Tufin Orchestration Suite Reviews

Tufin gives you the ability see what changes have been made and who made them, as well as pinpoint what has changed so if there is an issue you can easily review it. I also like that if there is a new request that's coming in, you have the ability to compare the request with what is already in the system so you don't have to go into the firewall rules to try to figure it out. You can just do a comparison between different policies.

We use reports a lot for cleaning up, which is part of our regulatory requirement. You need to review the policies for any old reports, used objects or used services. That's basically what draws the purchase of this product.

I also like the product’s ability to reduce security risks. Being able to do some of the compliance checks has been very good for us.

The ability to search could be improved, and it would be helpful to be able to display more than a hundred results on a search or share when you do the workflow with multiple people at the user level on your same team. If you have a team of three people each one should be able to see each other's request without having high-level access rights.

Also, the workflow is very rigid. It's not very easy to manipulate. The graphical interface needs to be a little more user-friendly. You need to be able to move objects around to make a nice display. Right now, if you select an object, it just sits there and everything goes sequentially. I want to be able to move objects around to make the interface more presentable in the way you would normally code something. That's a big concern, because we've gotten several complaints.

We have used Tufin for at least seven years.

We haven’t had any problems, except for some licensing issues a long time ago.

For what we do we haven't seen any performance issues so far.

Technical support has been good. We've had different engineers help us out and they've all been very helpful.

We compared Tufin to AlgoSec. At that time, we felt that what Tufin had in terms of their workflow and the option to transfer over our existing workflow was more flexible. It was a hard decision. One of the other reasons we picked Tufin up versus AlgoSec was the responsiveness of the people we were working with. They understood the company and our relationship, and we felt that it would be easier to have the ear of the company if we needed customization. They did the changes that we requested, which made life easier. We felt that if we were to go with AlgoSec, it would be a lot harder.

We closed the deal after they made a change to DNS lookup. Objects need to be created on our DNS system before they’re populated, and you didn’t have a way to validate your IP with a host name at that time.

If I had to rate it one to ten, I’d give it a nine, since there’s room for improvement, even though they’ve been doing a lot of improvements over the years. I would also say that if you buy the product make use of it. There are more features available than you always realize, so a lot of times you might try the harder way first because you are used to working that way. You might discover that your life can get a lot easier.

The most valuable feature for us is Tufin's versatility. Depending on the kind of device, we can correlate information from both the device and from the client. This is highly useful for us.

Tufin's given us the ability to correlate between policy and firewall rules. We can even search for the correlations to determine violations and exceptions. Also, it's a solution where we can define our entire company's security policies.

It needs better correlation so that it's easier to not have to look for information underneath all the data. So, even though the policy and firewalls are correlated, it's difficult to find them when we need to.

We haven't had any issues with deployment. In fact, it was very easy to do.

We haven't had any issues with stability.

We haven't had any issues with scalability.

The initial setup was not complex. It was fairly easy and straightforward.

We implemented it with our in-house team.

So far, the solution has been fantastic. The customer has been very happy with its capabilities overall. 

It works very well in an enterprise environment.

There aren't any gaps in its offering at this time. It's a very complete solution.

The reporting on offer is very good. Tufin makes nice reports.

Technical support has always been very helpful and responsive. 

The pricing could be a bit more competitive. If you compare it to, for example, AlgoSec, AlgoSec has better pricing.

The implementation could be a bit easier. 

I've been working with the solution for about a year or so at this point. It hasn't been too long. 

We've had to contact technical support a few times in the past. Their support is fantastic. They are very helpful and responsive. They are knowledgeable about the product. We are quite satisfied with the level of service we receive. 

I also work with Cisco devices.

We had some issues during the initial implementation. Our client had some devices that, for some reason, just weren't integrating. If they could look into issues that clients face at the outset, when the setup is happening, it would make the experience a lot easier to handle. They just seem to need to be able to handle more integrations with other devices. 

The pricing could be a bit better. It's definitely not the least expensive option. It would be ideal if the product pricing came down a bit so that it was more competitive. The clients would appreciate that a lot.

I'm currently looking at other solutions to compare Tufin to. I have done some comparisons between Tufin and AlgoSec and my takeaway from that is that AlgoSec is less expensive.

I would advise other organizations considering the solution to first be aware of what they want to achieve. As a company, you need to start there before you start choosing solutions. That way, you'll know if the solution will properly meet your expectations. Tufin has a few options as well. It's important to understand which would work best according to your requirements. 

I would rate the solution at a nine out of ten overall. We've been very please with the capabilities of the product and our clients have been happy. 

Our customers use Tufin to manage multiple firewall access rules through a single console. We have done on-prem, public, and private deployments of this solution.

It provides very good reports. It can easily integrate with multiple firewalls, such as Cisco, Juniper, Palo Alto, and Checkpoint. 

We can push a policy from Tufin to a firewall, which is a very good feature. We can monitor all access rules and the operating system of a firewall.

Currently, we are able to monitor access rules and the operating system of a firewall. It would be great if we can also monitor the configuration of the firewall through Tufin.

I have been using this solution for the last three years.

It is very stable. It has good stability.

It has very good scalability.

Their technical support is good.

Its initial deployment is not very easy. It is a little bit complex. After the deployment, it is easy to work with it in the GUI. Its deployment takes at least two or three days.

Customers usually evaluate AlgoSec. 

I would advise others to go for it to manage firewalls from multiple brands in a single console.

I would rate Tufin a nine out of ten.

We primarily use SecureTrack for viewing and tracking changes to policies.

This has helped us to better clean up and audit changes to the firewall policy. Also, giving access to the other teams without giving them direct access to the firewalls, themselves, is very helpful.

