Tufin Orchestration Suite Other Advice

Amroy Lumban Gaol - PeerSpot reviewer
Information Security Engineer at a financial services firm with 10,001+ employees

I rate the solution an eight out of ten. 

View full review »
DS
Network Engineer Lead at a energy/utilities company with 10,001+ employees

Give Tufin a good, hard look. From my experience, it is the best of breed.

Right now, we're focusing the implementation on our NERC CIP firewalls (the compliance stuff). We have some other teams who will be working on the corporate side and certain clean up rules along with the rest of the corporate firewalls. We are not there yet, but we're working on it.

View full review »
MH
Network Security Operations at a insurance company with 10,001+ employees

It gives us visibility and the ability to make changes automatically with less mistakes. Overall, it's a decent product.

Tufin is definitely a good contender to come as a winner. It has the potential to look not only at firewalls, but also network devices and other cloud-native solutions. It is a pretty broad base product, which will eventually be a good future tool to have in a toolkit.

We haven't used the workflow from Tufin. We use our own ticketing system for that. We are busy integrating our ticketing system with Tufin right now using an API. We are just in the process of doing that.

Tufin helps us understand and ensure that security is being applied. Tufin is not a security tool. It just gives us all the information about security, firewalls, etc., and that they are doing their work. From that perspective, it would be a long stretch to say that Tufin provides us security. However, Tufin provides us the information that we have security across hybrid environments.

All of our cloud-native security features are directly taken from cloud management tools. We don't have anything deployed yet from Tufin for cloud-native security features, but there is a desire for that.

View full review »
Buyer's Guide
Tufin Orchestration Suite
March 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
EJ
Manager at PG&E Corporation

Give it a try. Get a full list of Layer 3 devices available, import it into Tufin, look at the topology, and work forward from there.

Currently, we are still not provisioning.

View full review »
PM
Senior Network Engineer at a financial services firm with 10,001+ employees

I've already recommended Tufin to other people, absolutely. There was another company that has Check Point, I'd meet with them at Check Point expos and we'd talk. I would tell them I'm doing the rule re-cert with the bank and tell them, "Get Tufin." The first thing you want to do is get SecureTrack. Get it set up, get it working. Then you can grow from there. If you don't know what's going on with all the policies, you're blowing your brains out. I always recommend Tufin.

We're working on getting the solution to help us meet our compliance mandates. That's one of my projects, starting this year.

In my opinion, the solution’s cloud-native security features are good. I just don't have anything to compare them to. I can't say I have worked with AlgoSec or FireMon so I can't compare Tufin and say, "Oh, you guys are much better than that guy." Tufin is the only product I've worked with in policy management.

Tufin is better than the way we're using it. I firmly believe that we're not using it to its full capability. It's like having a Ferrari in the garage but using it to go get groceries. Someone might look at it and say, "Oh my God, we could be on the Autobahn, flying." And I say, "Yeah, I know, but I need groceries." I don't think we're using it to its full potential. However, from what I'm seeing now, and in future developments based on this conference, it's going in the right direction.

I would rate it at eight out of ten. We are strictly a Check Point shop for firewalls. We don't have other vendors. I can see where, if I had Palo Altos and Fortinets and Ciscos, Tufin would be Godsend. I wouldn't have to go combing through every vendor. Whereas for us, it's already together. That may be why I don't rate higher.

View full review »
EA
Senior Network Engineer at a pharma/biotech company with 10,001+ employees

The visibility provided by this solution is invaluable. It's easy to gather this information to share within our group and also outside of our group, with for examples security compliance individuals.

We do not have mandated compliance in our environment. However, we impose it upon ourselves and this solution helps us to gauge where we are.

In terms of the cloud-native security, there are some limitations because you can only pull from it what they’re willing to give you. Overall, it’s the same as whatever we do on-premise.

My advice to anybody who is implementing this solution is to ask a lot of questions. Use this solution to the hilt during the POC, making use of anything and everything. Every place is different, so use it for what you need to and beyond, so that you get an assessment as to what it can do for you.

This solution saves us a lot of time that we don't have, but there is always room for improvement.

I would rate this solution a nine out of ten.

View full review »
RL
Director at Visa Inc.

Give Tufin a good look. The Tufin team is always trying to stay on top of it. When Check Point came out with a R80.10, it wasn't very long before Tufin could generate rules or provision to R80.10, which was good. Now that R80.20s are out, they can provision to those. I think R80.30 is close, but I haven't heard them saying that they can provision to that yet. They can also provision to the latest versions of Palo Alto. Since those are the two that we have, I don't know about Fortinet or Juniper, but I'm sure they're trying to stay on top of those as well.

We're not really using the cloud parts of it yet.

Our engineers are spending less time on manual processes. However, it does depends on what you call engineers. Our firewall engineers don't do much with Tufin. We had a dedicated engineer, but he changed groups with the promise that he was still going to support Tufin. He wasn't over there very long and now no longer does anything with Tufin. We are pretty much on our own. We came up with our own solutions. We have some people who are good at writing scripts and are pretty self-sufficient.

View full review »
CH
Works at a media company with 10,001+ employees

I would advise thinking about which modules you really want to use. We are using it only to have a transparent view of the firewall rule base and nothing more. We are not using any modules of this solution because we want to be and stay independent. For example, for the execution of the firewall rules, we use our own system. We have also developed all the other things ourselves so that in the future, we can switch to another product. So, you have to take care that you are not fully dependent on Tufin. 

I would rate it a seven out of ten.

View full review »
SE
Security Analyst at a retailer with 10,001+ employees

Understand your DNS or network segment. What all these different subments and how they will fit into what categories, because you are going to directly take that info when you build out your USP. If it's too messy, your USP is not really going to do anything. You need to have a good dictionary for the USP to follow.

We aren't really using the cloud-native security features in our current environment.

View full review »
AB
Manager of Security Engineering at Global Payments inc

It is a great tool. It will help you increase your productivity and simplifies your workflow.

We should use it to clean up our firewall policies since the tool is there.

View full review »
VT
Senior Network Engineer at Commercial Bank of Romania

We use two people for the maintenance of the solution.

I rate Tufin an eight out of ten.

View full review »
BW
Change Manager at a pharma/biotech company with 10,001+ employees

There is a plan for clean up as part of our regular process. There is a process drafted and an intention to do that.

It seems flexible and customizable. The bigger question is whether it will integrate into our existing process effort for change management. There is an existing risk assessment process that sort of fits up into our Remedy change request process, so now we have to think about how does the Tufin change management portal and SecureChange fit into that as well.

Once the USP is defined and we feel comfortable with that, we plan to use the solution to automatically check if a change request will violate any security policy. However, we are not doing that yet.

The program that I am supporting is not engaged in any of the firewalls affecting the cloud, so I didn't have a lot of context with that.

Once we have it up and running, this solution should help reduce the time that it takes to make changes and our engineers should spend less time on manual processes.

I did training at Tufin two weeks ago.

View full review »
Dominic Salzmann - PeerSpot reviewer
Senior Manager - Network-& Systems-Management at a computer software company with 201-500 employees

We are customers and end-users. 

I'm not sure which version of the solution we're using. 

I do not work directly with the solution.

I'd rate the solution a six out of ten.

View full review »
WT
CyberSecurity Supervisor at a energy/utilities company with 10,001+ employees

This solution works very well and it does the job. The product is pretty solid. At the same time, some of the small customizations would be very useful. It just needs little minor tweaks to really take it to the next step.

My advice to anybody who is researching this or a similar solution is to give it a look. Don't overlook this solution because you haven't heard of Tufin, because it's actually a really decent product. 

I would rate this solution an eight out of ten.

View full review »
FF
Information Security Consultant at Deutsche Telekom Security GmbH

Tufin is the most useful when working with multiple gateways and different administrators who manage firewall rules. It can also be beneficial for security operations centers that are responsible for monitoring and maintaining the rule sets. This is the message we convey to our customers when recommending Tufin.

I rate Tufin an eight out of ten.

