Tufin Orchestration Suite Reviews

The SecureTrack and SecureChange features are the most valuable for us. SecureChange can work with different appliances. The integration between topology, security, and workflow is powerful, and the workforce capability to create a lot of different scenarios is great.

We use SecureChange because we have separate views to see those who are compliant with rules, those who are on probation, and the managers. The integration with our system is quite good, which is important because we have 5000 firewalls. Fortunately, we don't have a lot of rules but there are many people who can make and change rules. With this approach, Tufin has become a very powerful tool for us by creating an automatic implementation.

I would like to see a powerful integrator for automation in the environment.

We haven't had any issues with deployment.

We've had stability issues because it's a heavy solution. It takes a long time to get up and running, and when we migrate releases, that's an issue.

We've had no issues scaling it for our needs.

Our experience with technical support has been mixed. Sometimes we've gotten prompt responses; sometimes we didn't. We're also very, very busy and it's difficult for anyone to find time to work with technical support. Our last trouble ticket took two months before they asked us if we were ready for a fix, but we were all busy!

Implementation is complex now and the two-track environment is very stressful. I'd like the capability to put different rules within the appliance in order to manage the implementation.

We implemented it ourselves.

Tufin provides Unified Security Management across heterogeneous environments. This is one of the great features of Tufin. We could easily compare the revisions of the devices, analyze the network and generate reports.

Before we started using this product, to resolve the network problems, it used to take a week or so. But once we started working with Tufin the problems are resolved in a day or two. And also, we can monitor different firewalls under a single GUI using Tufin.

I think SecureApp could be improved because, many organizations who implement Tufin majorly use SecureTrack and SecureChange, SecureApp is rarely used basing on their requirement. SecureTrack and SecureChange have been updated a lot and I personally can't see any changes in further in these. So, I think SecureApp has scope in developing more.

3 months.

The best 10/10.

10/10 They maintain good sessions in providing support

The initial setup is a straightforward, not that complex; just had a few Linux commands to setup the software part and of course there will be some physical effort in setting up hardware as well.

In-house.

Above 100%.

Nominal and market competitive.

I couldn't find other products which have similar features as Tufin.

Surely, I would recommend this product in implementing. If the organization has a large network and different firewalls/network devices; Tufin really helps a lot.

We are a Cyber Security Products and Services company. We resell Tufin products and provide Tufin technical services.

The primary use case is automation.

We are using the latest version.

We find that the change workflow process is flexible and customizable. If we want to change approvers, that is very easy. If we wanted to add a step or get rid of a step, this is easily customizable.

We are using the visibility with notifications on every firewall change and what those changes were. We have visibility to see who is making the changes, and when. This is the biggest thing because we are underutilizing the product right now.

This solution has helped us meet our compliance mandates. Everything is all auditable. Every change is tracked down to the person and time.

The auditing is a valuable feature. We can be audited, because it has the ability for approvals to be set up and to put in policies. It is all automated.

So far, the stability is good.

With scalability, we are going to run into some issues. We have been talking about converting over to actual hardware as opposed to virtual. Therefore, I don't think we are scalable at this time, especially with the updates coming. I'm told that they're going to need a lot more horsepower to push them. 

As far as scalability, it is great for adding network objects and so on.

i have not talked to technical support.

As we start to dive in, I'll be reaching out to the customer success team.

The initial setup was straightforward. We did it in three days.

We used a reseller for the deployment. They were very good.

There was one other solution that we evaluated, but it didn't stack up. Tufin was the best solution.

Everything is good right now.

Reach out to whoever does your implementation and support. Ask as many questions as you can and do research.

We haven't got to the point where we've used the solution to clean our firewall policies yet. That is the next phase.

This solution won't help us ensure that our security policy is followed across our entire hybrid network until the next stage.

We're not in the cloud.

Our primary use case is firewall monitoring, rule changes, and logging.