This solution has also saved our architects time. They are unable to view the firewall policy directly, so they use this product to find the rules that they need. If something is being moved then they can easily create a document that has all of the existing rules.

The most valuable feature is to give people outside of the firewall group access to view the policy. Tracking is the most useful feature for us, right now. It saves time but I cannot give an estimate as to how much.

The visibility is good. We can see the policies and what changes need to be made, based on the report.

When viewing the policy there are a lot of Check Point user's inline rules, and you don't see those in our policies. It just labels them from top-down. We use a lot of inline rules, and it would be beneficial to see those from within Tufin. 

Overall the system is stable, and we have had no issues configuring it with our firewalls, or otherwise.

It is scalable in the sense that we use a lot of policies and we haven't run into any limits yet.

The solution has been pretty straightforward and I haven't had to contact tech support. Again, we're not using all of the features so perhaps that is why. I do know that there are plans to use the SecureApp and SecureChange in the future, but the trust isn't there yet for us to push down those changes.

We did not use a solution prior to this one, but we needed Tufin to give access to other teams to view the policies. We did not want to give them direct access to the firewall management system.

I would say that the initial setup was of medium difficulty. I and one other engineer completed it, and it wasn't too difficult.

The deployment, in total, took more than a year. This included bringing in every single firewall policy and making sure that it was updating and tracking.

We handled the deployment in-house.

We did not evaluate other options before choosing this solution, and I don't know who else is competing in this space with exactly the same features as Tufin.

We don't use SecureChange at the moment, although hopefully, we can get to it in the future.

With respect to having this solution automatically clean up our firewall policies, we run the report but we don’t always push those changes on. We consider the recommendations but review it manually ourselves. This does point out what we can get rid of, and where we can optimize it. Once we have the trust of our team to push these changes automatically it will be implemented, but we're not ready for that yet.

Part of the reason is that we want to be in control of the firewall policy changes. We don't want developers or anybody recommending what we should be doing.

If somebody is looking to integrate a ticketing system, and not push changes directly through their firewall management system, and they would like a third-party verifier and checker then I don't know any other products that can do that. This is especially true for Check Point firewalls, and Palo Alto.

I would rate this solution an eight out of ten.

It is customizable.

It does not natively support all of the Check Point functions, which is a big deal. The solution doesn't recognize traffic and impede it.

We have had a ton of issues with stability. The database is weirdly designed. Things just go wrong with it where we have to call the tech guys. They come in and clean the database fairly regularly.

We've scaled it to hundreds of firewalls. We haven't had a scalability issue. 

If you don't buy their premium support, their technical support is not great and you can only call during daytime hours. So, we ended up purchasing their premium support.

The reason that we purchased the solution is because of the visibility that it provides.

The SecureChange implementation was straightforward. 

The SecureApp implementation was very complicated. The topology was so complicated that we threw it away after months of having Tufin people come out to try and make it work. 

We bought deployment services from Tufin. 

We are seeing ROI in terms of having SecureApp. However, we made a significant investment to get there.

The topology doesn't work and SecureApp doesn't seem to be a strategic product for Tufin anymore. Proceed cautiously with that in mind.

I would rate their SecureChange an eight out of ten. I would give their vision an eight, but for their execution I would give a three out of ten. 

It's mainly for the automation of policies.

The visibility is pretty good because it's a cross-vendor platform, so it provides visibility across different vendors.

We use this solution to automatically check if a change request will violate any security policy rules. We have a huge policy base, and we have certain compliancy requirements which we have to meet for the rules that we have. If we are planning to have a change in the policy base which could possibly violate the compliancy requirements, then we'd get the help of the tool to alert us in a way, which would make us aware of that.

It makes us aware when there will be any compliance violations possibly, and we can pro-actively prevent those violations from happening.

The automation because it is saving a lot of work, time, and effort required to do all of our manual work. The change impact analysis is pretty good, and with the automation, it takes care of a lot of things which we would be doing manually.

The change workflow process is flexible and customizable to some extent, but there is room for improvement. In some cases, we've found it difficult to get the exact thing which we were looking for. Then, we end up having to go and do the thing manually.

I would like them to have more focus on the whole compliance across the globe, like PCI DSS. These things keep on updating very frequently. If they can be on top of it and keep updating more frequently, getting more updates, that would be something good.

It's very stable. We haven't encountered any major issues, so it's pretty good.

It's pretty scalable. That's a good thing. 

Sometimes the technical support is able to help us quickly, and sometimes it just goes on for quite some time. Something complex or a new functionality requirement takes time, but if it's something simple, then they're pretty quick to resolve it. 

We didn't really do the deployment ourselves. So, it was someone else.

Tufin makes things a little easier. It lessens the amount of manual work which we have to do. It has a lot of benefits in terms of revenues, profits, employee costs, and operational costs. We have already seen return on investment.

The solution has helped us reduce the time it takes to make changes.

I also know that we evaluated AlgoSec.

I would suggest looking at not just the features and functionality which are specific to the environment which you are working in, but to be aware of the other features which the product has to offer. Because companies grow and things change, so it's always good to have at least a complete idea of what the product does and how it does it.

• The ability to compare the old policy and the new policies is real handy.
• The topology view is really good. 
• You can kind of see where the flows are coming and how they're working.

I come more from the WAN space as opposed to the security space, so I would obviously like to see Tufin integrate with Cisco routers. There's room for more integrations with other products.

I'm just kind of getting into it, so I don't think I have the full breadth of the product personally, but it is pretty usable.

It's been stable in our environment.

We haven't had any trouble scaling it. We have about 100 policies.
There haven’t been any issues with speed, as far as I can tell.