View full review »
MN
Works at Daimler AG

Tufin is not mandatory to manage firewalls or to manage any products. But it supplements. It will help you to get approvals and to push firewall policies. In the long run, when you have to manage hundreds of firewalls, obviously Tufin will help.

We are working on the USP, but so far we only rely on Tufin between about ten and 20 percent to see USP violations.

View full review »
AA
Infrastructure Engineer Specialist at a healthcare company with 10,001+ employees

I do find that the change workflow process is flexible and customizable, but not fully. I would say that it is seventy percent customizable, as there are pros and cons in the workflow. You cannot fully customize the workflow by yourself. There are certain limitations in the workflow, such as the inability to create a Firewall object or an IP object. You can only create or modify the Firewall object group. The other problem is the schedule window, as it pushes all of the firewalls on the CMA.

For us, this solution is a supplement. Tufin is partners with Check Point and Fortinet firewalls, but I can manage firewalls without using it. At the same time, while it is not mandatory, it is helping us.

For anybody who is considering this solution, I would say that Tufin helps you to get approval and it will help you to push your firewall policies. In the long run, when you have to manage hundreds of firewalls, it is a good thing to have.

I would rate this solution a six out of ten.

View full review »
DH
Senior IT Analyst at Exelon Corporation

Using this solution has allowed us to reduce the amount of time we spend making changes by approximately twenty percent.

This solution has a lot of functionality that we aren't using at this point, but it seems to have the flexibility and scalability. The drawback is the lack of integrated NERC CIP.

For anybody researching this or a similar solution, I would always tell them to look at all of the available options, but Tufin does all of the things that we needed it to do.

I would rate this solution an eight out of ten.

View full review »
JF
Security Engineering at a financial services firm with 10,001+ employees

Buy Tufin because it works! I love the product. It's been a great product to work with. The people are great, and the support is awesome. I have had no downside out of it.

We're just getting started on the change workflow. So, we're learning it, and it's working well.

It helps with our review process. We do a peer review, saying "Hi, here's all the changes," then you can look at it and go, "Oops I forgot something," or, "I don't think that was in any drop," and we can go back and review that. This is where it helps us minimizes errors. Before Tufin, we would not end up not catching these errors.

We are automating, so we are getting to a place where our engineers are spending less time on manual processes.

View full review »
JC
IT Coordinator at a financial services firm with 10,001+ employees

We have a team of three engineers that do the maintenance of the solution.

I would recommend this solution to others.

I rate Tufin a nine out of ten.

View full review »
RO
Project Manager at a comms service provider with 10,001+ employees

We are not a reseller. We are an IT enterprise. We are customers and end-users. That said, our relationship is evolving. It's becoming something like a partnership, as we need more features and are making suggestions and trying to develop it out a bit. 

I'm not sure of which version of the solution we're using. I can't recall the version number off-hand.

I'd rate the solution at a seven out of ten.

View full review »
TL
Services Engineer at AccessIT Group

Do a proof of concept or proof of value. You will see the value right there.

The visibility is top-notch. I know the vendors as well, like Check Point and the firewall product underneath it. I know with Check Point, specifically, and I have seen some issues with it. However, overall, there is still a lot of value in the cleanup.

View full review »
JB
Security Consultant at a insurance company with 10,001+ employees

This solution checks a lot of the checkboxes, but it seems to be quite limited in some of the more advanced features that the firewalls do. This can be quite restrictive in terms of what you can and can't accomplish with it.

I have indeed referred two former co-workers at another company to look at this solution. I think that it would help them significantly.

The newer, more advanced features that we would like to use are just not supported by Tufin yet. I think that it's in their roadmap, but they just aren't there yet. Specifically, we are doing things like URL filtering, user identification, decryption, and inspection, which are typically done by devices other than firewalls. Palo Alto supports it, and we're using it, but it creates some complexity with the automation.

I would rate this solution a seven out of ten.

View full review »
it_user335712 - PeerSpot reviewer
Senior Network Security Engineer at a retailer with 10,001+ employees

It’s the Swiss army knife of tools. I’m sold on it. It’s so easy to use. We use it to its full potential. It has some great bells and whistles.

View full review »
NH
Firewall Architect at a financial services firm with 10,001+ employees

Be as detailed as you can within your introductory meetings, and your planning and implementation phases, because if you don't mention something and it comes back later, you're going to have to work through it. That could take time, it could take extra money. You want to make sure, upfront, that you know everything you want to do so that it's all included in the cost for the Professional Services implementation.

We do use it on the cloud; we're having some trouble right now defining the network policy on our cloud. We're working through that; it's part of being a new client.

I would rate Tufin a seven out of ten. We're a very large, complex organization, so we're still working through some stuff that we focus on, things that, perhaps, other customers don't, or that Tufin doesn't have integrated in the TOS software.

View full review »
AM
Infrastructure Analyst at a manufacturing company with 10,001+ employees

I am unfamiliar with the cloud-native security controls that are provided. They may be worth further investigating.

Reducing the time it takes us to make changes is the goal of our implementation. We expect that our engineers will spend less time on manual processes.

We expect that this solution will do what we need it to do, but there are some quirks with the integrations for the software.

My advice to anybody who is researching this solution is to pick what's right for you and do your homework.

I would rate this solution an eight out of ten.

View full review »
BS
Service Engineer at G2 Deployment Advisors

The change workflow process is very flexible and customizable. Most of what I do is integrate SecureChange with ServiceNow. I've done a couple with HPE SM and RSA Archer. It’s great that they not only have an API to push changes to SecureChange, but also triggers for advancing and canceling workflows. It's a fairly standard REST API that is easy to work with and scripts can be triggered at any step, at any point in the step. It really provides a great environment for automation.

The benefit that our customers have realized in terms of time savings has largely depended on how willing they are to automate. Some have automated more fully and even made certain processes completely automatic.

This is a great product and we are doing very well with it. There are a ton of features and they have very few issues. They are very responsive as a company and they correct errors pretty quickly. That said, the UI needs to be updated and there is always room for improvement in features for firewalls and workflows.

The only advice I have for anybody who is considering this solution is to find a good reseller. Tufin is a very large product and it has a lot of configuration items. So you should find a value-added reseller or get Professional Services. There is a lot that can be sped up in Tufin if you have someone to help you through it; someone to help configure Unified Security Policies, reporting, and help configure the workflow. Tufin really is quite a large, extensive product.

I would rate this product a nine out of ten. There is a lot that can be sped up in Tufin if you have someone to help you through it.

View full review »
it_user340728 - PeerSpot reviewer
Principle Mbr. Tech. Staff at a comms service provider with 10,001+ employees

Tufin is still growing and adding new features to its TSS applications suite. I don't believe your company would make the wrong choice if the products meet your company's requirements. Their latest product offerings of TOS run on virtual machines, and their near-future promise of a distributed central database (scalability improvements) should not be overlooked.

View full review »
RH
Information Security Engineer at a healthcare company with 10,001+ employees

I would rate this solution 7 out of 10.

My advice is to look at what is currently supported in whatever security technology you have because some of the features may already be covered. However, if you identify a gap in what you currently have, specifically around auditing, then I would definitely suggest looking at Tufin.

View full review »
DL
Executive Director at a financial services firm with 1,001-5,000 employees

Tufin is a good company. I think most of the products in this market have difficulty working across a multi-vendor solution, and that also applies with Tufin. It works really well when you have a single vendor solution but it's just not as intuitive if you have back-to-back firewalls or you have a complex topology. For simple topologies, it works really well.

There are currently some issues with this solution but if things improve with the new version, which apparently has some enhancements, I would give them a higher rating. For now, I rate this product a seven out of 10. 

View full review »
IM
Senior IP Network Defense at a comms service provider with 10,001+ employees

On a scale of one to ten, I would give Tufin Orca a five. I would recommend it only if the organization has the skills and enough requirements so that they are able to run it. It is a very good tool when you use it because it basically gives you what you want. It is just hard in terms of support, patching, and upgrading. Overall, it's challenging if you don't have the skills or resources.

