already have. So another very helpful feature that we use is that we take from the policies unused objects that have not been used in a long time.

View full review »
it_user437178 - PeerSpot reviewer
Network Security Consultant at a tech company with 10,001+ employees

We don't use it on a day to day basis. Obviously we're running it all the time but we only need to look at it once a month when we do a review. It's not something that we use all of the time. When we do perform a review, it gets passed across to the lead engineers for that particular account to look at the rule bases and agree on what we're going to do with it and then they sort it out.

View full review »
DM
Professional Services Engineer at a tech services company

I tested it for the change orchestration. That is what my evaluation recently was specifically for. While the product was a little slow, it did look full-featured. 

View full review »
PD
IT Security Professional at a pharma/biotech company with 10,001+ employees

Our company has a grid, and there are different blocks of public domains and internal domains. It checks all that on our security grid. That has been customized by our administrator.

Tufin allows our say junior guys to learn how to view policies. It gives them a tool that will help them consolidate and optimize.

View full review »
it_user182367 - PeerSpot reviewer
Network Specialist with 51-200 employees

Day to day, if you have a problem you can go back and see if it could be something that is related to a change that you made, because the time of the change is the same as the time the problem appeared. Then we can roll back.

View full review »
it_user437127 - PeerSpot reviewer
Security Solution Architect at a tech services company with 1,001-5,000 employees

We use SecureChange because we have separate views to see those who are compliant with rules, those who are on probation, and the managers. The integration with our system is quite good, which is important because we have 5000 firewalls. Fortunately, we don't have a lot of rules but there are many people who can make and change rules. With this approach, Tufin has become a very powerful tool for us by creating an automatic implementation.

View full review »
it_user375474 - PeerSpot reviewer
Security Evangelist

Before we started using this product, to resolve the network problems, it used to take a week or so. But once we started working with Tufin the problems are resolved in a day or two. And also, we can monitor different firewalls under a single GUI using Tufin.

View full review »
CD
Security Engineer at a insurance company with 201-500 employees

We find that the change workflow process is flexible and customizable. If we want to change approvers, that is very easy. If we wanted to add a step or get rid of a step, this is easily customizable.

We are using the visibility with notifications on every firewall change and what those changes were. We have visibility to see who is making the changes, and when. This is the biggest thing because we are underutilizing the product right now.

This solution has helped us meet our compliance mandates. Everything is all auditable. Every change is tracked down to the person and time.

View full review »
SM
Security Analyst at a government with 1,001-5,000 employees

The change work flow process is flexible and customizable. We found it pretty easy, particularly when we were implementing new rules and with our cleanup. We found that the rule change was fairly easy to implement.

It has allowed us to monitor rule changes. This way we know exactly what would happen behind the scenes in the event of an after-hours change.

View full review »
it_user479277 - PeerSpot reviewer
Security Specialist at a financial services firm with 501-1,000 employees

Tufin is easy to use, which was really important for us. Also, it’s not a dangerous solution because we can’t make changes with it.

View full review »
it_user437193 - PeerSpot reviewer
IT-Security - Consulting (Licensing, Maintenance) at a tech consulting company with 501-1,000 employees

The biggest and most important benefit is that it addresses the weaknesses of our internal customers. We can perform changes in real-time instead of having to wait for days or weeks. Of course, if there are compliance issues, we can see right away whether they have documentation that addresses the issues and we can then approach management with the solution.

View full review »
PC
Consultant at RIPEN

Tufin saves a lot of time on the policy requests deployment. It enhances the SLA of the policy requests or changes and enhances the accuracy of the policy deployment.

View full review »
ST
Information Security Engineer at a tech company with 1,001-5,000 employees

My team uses it heavily to audit the changes made by junior engineers, going back and figuring out what they messed up, and correcting their mistakes. We generate reports for customer compliance and audits, as well as for regulatory audits.

We use it to generate reports that we are in compliance, but don't necessarily use it to mitigate any compliancy requirements then only to report on them.

View full review »
it_user437163 - PeerSpot reviewer
Network, Telecom and Storage Manager at a financial services firm with 1,001-5,000 employees

For the first one, we were able to reduce the number of rules, and the signaling one is about the compliance. We have many security rules to define the flows between the security zones, so we put all the rules under 13, and then we can generate reports.

View full review »
it_user298422 - PeerSpot reviewer
Senior Information Security Engineer at a financial services firm with 501-1,000 employees

It allows us to evaluate and build matrices, and see how rules work with it to see whether they are secure.

The biggest benefit of this is that it allows us to see how security functions as a hole. Also, it lets me see where the holes are and how things function.

View full review »
it_user437157 - PeerSpot reviewer
Group IT Governance - IT Security Engineer at a financial services firm with 10,001+ employees

It gives us a better view of the rules. We found that we can send invites to the owner of the application to find out if they still needs to use it, and if they say that they don't want it, then we can observe the rule and remove it if possible.

View full review »
PC
Owner at SiS International Limited

Tufin assists us in maintaining a robust view of our internal network topology. This topology may be built with a certain period, but it saves lots of operational and audit time in the long run.

View full review »
it_user437148 - PeerSpot reviewer
Security Consultant at a tech company with 501-1,000 employees

It's much easier to implement rules. It's easier to have an overview of the policies because we don't have to review them, so it's much faster.

View full review »
it_user907089 - PeerSpot reviewer
Network Engineer at a tech services company with 11-50 employees

Before, we had to manage each file individually. Now, they can all be managed as a single entity.

View full review »
it_user907089 - PeerSpot reviewer
Network Engineer at a tech services company with 11-50 employees

Now we can confidently remove firewall rules that are not needed and make the configuration of firewalls more strict.

View full review »
it_user479295 - PeerSpot reviewer
HoD IP MPLS Department at a comms service provider with 1,001-5,000 employees

The ability to get a sanity check for the rule base is important. Right now, we write our own firewall rules, and with Tufin, we can cut those down to four hundred.

View full review »
it_user437172 - PeerSpot reviewer
IT Architect at a tech company with 10,001+ employees

It makes it easy to find a rule and to make sure that all the firewalls are working in just one step, so this saves us time.

View full review »
it_user437151 - PeerSpot reviewer
Network Security Architect at a tech company with 10,001+ employees

Our work is part of the team that manages all the files and people call to tell me exactly which rules I need to change, and where. Tufin makes this easy and let's me know if it already exists or not.

View full review »
RP
Chief Information Security Officer at a computer software company with 201-500 employees

It provides me great insight into my firewalls across my organization.

We are able to stay compliant with many of the regulations. 

View full review »
it_user1010334 - PeerSpot reviewer
Regional Manager at a tech services company with 11-50 employees

The solution helps us meet our compliance needs.

View full review »
Buyer's Guide
Tufin Orchestration Suite
March 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.