The change work flow process is flexible and customizable. We found it pretty easy, particularly when we were implementing new rules and with our cleanup. We found that the rule change was fairly easy to implement.

It has allowed us to monitor rule changes. This way we know exactly what would happen behind the scenes in the event of an after-hours change.

Its ability to detect changes within our firewall.

We had some issues initially with the initial reporting and alerting system.

While the visibility was pretty good initially, we have had issues with configuring and reporting.

I would like a better reporting feature and automatic alerting based upon rule changes.

Our engineers still have plenty of manual processes to work with.

The product seems stable from when we implemented it at the time.

We're pretty small scale, so I don't know how much larger it would go. We're about a 4,000 device network.

I haven't interacted with the technical support.

The initial setup was straightforward, but then it became complex due to our rule set.

We used a reseller, who was fine to work with.

The solution has helped reduce the time it takes us to make changes. It helps make overall integrated changes immediately. It allows us to cut down at least a few hours in the week in regards to changes and monitoring.

Really dig deep and understand your use cases, then what exactly you're looking for out of the solution.

It has allowed us to maintain particular rules in regards to CJIS and HIPAA compliance.

We have multiple networks connected to this solution. So, we are able to design and monitor different rule sets in the three different domains that we control.

The Automatic Policy Generator is a valuable feature, because I've been converting from ASAs to Check Point. I used Tufin to analyze all the rule bases to get rid of what I don't need, and create less permissive rules.

I had only 300 rules, but I've been able to consolidate it down to 67. There was a lot of duplication, and they're all interface based.

I like the diff where I can actually compare configs: who changed it, when they changed it, the last time it was saved, what changes were made. I can also do that in SolarWinds, but Tufin just makes it a little easier for me. Some of the tools’ features that they have, they're a little bit more mature in the later versions. The version that I have uses the spider-like view, with just the branches everywhere. It actually shows the network connectivity and the traffic. The routes, basically. I actually like that, but what I don't like about it is that, on the ASAs, it didn't take into account the weighted security code: 100, 50, 90 and so on. On the ASAs, according to that security code, you can talk to less secure networks without actually hitting a firewall policy. But if you want to talk to more secure networks, you actually have to go through the policy. The policy is basically the ACLs are interface based.

I'm really interested in seeing the real risk value. Firewall policy management was great, but it's not something that's critical for me because I'm a smaller organization. I don't have 500 or 1000 rules. I'm more interested in just being able to show risk.

I've kind of lost a little bit of interest in it, to be honest. There's some other tools that are doing a little bit better. I like AlgoSec and I also like Skybox. I’d like to be able to incorporate my policy data into it and actually be able to see a risk score from end to end. Tufin was not doing that at the time that I purchased it. A true risk score allows you to see the impact of a sev 1 versus a sev 5. Most organizations do sev 4 and 5 patching. They hardly ever go back and do a sev 1 and 2. You can actually take that data, analyze it, put it into your infrastructure, consolidate it and look at your total risk score for a vulnerability. Tufin might be offering that now, but it's modularized and I don't have the budget for it at the moment. I already spent a half-million dollars, so it's a little out of my budget at this point.

I did like the SecureChange feature, and they were one of the first to actually offer that. It allows people to log into a webpage, and if they needed a firewall rule, they would actually submit the request through Tufin. Tufin would then compare it to the compliance policy that you manually build into Tufin. If it violated the policy, it would deny the request for you. It would allow you to make an exception for it because of x, whatever that reason may be.

All the competitors have their niches. Not one of them does anything perfectly. If you're comparing these type of management products, you want to look at what you're really going to use it for.

I use Tufin SecureTrack, which means I use it for looking at things and not for making changes. The value of it there is that, since I deal with Check Point policies a lot, I can use it to see what changes have been made to the policy since the last time I looked at it, because it may have been a couple of weeks since I last installed a policy or maybe somebody else has had their hand at it.