This product will work for those organizations that have the knowledge of how to install the solution.

View full review »
JP
Network Security Analyst at a energy/utilities company with 10,001+ employees

Test every feature. Make sure the third party vendors that they implement into it function properly with it. We have had issues with our Palo Alto connections.

We just started a PoC on the change workflow process of the solution.

We are just now moving stuff to the cloud.

View full review »
JR
Senior Specialist at Cigna

My advice for anybody who is researching this solution is that if they are a larger company with a lot of money to spend, and they have a heterogeneous network with more than three different firewall vendors, then they absolutely need it. There is no competitor or really anybody who is even close.

For what this product does, it does well. There are, however, things that are missing.

Overall, I would rate this solution a seven out of ten.

View full review »
JF
Managing Director at Midpoint Technology

We do not yet have a great deal of experience with the cloud side of this solution. However, we're actually moving into our first contract around that and we'll be digging in deep. We find it, at least from our lab environment, highly successful, whether it's AWS or Azure, and we're looking at the Kubernetes side of things as well. So far, so good, from a lab perspective, but we will be rolling out our first, into a full Cloud environment for one of our global clientele.

For our clientele, this solution has, without question, saved them time when it comes to making changes. The whole idea is to be able to initiate a change and have it proliferate across thousands of devices. It's critical. So, just in that alone, we can save six months' worth of man-hours just in making a single change for some of the environments that we work with.

Tufin is really a leader in the space for taking manual processes and eliminating them as much as possible.

My advice to anybody researching this or a similar solution is to look for longevity in the field. Also, look for product development expertise and a legacy of that. Finally, look for scalability, stability, and growth within the marketplace across device sets.

I would rate this solution a nine out of ten.

View full review »
it_user399324 - PeerSpot reviewer
Network Lead - Security Architecture at a retailer with 10,001+ employees

You're going to be really shocked with the first couple of reports that show stuff about which you had no idea. Let it go and get buy-in from as many other groups as you can. If security and network are separate, get network involved to access devices that will provide a clear picture of everything, especially of topology. Build those bridges ahead of time and present it more as a collaborative tool and not a "I'm watching you" tool.

View full review »
AO
Application Developer at CyberAge

I rate this solution a ten out of ten. The solution is good, and no clients complained about it. Therefore, I recommend this solution for people seeking to use it, as they can never go wrong with it. However, for a beginner, it could be tricky to implement.

View full review »
MZ
DSI France retail banking networks at a financial services firm with 10,001+ employees

I would rate this solution 7 out of 10. 

The main brick in order to build your solution is the first step, which is having a good understanding of your network and good people to talk to when you want to build your topology. Once it is done, the solution runs by itself. Exporting, reporting, topology, and changes are all handled by this solution.

After the initial deployment, it is a stable solution. It can suit customer needs in complex environments.

A con is that it is very needy in terms of implementation such as small configurations. We had that problem with networking devices. We had to implement it to get all the information from all the routing devices. Even if they don't belong to our network, we had to have the information from MPLS devices on the telecom operator. Sometimes it was difficult to build the solution from scratch.

The Syslog part was a little difficult to handle. For the appliance we have right now, it handles the management, the Syslog, and all the needed modules in order to operate the solution. Sometimes, it is a little bit hard for the appliance to get straight to all the models it runs. Maybe with the new models of the appliances, it's easier for the appliances to run all the models. With the newer generations of the OS, I suppose that now it's more effective and less of a time-consuming process, but it's okay for us to upgrade after that in order to get all the new features in the new OS.

View full review »
AE
Network manager at Ekol Lojistik AS

There aren't many products like Tufin and AlgoSec. I think both products are good, but when people are using Check Point applications, we recommend Tufin.

On a scale from one to ten, I would give Tufin a ten.

View full review »
IM
Senior IP Network Defense at a comms service provider with 10,001+ employees

This is a solution that I would recommend, but only in cases where the organization has the skills. I would rate this solution in the middle because it meets my requirements, it is a very good tool, and it immediately gives you what you want. At the same time, when it comes to the support, setting it up, and upgrading it, it is challenging if you don't have skilled resources.

I would rate this solution a five out of ten.

View full review »
MU
Network Security Engineer at Customer Worldpay

If someone was looking for this type of solution, I would tell them, "Here are the top four solutions that I know of and the places that I worked on each of them. Here are the benefits, gossip, and downsides that I've seen for each one." Tufin has the best solution as far as it being self-contained, reliable, and integrating with the other things that you want it to integrate with. The customer service is also not arrogant like some of the other solutions.

We need to utilize it to its capacity and capabilities, and we're not doing that yet.

It will eventually reduce the time it takes to make changes. I don't know how much time it will save, since a lot of the manual processes are done by another team. I am still building my team underneath me.

The cloud stuff is great, but I am sort of scared to look at it because we still trying to work out our traditional stuff being compliant and under control, then doing what it's supposed to be doing. I can't even imagine what the developers are doing in the cloud stuff.

View full review »
BB
Network Engineer at a healthcare company with 10,001+ employees

Check out this product and see what it can do for you. Talk with the marketing team and account reps and see what direct benefit the platform gives you. Then, see what strengths it has compared to the competition, as well as its value proposition.

We are not to the point of using the solution to automatically check if a change request will violate any security policy rules, but it is coming.

We are building the security policy part of it out across out hybrid network, especially with the USP.

View full review »
MM
Regional OSH at Pos Malaysia Bhd

In terms of advice, it depends on what a user's needs are. For us, we only considered Tufin for the security and the network parts, especially the network mapping. I need to see the hop-by-hop, from this site to that site, how many hops for a transfer packet. 

Tufin is good for beginners. Tufin filters based on rules, even if a beginner doesn't know what to do, how to configure the firewall. Tufin can then monitor based on those rules.

It's a good value for what it does. We had no issues with this product. It was good for us. We could deploy it in our environment without any issue.

I rate it at eight out of ten because we are still evaluating Tufin. Our project is running on Riverbed for SDN. I don't know if Tufin can integrate with Riverbed. Other than that, I have no issues with this product.

View full review »
JC
IT Coordinator at a financial services firm with 10,001+ employees

I would rate Tufin a nine out of ten. 

View full review »
TN
CyberSecurity Architecture Manager at a computer software company with 10,001+ employees

We're just a customer and end-user.

We're likely not using the latest version of the solution. Currently, there is a team that directly supports it. I can't remember the exact version number off-hand.

I'd advise organizations considering the solution to do their homework first and see if they can find out from industry associations and professionals what their experience has been.

In general, I would rate the solution at a nine out of ten.

View full review »
CM
Consultant at Critical Design Analytics

Try Tufin out. Make a PoC of it. That is how we sell most of our products because it works well.

Our customers do not have a hybrid network.

View full review »
VV
Head of IT Security at Banco Privado

A powerful tool for a security team to optimize time.

View full review »
JS
Senior Network Security Engineer at a retailer with 10,001+ employees

If you want to be able to manage your firewalls efficiently and securely, then use Tufin.

It is a pretty solid solution. As with any security solution, I think is it is growing. It seems like it is at a good point. It could still use some work, but it's growing, and that's good.

We saw in the training yesterday the changes for part of SecureTrack 2.0, which isn't out yet. Those changes, that they will be implementing, look very good from what I can see.

View full review »
JY
Security Compliance at Caterpillar Inc.

My advice to anybody who is implementing this solution is to take the time to learn the product, in and out, right away.

I would rate this solution an eight out of ten.

View full review »
SF
Specialist in Network Security Operations Support at a financial services firm with 10,001+ employees

If you are looking at a large environment and a large number of policies, you really need Tufin to help you manage all the rules. We have 25 policies, and each policy has around 1,000 to 1,500 lines of rules. Managing that manually would not be easy.

We haven't started using the change impact analysis capabilities of this solution yet. We are still testing it. We are not that familiar with the process yet.

