What is our primary use case?
For us, it's more about managing the policies and having an overview of all the policies that are available, that we currently implement, and bringing them to a central console so that we can have an overview of what's going on. We deploy Tufin for one of our customers, it's not for ourselves.
How has it helped my organization?
The key, convincing element that made our customer go with Tufin is that they have the ability to centrally monitor and view all changes that have been made in the network, and they are able to revert any problems that they encounter, if somebody has made a problematic change.
What is most valuable?
The policy overview is valuable.
What needs improvement?
The key area for improvement is the integration to F5. One of the things that we encountered with another customer is that there were some limitations when we tried to migrate policies from F5 into Tufin. Half of the network is F5 and there were a couple of other firewalls and they're trying to centrally manage them. There were issues in terms of managing the policies for F5. It's not as seamless as it should be.
Documentation to help users integrate to an F5-type of environment would be great, so that users would understand and know the limitations, rather than having to go through a PoC and then realize that it's just not suitable for integrating F5 products.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
So far, the stability has been reasonably good. We haven't encountered any major issues. Even when integrating to overseas central management systems, it has been quite seamless.
What do I think about the scalability of the solution?
Scalability is something the customer will be exploring in the next phase.
I think that the major limitation is its ability to integrate into more products. With the common products, the older products, it integrates very well. But with the newer products, like I said, F5 for example, they do have some issues. I'm not too sure about other firewall products and other DDoS products that could be in the network.
For now, the customer is trying to integrate the product into the rest of the group. That's currently being studied by some of their overseas counterparts to see if it's suitable. The plan is that the customer intends to proliferate this across the entire network, but that step will take place over five years' time.
How are customer service and technical support?
Technical support is excellent, I would give a big thumbs-up to the technical support team.
Which solution did I use previously and why did I switch?
We didn't use a previous solution, this is our main solution.
How was the initial setup?
The initial setup is reasonably straightforward and the support team is quite good. They're very helpful and they're very knowledgeable.
The deployment, overall, took about three months, in terms of studying the customer's environment and doing some consultation and a deep-dive with the Tufin consultancy team.
What about the implementation team?
We are an integrator, so we have a fairly decent understanding of the product and it wasn't that difficult to deploy.
What's my experience with pricing, setup cost, and licensing?
Pricing played a big part here. We didn't present AlgoSec or FireMon. We got good support from Tufin directly. We managed to position it with an effective price for the customer. The customer had evaluated other products but, due to price as well as support, they chose Tufin.
Which other solutions did I evaluate?
We evaluated Tufin together with FireMon and AlgoSec.
What other advice do I have?
The first priority is to evaluate how expensive your firewall family is. If you have, for example, F5 then you would probably have similar problems to what we encountered with F5. But if you are deploying general firewalls, like Palo Alto and Cisco, that's fine. You have to evaluate how you are going to import existing policies and how you are going to monitor those policies when they transfer them across to be centrally managed and monitored by Tufin.
In terms of users of the solution, we set up for the customer a central admin who is the main administrator that controls the entire dashboard. In addition, there are viewers who only need to view and monitor the reports and the like. It's the IT firewall team that makes changes to the firewall and backend system. So there are three main groups of users.
We do the maintenance for the customer, so if there are any patches or any updates that are critical we work with the customer to identify a suitable time for us to do the system upgrade.
We manage our customers' IT infrastructures. We then bring in vendors according to what each customer requires. We are the system integrator, integrating to their backhand system. We provide consultancy and advice to the customer with regards to the types of products that they should choose. Eventually, we support products once they have deployed them. A lot of customers don't have a big IT team locally to support the infrastructure, so we provide that level of support.
From an implementation and costing-strategy standpoint, I would give Tufin eight out of ten. It would be much better if they could improve the F5 support and also enhance the documentation in terms of integrating firewall products.
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator.