Tufin Orchestration Suite Reviews

What I’ve found very useful in a short period of time is the visibility it provides. It looks at the tools that don't meet our compliance requirements. We’re part of a program where we’re going back and remediating a lot of the rules that are falling out on compliance. Having a central location for that is very nice.

It provides pretty decent visibility to the rule set that we have. Right now, we're looking to better utilize the zoning. When we start utilizing the zoning better, I think it will be a lot more useful tool. 

A major thing that it sounds like it's still going to be lacking, is the ability to create and push NATs. Our network is very large and very complex, we use NATing internally quite a bit. That's a fairly large pain point for our firewall admins. We can use SecureTrack and SecureChange to create and manage rules, firewall rules, but it doesn't have the ability to manage NATs, which we find, is key for management.

Some of the pain points like NATing and the interface brings my rating for the product down to a seven. The interface is workable, but it could be a little bit more intuitive. I would rate the function of the product a ten.

I'm very new to the Tufin products. I'm new to HCA and this is the first time I had professional experience with it. 

Dive in.

We use it as an auditing tool, since it’s a risk-based approach, which fits a lot of the needs of our auditors. We're able to clean up our firewall rules and use the security score in our monthly reports to executive management, showing them that we are making improvements within the security of our firewall policy. We can generate different inventory reports when rules are not in use. It allows us to print policy out for our auditors as well.

You can print off reports, either in Excel format or PDF format and deliver them to whoever needs those reports. It can also send you any report on a regular basis. For example, if you want to see your security scores, you can have that sent to you weekly.

Before we had Tufin, we had to do firewall policy cleanup and it was pretty painful. It would take us 6 weeks just to get through one review, and we had to do it quarterly. With Tufin, you can generate a report in 20 minutes and start taking action on it right away. It's a huge difference. You build up trust with the product. When you are looking at a rule and you don't know if it's been used before, you're kind of rolling the dice. When you have a tool that can look out 6 months and it hasn't been used, then you have a lot more confidence in cleaning that rule up.

Some of the challenges we have include getting the reports and the tools to look at our specific environment. There are some challenges with setup for that. You want to make sure that your PCI environment, your wireless environment, your DMZs and your internal network are all laid out in Tufin so they can be correctly scored and rated. A little more ease of use in that area would be helpful.

We've had Tufin for 8 or 9 years. I was the one that brought it in.

We don't have any issues with stability of the product.

We have a relatively small environment. We've got 30 firewalls, basically 15 clusters that Tufin monitors, and our policy rule base isn’t huge. We moved over to VMware and haven't had any issues with caring for the product.

We actually used one of Tufin’s competitor’s products, AlgoSec, but found that the Tufin product is a lot more flexible from a reporting standpoint.

It’s easy to set up. I would say to do a proof of concept and give it a try. It doesn’t take much effort to get it set up and start getting benefits.

I would give it an 8 on a scale of 1-10 because it works really well in helping you create your own reports. You can drill down into each of the different risks that are in the environment and take action on it. It actually tells you, in a descriptive manner, what the issue is and how to fix it.

Audit compliance. We need the PCI audit compliance and that's what Tufin delivers for us.

Before we'd have to manually go down rule bases three-thousand lines long, rule by rule finding the stuff that's missing. So it saves us a lot of time.

Well there's parts of the product that we can't use, the SecureChange, the network address translation, and users as it's all very difficult, so we've never managed to use it for that. We just use it for PCI and for rule based management, rules that have no hits, and I use it to help with the rule-based.

It's only broken twice in the ten years we've had it, so it's very good.

It scales because you can put multiple devices in multiple networks. We've got some things where the firewalls aren't routable back to the central, so we can put these proxy-serve type things in, so it's very scalable. You can have as many of them as you want.

I've used them only twice. Once for an RFE and once for a little issue that we had. I found them very knowledgeable, and UK based.

We bought Firemon in the interim and then got rid of it and went back exclusively to Tufin. We had a special environment and Firemon came in, took a pitch, and it was cheaper than Tufin and it checked all the boxes. But when it was actually deployed in the network it didn't fit the purpose so we cut our losses.

Very easy. You need Check Point skills for sure, and it goes with other products as well.

No, we didn't. We went straight to Tufin initially because we bought it. There wasn't anything else back then, because we got it ten years ago.

The most valuable feature for us is SecureTrack. With it, we have rule documentation, change documentation, and the ability to create various reports. We can also enforce compliance with our security policy, as well as to define exceptions.

Another valuable feature is SecureChange, which enables us to have individual workflows. Individual workflows have to be followed step-by-step without skipping a step. That's the great thing that we can do with automation so that firewall administrators don't have to do so much manual, routine work.

There's an automatic compliance check. If you have an accessory test from A to B, the system will check the entire firewall infrastructure to see if it's possible immediately or not, and if it's not possible now, then the change will be started, and if it's a standard change, the standard change will be run more or less automatically, and it's not necessary to involve the technical team for a standard change.

The GUI is not really adaptable as you cannot configure it. The buttons are fixed and it's not really intuitive. It's good for selling training, but in daily work, it's not very easy for those who are new at it.

We've had no issues deploying it.

I think the stability is very good. We've had no issues with instability.