Because our team is doing cleanup every three months, we need to keep generating a report every day to have correct visibility: which rules are unused and which rules need to be removed to be optimized. We are using it quite intensively. I don't know how we can increase usage until we deploy and start using SecureChange. At that point it will be more intensive because after SecureChange everything will be automated and they will start only using and looking at the secure Tufin interface, in terms of rolling out all the requests.

We haven't seen a reduction in the time it takes to make changes yet, because we are still tweaking the SecureChange part. We will be testing it in a few months' time. We need to see integration with our ticketing system because people are making requests over HPSM and Tufin needs to be able to grab them first, before we can start to roll out SecureChange.

View full review »
it_user475917 - PeerSpot reviewer
Director of Network and System Engineering at Allegiant Air

If you don't have a product like Tufin, get a product like Tufin because it's amazing. It gives you insight into all changes that are done within your network. It's awesome, and it gives you the ability to manage it even though we haven't rolled that piece out ourselves yet.

View full review »
it_user376773 - PeerSpot reviewer
Global Network Security Specialist at a pharma/biotech company with 10,001+ employees

It already does traffic analysis and secure change. We've got the secure app so we can keep track of the business critical things. They shouldn't change that. I love the left-hand pane, and being able to navigate that and being able to see things in the split pane on the right-hand side. There are other vendors out there who will decide I need to just have everything at the top and scroll down.

The best thing to do would be get all your firewalls in there and let it bake overnight. It does take some time to collect the data in the config files. Once that's done, teach your help desk staff and the firewall operators how to use this to look up existing conditions and to determine right away whether a rule needs to be made, or whether a group needs to be added, or whether the rule already exists.

View full review »
it_user483792 - PeerSpot reviewer
Director, Enterprise IT Security and Compliance at a transportation company with 1,001-5,000 employees

I would rate it a nine out of ten, since there's room for improvements, as always.

View full review »
TL
Information Technology Graduate at a computer software company with 10,001+ employees

I would advise others to definitely work with Tufin and work out the best costs. Work out how soon you'll realize your return on investment. That has been a major kind of help. They've been brilliant in trying to help us develop a business case for using it, and then internally, I am sure there will be a massive help for implementing it in the future.

I would rate Tufin a nine out of ten based on the whole experience that we've had with it and the real kind of capabilities of the product.

View full review »
it_user489261 - PeerSpot reviewer
Senior Network Security Engineer at a financial services firm with 10,001+ employees

It would be beneficial to get some kind of training from someone who knows the product, maybe from Tufin or someone else familiar with the product and the features. I know it can offer a lot, and you want to use its full potential.

View full review »
it_user369300 - PeerSpot reviewer
CEO at Irvin Networks

My advice would be to do your research first on the product. Make sure it's going to cover everything you need, which it does. They have several uses for Tufin, several models as far as function like Securetracks, Securechange and the Secureapp, so you've got to do your research and someone may need all of the orchestration, the full Orchestration Suite.

I would ask you to just research it, make sure you get what you need because quite often people go to buy Tufin and they go to buy the Securetrack just the Securetrack firewall changes, that they end up getting a quote for Securechange, Secureapp, and not even know it, and they say "Oh, that's too expensive," but that's not really what they wanted, they just want the Securetracks.

I would also have them get a competitor, a demo ware competitor and compare it to Tufin just so they can see how well Tufin out-performs their competitor.

In regards to my rating of 8, if they did mark the price down, change the licensing model to include more middle market, so they can reach the middle market and get more market share, and also provided their partners, and this is going to be a big one for them, provide their partners with two-way licensing so their partners can use the product for free.

If I am partnering up with Tufin, and I've got to keep downloading demos to use it and I have to advise potential users about the Tufin product, it's just not going to work. They should give me the product for free, especially if I have sold a few deals for them, they should give me the product for free with a couple hundred licenses that I can use anywhere I want to. This should be done every year, so long as I'm a partner.

That would help increase their visibility, their market share, and bring them up from an eight to maybe a nine or so.


View full review »
MB
Manager at Italtel

I rate this solution a six out of ten. The solution is good but can be improved by including additional automation in the next release.

View full review »
GK
Network Engineer at a healthcare company with 10,001+ employees

Tufin provides a very comprehensive solution. Anyone looking to go down the path of automation should not look any further because Tufin will be able to meet their requirements and scale out really effectively.

We don't yet use the solution to automatically check if a change request will violate any security policy rules. We are in the process of building that. Similarly, we are still working on having the solution ensure that security policy is followed across our entire hybrid network.

We are in the cloud but we haven't yet started using the Tufin solution actively in the cloud. We are still in a trial phase as of now, but so far the results have been pretty good. We tend to test things out a little bit more but the results have been positive and favorable for us to move forward.

View full review »
MJ
Lead Engineer at a insurance company with 1,001-5,000 employees

You should definitely be looking at this as in your top-two choices, before even considering any other solutions.

We are in the midst of a transition, going to a newer version. All the features which I talked about above, we want to implement them in a new production infrastructure. We are working with Tufin and Professional Services very closely, so we can enable it. There is the old way - the way we are using it - versus the way we want to. It is not there yet. 

Currently, it's not helping us meet compliance mandates, but the new way will definitely help us to meet them. In addition, once we go with the new way of doing things, the solution will ensure that security policy is followed across our entire hybrid network. At that point it will follow business practices.

View full review »
it_user488085 - PeerSpot reviewer
Sr. Security Administrator at a consultancy with 1,001-5,000 employees

It's a great product. It's pretty straightforward to use. It meets our needs and great support overall.

View full review »
it_user475893 - PeerSpot reviewer
Manager at a pharma/biotech company with 1,001-5,000 employees

Regarding cloud solutions, it's going to be very interesting to do the security assessments with them.

View full review »
TI
Network Operations Engineer at a computer software company with 10,001+ employees

We are just a customer and an end-user.

We are not using the most up-to-date version of the product. We are using one of the previous versions. I cannot at this time remember the version number, however, it was pretty old. We had a plan to upgrade, and then unfortunately ended up not doing that.

I'd rate the solution at a nine out of ten as it helps us do our work. We're mostly quite happy with its capabilities.

View full review »
reviewer1185783 - PeerSpot reviewer
Works with 10,001+ employees

I recommend getting Tufin Professional Services involved when implementing automation.

View full review »
DY
Associate Director Program Management at a pharma/biotech company with 10,001+ employees

Tufin seems like a high quality product from a company that cares. It focuses on exactly what we need.

We would like to get to having Tufin make changes on firewall rules, but we are going to need help convincing our management of that we should be using Tufin to do that. It looks very promising, but we can't use it for that yet.

We haven't implemented the change workflow process yet.

While we didn't buy it for the solution’s cloud-native security features. I'm interested in that, but it is not in my mandate right now.

The product has been fabulous.

View full review »
BB
Network Engineer at a energy/utilities company with 10,001+ employees

We are siloed. We have separate areas of responsibility for parts of the network. The pieces of the network that our team manages, and what our Tufin instances are monitoring, is all for the data control system for anything real-time, e.g., the gas and electric control systems. Therefore, we don't have complete visibility of the entire network because we are only monitoring that subset of the network.

We don't use any workflows because we're not using SecureChange.

We haven't used the solution’s cloud-native security features.

View full review »
JJ
InfoSec Consultant at a insurance company with 10,001+ employees

We do not yet use this solution to automatically check if a change request will violate any security policy rules. We have not yet utilized this solution to help with compliance.

With respect to the cloud-native security features, we are not leveraging the cloud as much as we should with Tufin.

There could be better things out-of-the-box; However, I know that it is a solution that has to cover a wide range of industry and supportability, so therefore it's a challenge to get everyone's wants and needs.

My advice to anybody who is implementing this solution is to spend more time than you think you need on SecureTrack because it sets the standard for using SecureChange in all of the other products.

I would rate this solution a seven out of ten.

View full review »
SS
Automation Engineer at Cox Communications

Prior to using this solution, our SLA for any change that went into production was ten days. We’ve now lowered that down to two days.

For the most part, our engineers are spending less time on manual processes, but this is when the topology works the way it's supposed to. When it isn’t working the way it's supposed to, then they spend more time than they would normally.