Tufin gives me a really easy way to graphically look at the policy, before and after changes are made, through two panes. As you drag around one pane, the other moves with it, and they resemble the Check Point dashboard view so it’s very familiar. You can easily spot all the differences and see what has changed in the policy to make sure there are not any mistakes and that nobody accidentally added a block edited any rule at the top of the policy—that’s probably happened to everybody, right?

I also use a feature where you can run a report on rule and object usage. This helps me spot rules or objects that aren’t really ever hit, so I can remove them from the database if they no longer exist.

Tufin is easy to use, which was really important for us. Also, it’s not a dangerous solution because we can’t make changes with it.

I'm running R77, and I'm concerned with how well it will work with R80, the new release of the operating system. R80 changes the way that the dashboard you use to manage the policy looks and operates, and we will have to see whether Tufin keeps up with that or not. Also, in the current R77, the various blades appear as different tabs in the interface and dashboard, and Tufin doesn't look at any of those tabs except the security policy. I'd like it to be able to look for changes in some of the other configurations. In R80, it's all tied together, but for now, it's in a separate panel. I don't currently have any way of using Tufin to audit what changes have been made to the web filtering configuration, for example.

It's very stable.

I don't have a huge environment, but it doesn't seem to require a lot of horsepower. We're running it as a virtual machine, and that's working fine.

We haven’t needed technical support since we moved from a physical to a virtual world.

It was straightforward. It’s been a few years, but I don’t recall any problems with setup.

I have no problems with Tufin, and it works great, but I would have to give it an eight out of ten. It’s just not as amazing as some of the other technologies I use, like Lancope StealthWatch. I wouldn’t tell anyone to stay away from it—It’s just a good idea to look at the competition and see what’s out there.

It supports failure operational processes of the administrator, which sometimes in small companies is difficult to do. This helps me in my job to help others free up time to do other, more important tasks.

The biggest and most important benefit is that it addresses the weaknesses of our internal customers. We can perform changes in real-time instead of having to wait for days or weeks. Of course, if there are compliance issues, we can see right away whether they have documentation that addresses the issues and we can then approach management with the solution.

It doesn't have cross-vendor support for solutions such as Barracuda.

We had no issues with deployment.

We haven't had to log any support cases, so I'd say that it's a stable solution. We haven't had any issues with stability.

Our Austrain customers are not big, so scalability from my point of view is not an issue. At the moment, we haven't come across any issues with scalability, so I'd say it's perfect in that regard.

We aren't in direct contact with technical support, but we could be if necessary. But I've heard my colleagues talk about how Tufin isn't as big a company as Check Point, so that if there's a problem, the entire company helps to find a solution.

I didn't perform the initial setup, but I don't think it was too complex. We have a lot of Check Point engineers and thy have an understanding of security solutions, so it was easy for them. We have all three Tufin solution, and I think SecureApp was the most challenging, but we have experience, so the setup was still not too difficult.

We implemented it with our in-house team.

We have a close relationship with people within Tufin, many of whom came from Check Point. We didn't think about going with another vendor.

Just try it out. You should perform Proof of Concept and you’ll be reaping the benefits and seeing it’s a good product.

Our primary use case is the policy request automation workflow.

Tufin saves a lot of time on the policy requests deployment. It enhances the SLA of the policy requests or changes and enhances the accuracy of the policy deployment.

I like the policy topology map, which allows us to visualize the picture of the security policy of the whole organization.

I would like to see the hardware specifications improved. The solution requires very high specifications of hardware platforms to run it. These high requirements are quite difficult to be acquired for users. 

I have been working with Tufin for the past three or four years.

Tufin performs very well.

Tufin is definitely scalable.

Technical support is very good when escalating questions with them.

Positive

The initial setup is straightforward and easy.

I think the pricing, comparatively, is good.

The functionality, roadmap, and technical support are important to most customers. It is important to consider the integration support with other security tools and compatibility. I would rate Tufin a eight out of ten.