Tufin Orchestration Suite Reviews

Our primary use case is configuration management and change management.

Tufin has improved my organization with its configuration management. It has tremendously improved operation's success and has made life easier. 

It has also increased the amount of gateways there, which has really helped us. Information is readily visible.

Tufin has ensured that the security policy is followed across our entire hybrid network in the way that it has given us what is in place now. We're trying to impose the security policies of the organization. There is still time to get in there.

• Configuration management
• Change management

I don't get the full visibility. There are a lot of improvements which can be done in terms of visibility.

We have had challenges implementing the change workflow process. We were trying to do and end-to-end automation part and standard services, like Active Directory, through a couple of customers and internal applications. We had challenges that we couldn't overcome, even with help. We are still trying to achieve this.

Change management is something which is currently difficult. It should work seamlessly, not have too many integration points. It should be simple.

Stability is good, so far it hasn't given us any trouble.

We've never really had the opportunity to check the scalability. Our company's growth at the moment is stagnant and normal.

Their customer service is better than it used to be.

We implemented through a consultant from Tufin, who was helpful.

We have seen ROI in operational aspects, in terms of how long it takes to resolve incidences which arise. 

I would rate it seven out of ten. I would recommend Tufin if someone is considering it.

We are still in the process of phasing it in to help us with our compliance mandates.

Firewall policy management over all firewalls from one single point. We browse policies, objects, and their usage. The report gives us an image of where risks are.

We now spend less time auditing rules with reports: 

1. The designer helps us in creating rules
2. It tells us what rule is missing and where to put it. 
3. The predefined reports are then sent to administrators.
4. It provides an exact image of how to improve security.

• The policy browser gives the ability to browse all firewalls from a single point. It's possible to see where an IP is inserted in rules. 
• The designer gives the ability to know where to add a rule, or if the rule is already in place. 
• The reports are personalized now and the cleanup is helpful for administrators.

It would be great to add a link to Visio to create shapes directly from Tufin, as it has the configuration. 

We're using it to write down policy changes. We have lots of jobs making firewall changes. We track down all of those in the reports and we can see what is going on. If something goes wrong, we can track down the latest changes and determine how to fix it.

We would like to use Tufin through the cloud. We don't want to keep the hardware or all those devices on premises, where we have to manage them and upgrade them. If we could use Tufin through the cloud, we could just tweak the firewalls, keep the changes, and then track them.

Right now, Tufin is on premises, which means we have to manage it, we have to upgrade it, and we have to take care of the devices. The infrastructure is not very critical for us, and we just need to use it, so we would prefer to use it through the cloud. Everything is in the cloud.

I have not found it to be slow at all. The speed is good. At first, we installed Tufin in one of our offices, but now we are using it everywhere.

Technical support has been good.

The last account I was working for had just implemented Tufin. It was good for retrieval and for policy remediation, as far as cleaning up policies and so on. When I got there, they had a lot of old policies. Everything was all over the place. Tufin was good for policy cleanup.

Once you install Tufin, it performs a query and it searches all active policies. Once it does that, it places all the policies that you know in priority order, as far as which policies are being most used and which ones aren’t being used. Then it gives you something like a survey of things that were being used or any things that weren't being used. You can decide whether you want to take out or if you have some machines which are totally dead. That was really the big benefit of using Tufin.

It took a long time just to try to gather the information. I would like Tufin to be faster.

For what we needed, it searched all of the information we wanted it to.

It was stable. We didn’t have any stability issues.

It was very scalable and very customizable for what we needed it for. We had about 4,500 users on our network, and then we had six firewalls. It came in handy with that.

Installation was a little bit complex, so we did get help. We had to have professional services from Tufin come and help us. They were great. Once they came, it was simple to setup. 

I’m giving the product a rating of seven mostly because of the initial setup. It took us a while because we couldn't figure it out. After about three weeks, we had to hire someone to come and set it up. Once that happened, then it flowed.

When we were deciding whether to implement Tufin, a lot of the other agencies were using it at the time. We went with Tufin because it was receiving favorable scores from the other agencies.

The only one I can compare it to is AlgoSec. AlgoSec has a few more features but a lot of similar agencies were going towards Tufin, so that's why we went with them.

Define exactly the specifics of what you need it for. If you need it for remediation of policies, then it's definitely the product to go to.

I permanently use it for their Automatic Policy Generator, and for object lookup.

We use Tufin for object lookup. We often get requests from the business. They give us an IP and they request something like, "We need to know what the rules are for this.", so they can add more similar rules. We go into the object lookup, give the IP that we're looking for, and then it generates a report, either Excel or PDF.

We have probably a hundred policies using Tufin.

I would like to see a little bit more of enhancement on their PCI-compliance piece. We reviewed a Skybox product. They seem to be doing a lot better than Tufin does on the PCI reports.

I think we're ready for an upgrade, it's getting kind of slow. They did tell us that you can break up the database in the actual server application into two separate units. That's supposed to make it a lot faster. I think we'll probably do that in the next upgrade.

We have seen some slowness, but I think it's because we're on some aging hardware. We're quite larger than a lot of people that probably use it too. It has been scalable for our size so far.

I actually hadn't really had the need to reach out to technical support. We're a pretty big customer of theirs, and they're always coming around. I usually deal with my technical issues when they do that.

I went through one upgrade, but they already had Tufin when I arrived.

We did a proof of concept to compare Skybox and Tufin.

It’s a pretty good product. The PCI compliance piece probably accounts for the rating of 8 as opposed to ten.

As far as comparing Tufin with another product, I would just look at some of Tufin’s features like the APG that is not used that often, but it's a really good feature. They do also have an extended tool section where you can kind of get a little bit more in depth.