My advice to anybody who is implementing this solution is to start small. Pick an area of your network and deploy Tufin, then get it working in a manner that suits your needs. After this, expand it out to the entirety of your network.

This is a good solution but it is not perfect. There is a lot of stuff that is unsupported and it is inefficient.

I would rate this solution a seven out of ten.

View full review »
FG
IT Manager at a financial services firm with 10,001+ employees

There is always room for improvement, but with the performance and the day to day stability that we have, I think that it's a very good product. Overall, I am very happy and satisfied with the product, and I am looking forward to a lot of new features.

I would rate this solution an eight out of ten.

View full review »
it_user884007 - PeerSpot reviewer
Network Architect at a transportation company with 10,001+ employees

Don't bother with the web interface, calm down, don't worry, everything will be fine. They will improve it. The rest of it, I don't have any issues. They're technically prepared, the tool does its thing. The only two things I would be patient with are the web interface and that documentation which is not really well organized. Besides that, it's pretty easy. It's pretty easy to configure and, once you start using it, you will see the potential. AlgoSec, Skybox, and all those tools probably have the potential as well. But Tufin is easy enough for everybody.

What we don't use, and what we are not planning to use, is the third module, the SecureApp. We haven't played with it and we're not planning on using it, for the moment.

In terms of using Tufin to automatically check if change requests will violate any security policy rules, we would love to do that. What we didn't do is build the security matrix. That part is the one that takes a lot of time to build. You have to work with the security team and all the players involved. Because we did not design the security matrix, we couldn't match a firewall rule with the security matrix and say, "Okay", or "Not okay," and do some automation there.

What we did is prepare a form for a firewall petition, and some automatic steps. For instance, in the first step, you enter the request and it sends an email to a business approver. Depending on whether that firewall or that flow is predefined as allowed or not, you can skip that step and go to the next step. We did a little bit of logic with the change-request form. It worked pretty well for us.

The purchasing process takes a little bit of time because of all the different groups involved. But we're planning on implementing it and to finish around next summer, 2020; to have both SecureTrack and SecureChange up and running.

As for compliance, we don't have many requirements. Of course, we are bound to some ISO certifications, because it's the car industry, but we don't have any specific PCI. We don't sell cars over the internet, so we don't have to do that.

When it comes to Tufin's cloud-native security features, what we have is our landing zone in AWS - a VPN tunnel from on-premise to Amazon, with Transit VPC. We have a couple of Palo Altos, securing the track from on-premise to the cloud. And we added those Palo Altos to Tufin. We needed to tweak and include some virtual devices in Tufin so the routing would be okay. But that was quite easy. It was well-documented as well.

The only problem is that we got our quotation from our supplier, and the Security Groups are extremely expensive. They bill you $1,200 dollars per Security Group per year, which is really high. We're not that big, we may have 100 or 150 Security Groups. That's would be about $200,000 just to manage Security Groups. We were put off by that. From the start, we won't have the Security Group feature. We think it's too expensive.

As for increasing our usage of Tufin, we'll go day by day and see how it responds to our requirements. SecureTrack at the beginning, then SecureChange. Maybe, if everything goes well, we will think about SecureApp. It's not in the scope at the moment, but maybe we will implement it.

I would rate Tufin a seven out of ten. It will get better once they get their act together with the documentation and the interface.

View full review »
SK
Senior Network Engineer at a financial services firm with 1,001-5,000 employees

There is room for the product to grow.

View full review »
JS
Security Engineer at a manufacturing company with 10,001+ employees

While it has its highlights, it has deep issues that need to be addressed.

This solution help us ensure that security policy is followed across our hybrid network.

Our company doesn't really have federal or regulatory compliance requirements.

Spend a lot of time testing and doing a PoC for it, before you make the final decision to go for it.

View full review »
it_user489240 - PeerSpot reviewer
Consulting Information Security Engineer at HCA

Learn it and dig into it, because it's got some great capabilities. For me, it's been great.

View full review »
it_user488112 - PeerSpot reviewer
Senior Security Engineer at a hospitality company with 1,001-5,000 employees

It's a pretty useful tool if you have a large environment with a lot of devices and you're trying to make it easier for the technicians to basically pawn the work off and make the application team more accountable.

With the limited knowledge I have of it and the limited use, I would probably give them an 8. I never give anyone 10's or 9's.

View full review »
it_user483819 - PeerSpot reviewer
Security Manager at a financial services firm with 10,001+ employees

Play with the tools. See what kind of reasons you think you'd need to use it. Why are you looking for this tool to begin with? See how easy it is to pick up for your team. They may not be familiar with a tool; let them play with it for a few minutes and see. Give them a task. How easy was it to get that task done?

View full review »
it_user483795 - PeerSpot reviewer
Senior Security Network Engineer at a financial services firm with 10,001+ employees

I would recommend it.

With a tool like this, spend a few dollars to bring in their professional services to help out. Tufin is not going to be for a really small company. One of the important things is that you need to get your network team on-board.


View full review »
it_user437166 - PeerSpot reviewer
Network Engineer with 1,001-5,000 employees

It's done a good job. We've not fully utilized all of its features, we've hardly scratched the surface really, it's a powerful bit of tech and we've pretty much used it for a specific purpose that we purchased it for and realized it can be used a lot more, having said that we ended up purchasing second shares as well. We are now in the process of testing SecureChange because that was something that was really pushed through quite recently.

For us it works, it's a great solution, but that's not to say that there isn't a better one out there. Anyone that looks and researches, they probably look at different supplies of the same solution and make up their own minds really. It is the best tool for the job and technology moves on so, who knows.

View full review »
TH
Team Lead of Border Protection at a manufacturing company with 1,001-5,000 employees

Tufin is not perfect, but it's really good.

Make sure you know your environment well. Tufin will help with knowing the firewall rules, but be well-documented before you start with your security policies.

The approval process is a lot more automated, but the implementation process didn't change.

We don't use Tufin in the cloud yet.

We don't have compliance mandates.

View full review »
ET
Business Director at a tech services company with 201-500 employees

The first priority is to evaluate how expensive your firewall family is. If you have, for example, F5 then you would probably have similar problems to what we encountered with F5. But if you are deploying general firewalls, like Palo Alto and Cisco, that's fine. You have to evaluate how you are going to import existing policies and how you are going to monitor those policies when they transfer them across to be centrally managed and monitored by Tufin.

In terms of users of the solution, we set up for the customer a central admin who is the main administrator that controls the entire dashboard. In addition, there are viewers who only need to view and monitor the reports and the like. It's the IT firewall team that makes changes to the firewall and backend system. So there are three main groups of users.

We do the maintenance for the customer, so if there are any patches or any updates that are critical we work with the customer to identify a suitable time for us to do the system upgrade.

We manage our customers' IT infrastructures. We then bring in vendors according to what each customer requires. We are the system integrator, integrating to their backhand system. We provide consultancy and advice to the customer with regards to the types of products that they should choose. Eventually, we support products once they have deployed them. A lot of customers don't have a big IT team locally to support the infrastructure, so we provide that level of support.

From an implementation and costing-strategy standpoint, I would give Tufin eight out of ten. It would be much better if they could improve the F5 support and also enhance the documentation in terms of integrating firewall products.

View full review »
SB
Cyber Security Engineer at a healthcare company with 10,001+ employees

It's very solid product. There are definitely a few things that I wish I could do with it, but I'm so new to the product that maybe I'm just not looking at the right spots.

Try it out. It's pretty cool. I was very impressed with the initial presentation and how it could automate everything. It's just that getting to the point where you want it to do what you need it to do is definitely time-consuming and a lot of work. However, I think it will be worth it in the end.

We are working to use this solution to automatically check if a change request will violate any security policy rules. We are not there yet.

We are still in the process of getting it developed. Some of the portions that I have used have helped me, as I can just go to one place and find out if a rule exists, or if there's any type of traffic.

