Tufin Orchestration Suite Reviews

I have used Tufin for traffic analysis, to check the traffic hitting a specific rule, for rule consolidation and so on. It’s really helpful. For my usage, it's very good.

We would like to see historic reports for the device, for a policy, for rule consolidation, and for rule optimization.

Also, it's pretty slow for us. Just to run an analysis for a single rule, we need to wait at least five minutes.

We had a couple of stability issues before, when we were running on our old core. We used to not get the reports as we expected. The Tufin used to get disconnected from the device and just not provide the exact reports such as the hits on the rules.
Over the last year and a half, we upgraded twice, and right now it's pretty stable.

It has been scalable for our needs.

Technical support is really good. They're supportive.

We've been using AlgoSec as well for analysis. We use both Tufin and AlgoSec for our reports.

It's a good tool. We would need a view of all the tabs, for the analysis. If it's pretty fast, that should be good for us.

Our primary use case is for change audit.

My team uses it heavily to audit the changes made by junior engineers, going back and figuring out what they messed up, and correcting their mistakes. We generate reports for customer compliance and audits, as well as for regulatory audits.

We use it to generate reports that we are in compliance, but don't necessarily use it to mitigate any compliancy requirements then only to report on them.

The historical reporting is the most useful feature that I use the most often. 

For what we use it for (change auditing), the visibility works great.

We don't have any issues with it, but the reports could be easier to read and more customizable. Also, capturing some of the different versions, and being able to dig through them could be a bit better.

The stability works, for what we've been using it for. The system has been up and running for at least a year and a half without any issues. The only time we do anything with it is when we upgrade it or patch it, but we have never had any performance issues or it falling over.

The way we deployed it is sufficient for what we're using it for. We haven't really had to scale it.

We tend to not have any issues with it, so we don't need to use support very often. For what we are using it for, it does exactly what it is supposed to, and we don't have any issues with it. 

We did contact technical support when we had an appliance, then we migrated it over to a VM and it was moving some of the data from the old code format to the new one. We have also had upgrade problems with it randomly breaking on us. 

My team has had a pretty good response from the technical support.

We had a bunch of issues with junior engineers causing problems and people not knowing what was changed or what happened. We needed a solution that produced very easy to understand and quantifiable change reports. 

We had a home-built solution before Tufin had maintenance issues because it was our own,  and we had support issues with it. It sometimes worked, and sometimes didn't work. Tufin was a very easy shoe-in replacement for that solution.

The setup was pretty straightforward. The documentation was pretty clear in terms of what you had to do. It was just the case of executing it.

We deployed it ourselves. 

For our numerous cases where outages had been caused by engineering errors, our ROI is in the ability to quickly go and see what the person did and fix it. Tufin reduced the time it takes to solve a problem, which reduces the time of the outage. It does have a cascading effect, but I can't quantify it to dollar amounts.

It has been a few years since I've looked at anything else.

I would rate it a seven out of ten mainly because it does everything really well. In general, it still does what it's supposed to do, and we don't have any issues with it. 

I would advise someone considering this solution to know exactly what you need before you start the process. Be very thorough, because the devil is in the details and you need to know exactly what you want and need. Then you'll be able to tell which solution is better, and which one gives you the better return on investment. 

The first one is the policy analyzer to help the network facility to remove objects and the server needs an object, an appliance object.

For the first one, we were able to reduce the number of rules, and the signaling one is about the compliance. We have many security rules to define the flows between the security zones, so we put all the rules under 13, and then we can generate reports.

It needs more compatibility with older firewalls.

We have no issues.

We have 2000 employees, and it's been able to scale to meet our needs.

Very easy. We got the license, and we got all the roles and information from the firewall to generate reports.

Prior to implementing, you need to know the needs for each project. If you know the needs, you will probably meet expectations.

It's very easy to document every change that has been done to auditors or internal auditing, but also to troubleshoot when you have more than one person taking care of your policies. So we're able to very easily and very quickly find out what our colleagues did and to mitigate that if it has caused any problems.

It seems to be stuck between the usability of a browser-based application and a full application. Part of my feelings about this have to do with my perception of working with web applications, and there tends to be almost natural laws that something might get stuck or the browser gets confused, things like that which could use some improvement.

We've had no issues with deployment.

I haven't seen any stability issues. We actually seldom see issues with the product, so the experience with the support is not that common, but I think the issues we've seen have been handled quite well.

It scales very easily. I'm in a market where a 5000-user company is a large company, so there's definitely no problem there, but I easily see that the solution can scale far larger than that.

They are responsive and quick in terms of technical support.

The basic installation is very easy and it's quick getting things up and running. Where there tends to be the problem is, and it's not really a Tufin issue but more a customer issue, how to really work through the policies and get the full value of the products. It's very easy to get started, and when you first get started, the further steps where you begin to make your change to your app, there are a lot of organizational work that needs to be done to get the full value of the product. This tends to be the issue with most companies.