Tufin is invaluable for helping us keep track of things, providing us a method for checks and balances. We're a Tufin SecureTrack customer at this point, and the product serves multiple purposes when tracking changes. We’ve also starting using it as a compliance tool, utilizing its capacity to help us analyze policies. Overall, SecureTrack is a very easy tool to use, and it’s relatively fast. We've recently virtualized it, and from a performance aspect, it works great.

I think we're on Version 15 right now – almost the latest one. Moving from the appliance to the virtual platform was really simple, and from a performance standpoint, it was pretty much seamless.

We are starting to use it more as a compliance tool as opposed to just for tracking changes and backups. Because it tracks changes, SecureTrack maintains a complete CVS (Concurrent Versions System of all of the configurations of a lot of our systems. Because we're a multi vendor environment, it's not just Check Point. We have licenses for all of the different firewall vendors’ products and things like that.

With SecureTrack, I think it does what it needs to do, so I can't recommend any changes, although I would like to see additional vendors added to it (and I’ve already discussed that with Tufin). They already support F5 BIG-IP, so we've discussed possibly adding Citrix. And, although they support A10 for the Tufin Orchestration Suite, I’d like to see support for SecureTrack as well. Because they already have those plug-ins on the Orchestration Suite side, it doesn't mean that they can't have it on the SecureTrack side as well.

I do think some of the licensing can be simplified or made more flexible. Because we are multi-vendor, it would be nice to have a way to convert licenses from one product to another. For example, I’m phasing out all of my Juniper firewalls, and I want to turn them into Cisco. It would be nice to be able to detach licenses and re-attach them to different types of devices.

I also think that at some point they're going to have more integration on the SecureTrack side for some of the other switching and routing platforms – not just Cisco. They already support some of the Juniper routers and switches, and SRX from the firewall standpoint. I am not sure of where they're going to go with Pulse Secure.

No, we never had any stability issues because it's a browser-based tool. We've never had any problems with accessing the tool, and its performance is great.

I think it's scalable for what we have today. If we were to move to Tufin Orchestration Suite, we would probably look at putting more distributive Tufin appliances out in different places because we are worldwide and have major data centers throughout the world. We would probably try to keep things localized.

Tufin’s support is actually very good. In the early years, there was a support guy who we would always end up getting, so he kind of knew us personally. He was great at helping us jump on things, running all sorts of different SQL commands and similar processes in order to fix whatever upgrade issues we had. Tufin support has always been great.

We relied on other logs and on open source tools. We used about five or six different tools for various functions, but we were able to consolidate by moving over to Tufin SecureTrack.

At the time, we did a bake-off between Tufin, AlgoSec, and FireMon. One of the main things was that Tufin was just simple. It was basically: rack it, stack, turn it on, IP it, start plugging things in, and it was ready to go. With some of the competitors we had to set up a Window server, buy a Windows license, expertise it, etc.

We're using Tufin OS, which is just Linux. For any customer who wants a solution that is quick to set up and just works, Tufin's the way to go.

I really, really like the solution and we’ve been really happy with Tufin. Even though our Tufin sales rep recently changed, they've always been engaged with us. They hit us up pretty often to find out if there's anything that we need, or if there's anything that they can do to improve or even expand the use of their product.

The most valuable feature is the ability it gives us to browse our entire infrastructure and easily find which rules match our policies. Tufin also helps us to clean up our firewall rules by suing the object browser throughout our entire infrastructure.

Tufin has allowed us to do much faster analysis. We don't have to analyze the entire rule set anymore because it tells us whether each specific rule matches policy or not.

I'd like to see more features implemented into Tufin to help us with automatic monitoring of our firewall environment.

It's quite stable. We've had no issues with instability at all.

We don't have firewalls all over the world, just a part of it. For the number of firewalls we have, Tufin works fine.

For the project I worked on, there were some things that didn't work quite well enough, so I got the impression that customer service had different expectations from technical service. I used it as an opportunity to tell customer service that we should work on the project and finish the concept before talking about pricing. But they thought we only needed the standard product, but for me it was clear that our evaluation showed we needed something more.

I was only involved in the POC, and I didn't have any big issues with it. So I didn't have a lot of contact with technical support.

When the decision for Tufin was made, I was not yet in the company. I've performed several upgrades since, and they all went well.

We also evaluated AlgoSec and FireMon, but we're staying with Tufin as it's our first choice. We only looking at other vendors because we found that during our evaluation of Tufin, there were some features that weren't implemented. We didn't make any progress on the other evaluations, however, because we didn't want to invest the money in them when we had the feeling that they weren't going to do what we expected.

Tufin SecureTrack has been great for us.

Our primary use case for this solution varies on the customer's needs. However, we primarily use it to augment the safe firewall and consolidate various firewall vendors.

The consolidation of other firewall vendors is very valuable because many customers have different firewalls and the management administration has to be done differently. However, with Tufin SecureCloud, you can do things together.

The reporting during the initial setup could be better by including more automation, and the pricing should be reviewed, as it is a little too high.

We have been using this solution for two years.

The solution is scalable.

We have had a decent experience with customer service and support. The response time has always been within 24 hours, so we usually get a response within several hours of logging a technical issue.

The initial setup was straightforward, and it took us approximately 24 hours.

The licensing costs are charged annually but are higher than similar products.

I rate this solution an eight out of ten. The solution is good, but the reporting available could be improved, and the pricing could be reviewed as it is costly. Nevertheless, I recommend this solution to any organization that wants to implement a firewall analyzer. Additionally, I would advise new product users to read sections in the recommended requirements and ensure it is properly communicated to the vendor they choose to work with.