View full review »
JD
Network Security at a transportation company with 10,001+ employees

It is a good solution, somewhat easy to implement, and gives you a lot of information. It takes time to learn all the little nuances of it.

I don't think we're using cloud native security quite yet.

View full review »
it_user489234 - PeerSpot reviewer
Staff Specialist at a financial services firm with 10,001+ employees

Try it. It's a great relationship, but it's also a great product to work with.

View full review »
it_user489219 - PeerSpot reviewer
Senior Security Engineer at a hospitality company with 1,001-5,000 employees

If you're in a large environment, a large enterprise, it's a good tool. It does certainly help with the workload. For the app team who are trying to develop the applications, it makes them more accountable for how it's supposed to work.

View full review »
it_user488088 - PeerSpot reviewer
Staff Specialist at a financial services firm with 10,001+ employees

They're constantly upgrading, they're constantly adding new things to it. That's a good sign. As the technology changes, they're on the forefront of it to get you those reports and use that technology in their new functionality. They just need to keep doing what they're doing.

View full review »
it_user479352 - PeerSpot reviewer
Network Consultant at a healthcare company with 1,001-5,000 employees

I would rate it a nine out of ten, comparing it to other solutions in the market and the value that it’s provided to us already. I lowered the score because of the deficiencies I wrote about previously, but didn’t lower it that much because they are aware of it, they have addressed our questions, and they have it on the roadmap.

View full review »
it_user466632 - PeerSpot reviewer
Manager, Security Engineering and Operations at a retailer with 1,001-5,000 employees

The most important criteria for me is hit count, how often the rules are being used and visibility. All of that is critical information to optimizing our policies.

I'm the manager of a team of six engineers. The feedback that I get from them – and they're very vocal – is that they love the product. It's great.

I'm a tough rater, and I probably wouldn’t give a 10 to anybody. But I would say Tufin is an 8. As far as software products go, it delivers.

View full review »
it_user437130 - PeerSpot reviewer
Head of I.T. Security at a insurance company with 1,001-5,000 employees

I'd definitely say go with Tufin as it's a brilliant solution. What is brilliant is the firewalls themselves. I'd check out CheckPoint as well to make sure that the solution meets your needs and works with your plans. It doesn't matter what CheckPoint plans you use, Tufin works with them all.

View full review »
it_user437181 - PeerSpot reviewer
Senior Network Engineer at a financial services firm with 1,001-5,000 employees

For us, it works, so why can't it work for you?

View full review »
it_user400740 - PeerSpot reviewer
Sr. Security Architect at a tech services company with 1,001-5,000 employees

Just buy it. Don't even think about any other product. Just buy it.

View full review »
VM
CTO at Uridium Technologies

I would advise other organizations considering the solution to first be aware of what they want to achieve. As a company, you need to start there before you start choosing solutions. That way, you'll know if the solution will properly meet your expectations. Tufin has a few options as well. It's important to understand which would work best according to your requirements. 

I would rate the solution at a nine out of ten overall. We've been very please with the capabilities of the product and our clients have been happy. 

View full review »
FG
IT Manager at a financial services firm with 10,001+ employees

I would rate it an eight out of ten. It's very easy to use and you can get good results very quickly. 

We don't use the cloud native security features yet.

View full review »
CM
Manager at a manufacturing company with 10,001+ employees

I would rate it a seven out of ten. 

I would advise someone considering this type of solution to not listen to the sales teams among the competitors. They all throw each other under the bus and a lot of it is not true. Tufin's competitors will tell you how bad of a company that Tufin is and how you can't trust them, and how their stuff doesn't work. Then, Tufin doesn't say anything bad about their competitors. So, don't trust everything that you hear. 

Do your own research. Do a proof of concept. Get all of the vendors in. Give it a month to test drive. Set it up and let them prove it out. In the end, the correct tool, not the better salesman, will win.

View full review »
JR
Security Engineer at Allegiant Air

We are really interested in the Tufin Orca product.

  • For visibility in the network, I would rate the product as a nine out of ten. 
  • For usability, I would rate the product as a seven out of ten. 
  • For liability, I would rate the product as a nine out of ten. 
View full review »
ST
Network Security at a tech services company with 5,001-10,000 employees

I would recommend Tufin. They are very helpful for IT organizations, as they continue improving SecureChange.

With our security plan, we can see how Tufin meets the basic requirements. Then, we can go and customize if there is any risk, which might be interfering with ports or external networks.

View full review »
QL
Senior Information Security Architect at First Citizens Bank

It does what it needs to do for our needs.

We are in the process of doing a PoC for the new changes.

Currently, it's all reactive. We do the changes, then we review it at a later time.

View full review »
it_user489246 - PeerSpot reviewer
Network Engineer at a financial services firm with 10,001+ employees

It works well. It’s something you would send a colleague to use. It gives a nice process flow as far as the end user putting something in, having governance check, and being able to have multiple work screens because we have different areas of the company and different processes. They have to have different work flows. We use multiple work flows. That's handy. You can build those in, you select from the beginning and then you're off and running.

View full review »
it_user489336 - PeerSpot reviewer
Network Security Engineer at a hospitality company with 1,001-5,000 employees

It all depends upon the environment that you’re using. Compare it to other vendors, like FireMon and AlgoSec, and then you can rate the products and decide what to use and what not to use.

View full review »
it_user489243 - PeerSpot reviewer
Security Engineer at a financial services firm with 10,001+ employees

Work with the sales teams directly, because they seem very willing to be flexible with the development side. Every organization has different needs. Tufin’s willingness to be flexible impressed me.

View full review »
it_user483810 - PeerSpot reviewer
VP of Engineering at Netanium

Criteria when selecting a vendor  -I think it's looking at your current processes and where you'd like to be is really what it comes down to. If you're frustrated with the ways things are working, think about the way you'd like it to be and then see what product fits into that mindset for you.

View full review »
it_user483786 - PeerSpot reviewer
Network Security Engineer at a transportation company with 1,001-5,000 employees

I would give it a nine out of ten. It’s been a great product so far. I'd just like some more customization.

View full review »
it_user401487 - PeerSpot reviewer
Security Architect at a wholesaler/distributor with 5,001-10,000 employees

It fits in as part of the bigger picture. At the end of the day, I wish the firewall products themselves could do some of that stuff inherent to their own solution. 

Make sure you understand the capabilities and use it for what it's intended. It's not going to tell you the intent of rules, it's not going to tell you if it's a good rule or is it a bad rule, but it's going to help you with firewall clean-up or redundancy. It doesn't help a firewall admin create a better rule.


View full review »
AW
Principal Consultant at a consultancy with 1-10 employees

I have recommended this solution from time to time and I would definitely recommend it to others.

I would rate Tufin a seven out of ten.

View full review »
HS
Security Analyst at Equifax Inc.

This tool is excellent in the specific areas where it is applied. We are spending less time on manual processes and at some point, we will be stopping them.

This solution definitely helps to reduce the time it takes to make changes. With other tools, I have spent five or six hours or even days, but with this solution, it takes me thirty minutes. It can take even less, depending on the complexity of the firewall.

My only complaint is that I would like to be able to export data to different formats.

I would rate this solution a nine out of ten.

View full review »
CL
Senior Adviser Cyber Security at a comms service provider with 10,001+ employees

You need a product like this, but look at difference solutions in the market. I would rate it a seven out of ten.

We do not use the product across our entire network. We do not use the cloud native security features.

In the future, we will use the solution to check if a change request will violate any security policy rules.

View full review »
it_user489210 - PeerSpot reviewer
Security Engineer at a healthcare company with 1,001-5,000 employees

If the tool meets your needs, evaluation process wise, then you should make sure that you reap the benefits. It has a lot of functions, and a lot of benefits and features. Start using them all.

View full review »
it_user488118 - PeerSpot reviewer
Security Engineer at a financial services firm with 10,001+ employees

Based on looking at some of the other products out there, Tufin is definitely the leader of the pack. It's a good choice. Make sure you buy enough hardware, and make sure you know how you're going to use it. A lot of the features get very processor- and database-intensive, and you should have the proper gear to use it.