We implemented it with our in-house team.

This is true for Tufin and as well for many of the security vendors and their products. I think it's very important just to get started or get the easy wins first, and then go to the solution afterwards. With Tufin, I think it's very, very easy to get big easy wins up front with all the documentation and all the tracking, just to get started and move forward from there.

The primary use case of this solution is for monitoring, automation, policy orchestration, and security.

The most valuable feature is the monitoring. I quite enjoy the monitoring this solution provides. It allows administrators to visualize the traffic flow, and troubleshoot when necessary. It's a useful tool.

The interface is quite user-friendly and intuitive.

The cost of this solution should be improved.

They need to offer more support to vendors, such as Cisco, Checkpoint, Fortinet, and Forcepoint.

They have an API, but it needs more service on this.

While technical support is good, they could still improve.

I have been working with Tufin for one year.

It's a stable solution. There are some bugs that they are working on but that is common with any vendor.

They do mention that they don't support specific features from Nexus for some automation but it does actually work, although it is not listed as working.

Technical support is relatively good. They are not the best but they are good.

They could improve but they do respond with accurate responses.

The initial setup was straightforward. It was deployed in less than an hour.

The first time without training, it took an hour or so, but it was quite easy.

It's quite an expensive solution.

I would recommend this solution to others who are interested in using it.
I have not worked with any other vendors with this type of solution, for example, FireMon. I haven't worked with it. 

I would recommend it specifically to start with a secure track, which is a monitoring tool. Once the customer sees it, they want the solution. Afterward, for automation and secure change.

I would rate Tufin an eight out of ten.

We use it to track changes and the policies that we've implemented into our system.

It allows us to evaluate and build matrices, and see how rules work with it to see whether they are secure.

The biggest benefit of this is that it allows us to see how security functions as a hole. Also, it lets me see where the holes are and how things function.

The rules and configurations can be clunky. I have to wade through different things to get what I'm looking for, but the more I use, the more it makes sense to me.

The company has used it for 2 years, but I've used it for 1.

No issues with stability.

The scalability has been great, and we've implemented it on 25 devices now.

The implementation is straightforward.

I did it in-house, but tech support helped me walk through it and find missing pieces.

Try to get a training course on what it can do, so that when you go to implement it you can get the most out of it. If I had known all the features from a training class, I would have implemented it differently from the guy who did it for us.

Our primary use case is fo the security of our medical facility. We have a lot of holes in the firewall and we wanted to see the details. For example, we see a lot of traffic between the different zones that we needed to reduce. So we use the solution to eliminate this traffic. It also allows us to have a lot of optimization rules for a good switching policy in the firewall. 

It can quantify and reduce a lot of risks.

I like the deployment and management of this solution. I don't have much experience in that kind of security solution, but I have three years of experience in similar solutions, like AlgoSec. I do some scripts to optimize the solution, such as configuring the API.

Additionally, when we export the report, you can see a lot of logs of all the equipment in the company and we can identify some of the machines or some log station in the network. Also, the user can create some requests to implement the flow and push the rules in the firewall. You can analyze the log and the traffic, you can have a lot of API's, and do some reporting.

In the next release I would like to see better migration in the Cloud because that will allow more visibility in the network.

I have been working with Tufin Orca for one year.

This solution was already deployed and we just manage it.

It is a stable solution.

This solution is scalable.

I have tons of contact with support. If you have some problems or issues you can contact support and manage the problem together. I did that with a lot of competitors, like Palo Alto on our network. If we have an issue in production, my production team will try to solve it or you can contact support to manage the issue.

I am satisfied with the support.

The initial setup is not complex. It's easy for me because I have some experience and training on it. Now I can do a whole production on the application.

We used an integrator for implementation because I have a colleague who has a lot more experience than me and we worked together to manage that solution.

I would recommend this solution. I think it's a good solution to have. It is good to know what this solution does in the network. You can have a lot of training on it and see a lot of questions from different users in the company.

On a scale of one to ten, I would rate it an eight.

Being able to use tools and zero key rules, we are in a place to clean up. It is good for management because they can see exactly what is going on.

It gives us a better view of the rules. We found that we can send invites to the owner of the application to find out if they still needs to use it, and if they say that they don't want it, then we can observe the rule and remove it if possible.

More integrations is something that I would like to see in the future.

It is very stable.

It's been able to scale for our needs. We only need to drag files for our subsidiaries into our devices, and currently we have about forty or fifty devices.

I've never contacted them directly as I go through our partner who were also the reseller.

I think it was very easy. Of course the technical guy was very good. He did it in a matter of two or three days because it was a big contract.

We are very happy and it's a good product We take the reports, we see the zero keys, we see no rules that are not used, rules left over, I focus on those because this is my field.