It scales from small network segments up to very, very big companies with thousands of firewalls.

Once I heard from a German Tufin guy something about enthusiastic support, and I thought he was crazy. But now, I think it's true. Even when there's standard support, I become nervous when I don't get feedback within one or two hours, even if the SLA says twenty-four hours. They're very responsive, and also very technical. Technically, they're quite good.

It depends, but mostly the initial setup is straightforward. Just install the operating system, take the appliance, install the software, and then connect all the devices you want to monitor, then you have the basis. Maybe it takes some effort to implement or to import unsupported devices, or defining generic devices and so on. But the standard installation is very straightforward and easy.

I don't evaluate other vendors every two weeks, but I've evaluated them before, and I think Tufin is quite a technically-leading solution. It's very robust and Tufin has focused on stability and topology. Correct topology is the main factor for authorization speed, and Tufin is the best.

We use SecureTrack to walk us through the implementations of our firewalls and for all our policy checks, complaint checks, and reporting and overview of our monitoring policies.

It's given us an easier workflow since we go through the different steps of network validation to make sure that the request coming from the user is technically sound and implementable. It also helps us with security validation, that is, compliance with company goals and so on. We've also added change management so that we're able to implement solutions at the at the optimal time.

I'd like to see automation of a number of steps. In particular, I think that the implementation and validation steps that we're currently doing manually should be automated. Even the input part at the beginning of our workflow could be automated with a link to our ITSM solution.

Deploying it has been without issues.

I have no instability issues at all. It’s working so well that I’m not worried about it.

We have a number of firewalls with no concerns about scalability.

I have had a number of discussions with mostly the sales team and some engineers on how to go ahead and implement some things. So technical support in that regard has been great.

I wasn’t involved because I wasn’t in with the company at that time. I was involved since April and we had some upgrades to perform. It was straightforward and we had no issues with it.

We've implemented with just our in-house team since the initial setup.

We looked at some other solutions at events, but they are not as advanced or complete as what you get from Tufin.

Give it a try.

We're able to generate reports to know what's going on with our rules, specifically expiration dates and PCI's, for our firewalls. It lets us know exactly what's happening.

When we make changes, we need to know exactly what's going on between each firewall and why a rule may pass or not pass between each. It would be good if Tufin gave us the ability to do this in a graphical way.

We have sixty firewalls, and sometimes the path between any two firewalls may have five rules. We need to know exactly what is going on and where we have to implement a rule. It's very complicated to do right now, and that's why we want to implement a security change.

We've had no issues with deployment.

We've had no issues with stability.

We've had no issues with scalability.

We need a vendor that has good, responsive support. Tufin support has been that.

We have a virtual firewall and when we ran our system, there was a problem with mismatched object rules. We called support to help us clean the firewall. The rep looked around and, after an hour-and-a-half, confirmed the problem. Then another five or six technicians analyzed our request and, after three or four days, released a fix for us.

We had no issues with the setup.

There may be a better product a year from now, but we're using Tufin now and we're satisfied with it. We'll use it until it doesn't do the job. It's a big deal changing firewall vendors, so we don't want to change unnecessarily.

The primary use case is data flow analysis.

We use Tufin to clean up our firewall policies of unused policies.

It gives our firewall administrators visibility into the total infrastructure.

The most valuable feature is troubleshooting.

I would like something that addresses security in the cloud.

The stability is bulletproof. 

It is extremely scalable. It really addresses the scale of a company's firewall footprint.

The technical support is excellent.

Our account manager and Tufin support have been a big help to us.

We were getting to the size where manual administration of firewalls did not make sense anymore.

The initial setup was straightforward, but time consuming.

This solution has helped us reduce the time it takes us to make changes. We have seen the reduction on the front end, when doing an analysis of the data flow.

We also considered AlgoSec.

I would recommend taking a look at the solution.

I use the solution daily and can see it anytime that I want. I find it invaluable in day-to-day management of firewall policy and policy changes.

This solution has sort of helped us to meet our compliance mandates.

The cloud-native security features will be more important in the future. I am just learning about them now.

I have not worked with SecureChange. I just took the SecureChange track, and from all of the exercises that we did, it seems like a very valuable tool after your firewall population reaches a certain density. If there are a certain number of firewalls, manual administration doesn't make sense anymore.

We have a better view of our compliance status. Most of our network is on-premise, so we don't have a cloud. We don't have a hybrid network, but it provides visibility for what we do have right now.

The USB is its most valuable feature. Inside of Tufin, we plan to leverage the USB in solutions.

The change workflow process is flexible and customizable.

It is very easy to use. We can get results back quickly.

I would like an improved reporting module which can be flexible (custom reports) and allow us to generate our own reports, because the data is already there.

It has been very stable since 2017. We haven't had any power problems. As far as hardware goes, it's been very stable. As for software, we found some bugs, but we're working with tech support to fix them, which is normal.

The scalability is very good. Hopefully, this year we are planning to add more entities with our custom platform. The more controller options would be something which will provide more flexibility.

The initial setup was very straightforward.

We used a boutique software with services at the time. For most of our onboarding, we did everything ourselves.

We also looked at AlgoSec and FireMon.

We did look at less expensive solutions than Tufin, but being a corporation, this solution made sense.