View full review »
it_user475923 - PeerSpot reviewer
Security Engineer at a retailer with 10,001+ employees

Rating: because it's our unique older version, I'd give it a 6 or 7 but we only use it for reporting and cleanup. If we had the latest version, I'd easily give it an 8 or 9 because it can do so much more.

View full review »
BB
Networking Engineer at a comms service provider with 1,001-5,000 employees

Do proper research. Look at Tufin and all of the other products.

View full review »
BN
Network Security at a insurance company with 1,001-5,000 employees

Seriously Tufin for your final decision.

View full review »
it_user363600 - PeerSpot reviewer
Founder at a tech services company

We often find customers that have purchased this product for a specific purpose and they limit its use to only that purpose. Do yourself a favor and really explore the entire product and maximize the features and functionality of what you have purchased.

View full review »
it_user489207 - PeerSpot reviewer
Security Architect at a healthcare company with 1,001-5,000 employees

Let Tufin help you see what can be. Make the tool work for you and be creative.

You can't always use it in a certain way. There are many ways to use a tool. You just have to be creative on how you use the tool. Find holes and ways to use it.

Figure out how you use the tool, and then figure out if you can create a process out of it, so you are not only using it when you are free. You want to use it as a process because it has to be repeatable. If something is not repeatable, there's no way to improve the process.

If I'm going to find a policy right now and I don't repeat that process, those policies will continue to become legacy, so you have to repeat using the tool.

View full review »
it_user488103 - PeerSpot reviewer
Security Consultant at a tech services company with 1,001-5,000 employees

I’m rating the product a nine just because I’m stingy with my tens.
Tufin delivers on everything that we've asked them. For a similar use case, they're solid and you're not going to have any kind of surprises or issues that are going to crop up from what I've seen. As an administrator rolling something out and having it work the first time, that's pretty much all you can ask for.

View full review »
it_user288696 - PeerSpot reviewer
Network & Security Operations Manager at a retailer with 1,001-5,000 employees

I recommend this solution. In our case, it was the missing part to be able to provide a better service to our clients.

View full review »
reviewer1188195 - PeerSpot reviewer
Works

Implementing the tool is easy, but introducing the changes within the company can be challenging.

View full review »
HM
Network/Security Engineer at a leisure / travel company with 51-200 employees

My advice would depend on what kind of implementation and what kind of environment you have. If you are looking for automation and auditing you should think about this solution. Talk to the technical guys at Tufin about how your environment works and can ask them about what they can do. If you are looking for automation you should look at Tufin.

Regarding Tufin's cloud-native security features, I am only familiar with their on-prem stuff. I haven't seen any of the cloud features on Tufin yet. I would really like to know what it will bring us at the end of the day.

We have three or four teams using it on different platforms and for different use cases, like auditing and alerting. On my team there are 25 guys using it. I don't have any idea how many guys on other teams are using it. Our security area is managing and maintaining it.

As engineers, we are certainly using it daily. I just made a scheduled change today through Tufin. We are certainly using it but I can't say what our plans are for it in the future.

I would rate Tufin at seven out of ten. The things that come to mind with this rating are the implementation of firewalls, the alerting and security. We can set out the security rules. I deducted three points because of the platform. I don't think that it has a stable platform. If there are 20 people and 22 need it, it will not be able to support us in that scenario. So that is a weak point. Stability and robustness are the things I'm looking for.

View full review »
it_user489222 - PeerSpot reviewer
Security Engineer at a retailer with 1,001-5,000 employees

Keep in mind that you're only going to get the network security layer of the Check Point showing up on the recording. You're not going to get all of the software blades that come along with it. One of the things my manager was disappointed to find was that we weren't able to gather that information.

View full review »
it_user479343 - PeerSpot reviewer
Senior Advisor Security Architect at a comms service provider with 10,001+ employees

I would give Tufin an 8 out of ten because some vendors own multi-contexts, and there are challenges supporting these devices. We are having issues with the Juniper device, for example.

View full review »
it_user477891 - PeerSpot reviewer
IT Security Engineer at a energy/utilities company with 1,001-5,000 employees

If I had to rate it one to ten, I’d give it a nine, since there’s room for improvement, even though they’ve been doing a lot of improvements over the years. I would also say that if you buy the product make use of it. There are more features available than you always realize, so a lot of times you might try the harder way first because you are used to working that way. You might discover that your life can get a lot easier.

View full review »
JN
Security Engineer at a government with 10,001+ employees

We don't use SecureChange at the moment, although hopefully, we can get to it in the future.

With respect to having this solution automatically clean up our firewall policies, we run the report but we don’t always push those changes on. We consider the recommendations but review it manually ourselves. This does point out what we can get rid of, and where we can optimize it. Once we have the trust of our team to push these changes automatically it will be implemented, but we're not ready for that yet.

Part of the reason is that we want to be in control of the firewall policy changes. We don't want developers or anybody recommending what we should be doing.

If somebody is looking to integrate a ticketing system, and not push changes directly through their firewall management system, and they would like a third-party verifier and checker then I don't know any other products that can do that. This is especially true for Check Point firewalls, and Palo Alto.

I would rate this solution an eight out of ten.

View full review »
PB
Security Architect at a manufacturing company with 10,001+ employees

The topology doesn't work and SecureApp doesn't seem to be a strategic product for Tufin anymore. Proceed cautiously with that in mind.

I would rate their SecureChange an eight out of ten. I would give their vision an eight, but for their execution I would give a three out of ten. 

View full review »
OJ
Consultant at Sirius Computer Solutions

I would suggest looking at not just the features and functionality which are specific to the environment which you are working in, but to be aware of the other features which the product has to offer. Because companies grow and things change, so it's always good to have at least a complete idea of what the product does and how it does it.

View full review »
it_user489228 - PeerSpot reviewer
Security Architect at HCA
it_user476727 - PeerSpot reviewer
Security Engineer at a financial services firm with 1,001-5,000 employees

I would give it an 8 on a scale of 1-10 because it works really well in helping you create your own reports. You can drill down into each of the different risks that are in the environment and take action on it. It actually tells you, in a descriptive manner, what the issue is and how to fix it.

View full review »
it_user437145 - PeerSpot reviewer
Head of Network and Security at a financial services firm with 1,001-5,000 employees

Give it a try.

View full review »
NK
Firewall Administrator Security Engineer at a comms service provider with 1,001-5,000 employees

I would recommend taking a look at the solution.

I use the solution daily and can see it anytime that I want. I find it invaluable in day-to-day management of firewall policy and policy changes.

This solution has sort of helped us to meet our compliance mandates.

The cloud-native security features will be more important in the future. I am just learning about them now.

I have not worked with SecureChange. I just took the SecureChange track, and from all of the exercises that we did, it seems like a very valuable tool after your firewall population reaches a certain density. If there are a certain number of firewalls, manual administration doesn't make sense anymore.

View full review »
SB
Senior Consulting Manager at a tech services company with 10,001+ employees

I would rate it seven out of ten. I would recommend Tufin if someone is considering it.

We are still in the process of phasing it in to help us with our compliance mandates.

View full review »
it_user489258 - PeerSpot reviewer
Senior Network Security Engineer at a government with 1,001-5,000 employees

Define exactly the specifics of what you need it for. If you need it for remediation of policies, then it's definitely the product to go to.

View full review »
it_user489264 - PeerSpot reviewer
Sr Network Security Engineer with 1,001-5,000 employees

It’s a pretty good product. The PCI compliance piece probably accounts for the rating of 8 as opposed to ten.

As far as comparing Tufin with another product, I would just look at some of Tufin’s features like the APG that is not used that often, but it's a really good feature. They do also have an extended tool section where you can kind of get a little bit more in depth.

View full review »
it_user466629 - PeerSpot reviewer
Manager, Information Security at Neustar

I really, really like the solution and we’ve been really happy with Tufin. Even though our Tufin sales rep recently changed, they've always been engaged with us. They hit us up pretty often to find out if there's anything that we need, or if there's anything that they can do to improve or even expand the use of their product.

View full review »
it_user437169 - PeerSpot reviewer
IT Sec Operations at a tech company with 10,001+ employees

Tufin SecureTrack has been great for us.

View full review »
VM
CTO at Uridium Technologies

I rate this solution an eight out of ten. The solution is good, but the reporting available could be improved, and the pricing could be reviewed as it is costly. Nevertheless, I recommend this solution to any organization that wants to implement a firewall analyzer. Additionally, I would advise new product users to read sections in the recommended requirements and ensure it is properly communicated to the vendor they choose to work with.

View full review »
it_user437175 - PeerSpot reviewer
Telecommunication Engineer at Vodafone

I think we’re not using it for all the devices we intend to use it for, but somewhere in the middle. It works, it's as simple as that because we noticed the difference after we got it working, and we immediately saw the advantages of having it.

View full review »
it_user437178 - PeerSpot reviewer
Network Security Consultant at a tech company with 10,001+ employees

If you follow the instructions you're good.

View full review »
it_user308643 - PeerSpot reviewer
Information Security Analyst at a transportation company with 1,001-5,000 employees

Pretty good, very supportive, understanding and recognizing we need to move in a phased manner. They are definitely in it for the long term. Support and professional services, we will require going in to the future.

View full review »
Akhilesh Mishra - PeerSpot reviewer
Technical Lead at M.Tech

I would advise others to go for it to manage firewalls from multiple brands in a single console.

I would rate Tufin a nine out of ten.

View full review »
DM
Professional Services Engineer at a tech services company

Check the product out for yourself.

I wasn't using it for visibility into my firewall infrastructure, because I have other avenues.

I wasn't using the compliance portion when I was testing it, only the orchestration.

I want to look at Tufin for remediation and compliance in the future.

View full review »
PD
IT Security Professional at a pharma/biotech company with 10,001+ employees

It is a really good product. It does exactly what you want it to do.

Get the training. I didn't get the training. I assume they provide training.

View full review »
it_user489249 - PeerSpot reviewer
Network Security Engineer at a pharma/biotech company with 10,001+ employees

I hope that Tufin just keeps doing what they’ve been doing. We look forward for future enhancements.

View full review »
it_user182367 - PeerSpot reviewer
Network Specialist with 51-200 employees

Once the application control is in the system, it is a great product.

View full review »
it_user375474 - PeerSpot reviewer
Security Evangelist

Surely, I would recommend this product in implementing. If the organization has a large network and different firewalls/network devices; Tufin really helps a lot.

We are a Cyber Security Products and Services company. We resell Tufin products and provide Tufin technical services.

View full review »
CD
Security Engineer at a insurance company with 201-500 employees

Everything is good right now.

Reach out to whoever does your implementation and support. Ask as many questions as you can and do research.

We haven't got to the point where we've used the solution to clean our firewall policies yet. That is the next phase.

This solution won't help us ensure that our security policy is followed across our entire hybrid network until the next stage.

We're not in the cloud.

View full review »
SM
Security Analyst at a government with 1,001-5,000 employees

Really dig deep and understand your use cases, then what exactly you're looking for out of the solution.

It has allowed us to maintain particular rules in regards to CJIS and HIPAA compliance.

We have multiple networks connected to this solution. So, we are able to design and monitor different rule sets in the three different domains that we control.

View full review »
it_user489252 - PeerSpot reviewer
Security Engineer at a non-tech company with 1,001-5,000 employees

All the competitors have their niches. Not one of them does anything perfectly. If you're comparing these type of management products, you want to look at what you're really going to use it for.

View full review »
it_user479277 - PeerSpot reviewer
Security Specialist at a financial services firm with 501-1,000 employees

I have no problems with Tufin, and it works great, but I would have to give it an eight out of ten. It’s just not as amazing as some of the other technologies I use, like Lancope StealthWatch. I wouldn’t tell anyone to stay away from it—It’s just a good idea to look at the competition and see what’s out there.

View full review »
it_user437193 - PeerSpot reviewer
IT-Security - Consulting (Licensing, Maintenance) at a tech consulting company with 501-1,000 employees

Just try it out. You should perform Proof of Concept and you’ll be reaping the benefits and seeing it’s a good product.

View full review »
PC
Consultant at RIPEN

The functionality, roadmap, and technical support are important to most customers. It is important to consider the integration support with other security tools and compatibility. I would rate Tufin a eight out of ten.

View full review »
it_user489255 - PeerSpot reviewer
Security Operations Engineer at a hospitality company with 1,001-5,000 employees

It's a good tool. We would need a view of all the tabs, for the analysis. If it's pretty fast, that should be good for us.

View full review »
ST
Information Security Engineer at a tech company with 1,001-5,000 employees

I would rate it a seven out of ten mainly because it does everything really well. In general, it still does what it's supposed to do, and we don't have any issues with it. 

I would advise someone considering this solution to know exactly what you need before you start the process. Be very thorough, because the devil is in the details and you need to know exactly what you want and need. Then you'll be able to tell which solution is better, and which one gives you the better return on investment. 

View full review »
it_user437163 - PeerSpot reviewer
Network, Telecom and Storage Manager at a financial services firm with 1,001-5,000 employees

Prior to implementing, you need to know the needs for each project. If you know the needs, you will probably meet expectations.

View full review »
it_user437139 - PeerSpot reviewer
Owner at a security firm with 51-200 employees

This is true for Tufin and as well for many of the security vendors and their products. I think it's very important just to get started or get the easy wins first, and then go to the solution afterwards. With Tufin, I think it's very, very easy to get big easy wins up front with all the documentation and all the tracking, just to get started and move forward from there.

View full review »
MS
Presales Network & Security Engineer at a tech services company with 51-200 employees

I would recommend this solution to others who are interested in using it.
I have not worked with any other vendors with this type of solution, for example, FireMon. I haven't worked with it. 

I would recommend it specifically to start with a secure track, which is a monitoring tool. Once the customer sees it, they want the solution. Afterward, for automation and secure change.

I would rate Tufin an eight out of ten.

View full review »
it_user298422 - PeerSpot reviewer
Senior Information Security Engineer at a financial services firm with 501-1,000 employees

Try to get a training course on what it can do, so that when you go to implement it you can get the most out of it. If I had known all the features from a training class, I would have implemented it differently from the guy who did it for us.

View full review »
IS
Security Operations Engineer at a security firm with 201-500 employees

I would recommend this solution. I think it's a good solution to have. It is good to know what this solution does in the network. You can have a lot of training on it and see a lot of questions from different users in the company.

On a scale of one to ten, I would rate it an eight.

View full review »
it_user437157 - PeerSpot reviewer
Group IT Governance - IT Security Engineer at a financial services firm with 10,001+ employees

We are very happy and it's a good product We take the reports, we see the zero keys, we see no rules that are not used, rules left over, I focus on those because this is my field.

View full review »
it_user437124 - PeerSpot reviewer
Web Technology and Security Manager at LYRECO with 1,001-5,000 employees

Try it and you will like it.

View full review »
it_user907089 - PeerSpot reviewer
Network Engineer at a tech services company with 11-50 employees

Plan ahead because the implementation of Tufin is hard if you don't have an idea of what you want to do. Without a plan, it will be hard to get it working.

When I'm selecting a vendor, I read the opinion of other people who use the product. I want to learn if it is buggy and if it is doing what people need it to do.

I rate Tufin at about eight out of 10 because they really need to improve the reporting.

View full review »
it_user479295 - PeerSpot reviewer
HoD IP MPLS Department at a comms service provider with 1,001-5,000 employees

My experience with Tufin has been good. We haven’t had any technical issues and the features that I have seen in the software so far are excellent.

View full review »
it_user437151 - PeerSpot reviewer
Network Security Architect at a tech company with 10,001+ employees

You should do a preview of each solution that you're interested in. Use it first and then decide if you want to buy it. Nowadays it's easy.

View full review »
Buyer's Guide
Tufin Orchestration Suite
March 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.