Tufin Other Advice

Arturo Morante
Network Architect at a transportation company with 10,001+ employees
Don't bother with the web interface, calm down, don't worry, everything will be fine. They will improve it. The rest of it, I don't have any issues. They're technically prepared, the tool does its thing. The only two things I would be patient with are the web interface and that documentation which is not really well organized. Besides that, it's pretty easy. It's pretty easy to configure and, once you start using it, you will see the potential. AlgoSec, Skybox, and all those tools probably have the potential as well. But Tufin is easy enough for everybody. What we don't use, and what we are not planning to use, is the third module, the SecureApp. We haven't played with it and we're not planning on using it, for the moment. In terms of using Tufin to automatically check if change requests will violate any security policy rules, we would love to do that. What we didn't do is build the security matrix. That part is the one that takes a lot of time to build. You have to work with the security team and all the players involved. Because we did not design the security matrix, we couldn't match a firewall rule with the security matrix and say, "Okay", or "Not okay," and do some automation there. What we did is prepare a form for a firewall petition, and some automatic steps. For instance, in the first step, you enter the request and it sends an email to a business approver. Depending on whether that firewall or that flow is predefined as allowed or not, you can skip that step and go to the next step. We did a little bit of logic with the change-request form. It worked pretty well for us. The purchasing process takes a little bit of time because of all the different groups involved. But we're planning on implementing it and to finish around next summer, 2020; to have both SecureTrack and SecureChange up and running. As for compliance, we don't have many requirements. Of course, we are bound to some ISO certifications, because it's the car industry, but we don't have any specific PCI. We don't sell cars over the internet, so we don't have to do that. When it comes to Tufin's cloud-native security features, what we have is our landing zone in AWS - a VPN tunnel from on-premise to Amazon, with Transit VPC. We have a couple of Palo Altos, securing the track from on-premise to the cloud. And we added those Palo Altos to Tufin. We needed to tweak and include some virtual devices in Tufin so the routing would be okay. But that was quite easy. It was well-documented as well. The only problem is that we got our quotation from our supplier, and the Security Groups are extremely expensive. They bill you $1,200 dollars per Security Group per year, which is really high. We're not that big, we may have 100 or 150 Security Groups. That's would be about $200,000 just to manage Security Groups. We were put off by that. From the start, we won't have the Security Group feature. We think it's too expensive. As for increasing our usage of Tufin, we'll go day by day and see how it responds to our requirements. SecureTrack at the beginning, then SecureChange. Maybe, if everything goes well, we will think about SecureApp. It's not in the scope at the moment, but maybe we will implement it. I would rate Tufin a seven out of ten. It will get better once they get their act together with the documentation and the interface. View full review »
NetworkS2260
Network/Security Engineer at a leisure / travel company with 51-200 employees
My advice would depend on what kind of implementation and what kind of environment you have. If you are looking for automation and auditing you should think about this solution. Talk to the technical guys at Tufin about how your environment works and can ask them about what they can do. If you are looking for automation you should look at Tufin. Regarding Tufin's cloud-native security features, I am only familiar with their on-prem stuff. I haven't seen any of the cloud features on Tufin yet. I would really like to know what it will bring us at the end of the day. We have three or four teams using it on different platforms and for different use cases, like auditing and alerting. On my team there are 25 guys using it. I don't have any idea how many guys on other teams are using it. Our security area is managing and maintaining it. As engineers, we are certainly using it daily. I just made a scheduled change today through Tufin. We are certainly using it but I can't say what our plans are for it in the future. I would rate Tufin at seven out of ten. The things that come to mind with this rating are the implementation of firewalls, the alerting and security. We can set out the security rules. I deducted three points because of the platform. I don't think that it has a stable platform. If there are 20 people and 22 need it, it will not be able to support us in that scenario. So that is a weak point. Stability and robustness are the things I'm looking for. View full review »
Syahrul Fitri
Specialist in Network Security Operations Support at a financial services firm with 10,001+ employees
If you are looking at a large environment and a large number of policies, you really need Tufin to help you manage all the rules. We have 25 policies, and each policy has around 1,000 to 1,500 lines of rules. Managing that manually would not be easy. We haven't started using the change impact analysis capabilities of this solution yet. We are still testing it. We are not that familiar with the process yet. Because our team is doing cleanup every three months, we need to keep generating a report every day to have correct visibility: which rules are unused and which rules need to be removed to be optimized. We are using it quite intensively. I don't know how we can increase usage until we deploy and start using SecureChange. At that point it will be more intensive because after SecureChange everything will be automated and they will start only using and looking at the secure Tufin interface, in terms of rolling out all the requests. We haven't seen a reduction in the time it takes to make changes yet, because we are still tweaking the SecureChange part. We will be testing it in a few months' time. We need to see integration with our ticketing system because people are making requests over HPSM and Tufin needs to be able to grab them first, before we can start to roll out SecureChange. View full review »
Find out what your peers are saying about AlgoSec, Tufin, FireMon and others in Firewall Security Management. Updated: June 2019.
348,275 professionals have used our research since 2012.
Tch32Dr8392
Technical Director at a tech services company with 201-500 employees
The first priority is to evaluate how expensive your firewall family is. If you have, for example, F5 then you would probably have similar problems to what we encountered with F5. But if you are deploying general firewalls, like Palo Alto and Cisco, that's fine. You have to evaluate how you are going to import existing policies and how you are going to monitor those policies when they transfer them across to be centrally managed and monitored by Tufin. In terms of users of the solution, we set up for the customer a central admin who is the main administrator that controls the entire dashboard. In addition, there are viewers who only need to view and monitor the reports and the like. It's the IT firewall team that makes changes to the firewall and backend system. So there are three main groups of users. We do the maintenance for the customer, so if there are any patches or any updates that are critical we work with the customer to identify a suitable time for us to do the system upgrade. We manage our customers' IT infrastructures. We then bring in vendors according to what each customer requires. We are the system integrator, integrating to their backhand system. We provide consultancy and advice to the customer with regards to the types of products that they should choose. Eventually, we support products once they have deployed them. A lot of customers don't have a big IT team locally to support the infrastructure, so we provide that level of support. From an implementation and costing-strategy standpoint, I would give Tufin eight out of ten. It would be much better if they could improve the F5 support and also enhance the documentation in terms of integrating firewall products. View full review »
Mohd Majmi Mohamad
Regional OSH at Pos Malaysia Berhad
In terms of advice, it depends on what a user's needs are. For us, we only considered Tufin for the security and the network parts, especially the network mapping. I need to see the hop-by-hop, from this site to that site, how many hops for a transfer packet. Tufin is good for beginners. Tufin filters based on rules, even if a beginner doesn't know what to do, how to configure the firewall. Tufin can then monitor based on those rules. It's a good value for what it does. We had no issues with this product. It was good for us. We could deploy it in our environment without any issue. I rate it at eight out of ten because we are still evaluating Tufin. Our project is running on Riverbed for SDN. I don't know if Tufin can integrate with Riverbed. Other than that, I have no issues with this product. View full review »
Managerfac3
Manager at a manufacturing company with 10,001+ employees
I would rate it a seven out of ten. I would advise someone considering this type of solution to not listen to the sales teams among the competitors. They all throw each other under the bus and a lot of it is not true. Tufin's competitors will tell you how bad of a company that Tufin is and how you can't trust them, and how their stuff doesn't work. Then, Tufin doesn't say anything bad about their competitors. So, don't trust everything that you hear. Do your own research. Do a proof of concept. Get all of the vendors in. Give it a month to test drive. Set it up and let them prove it out. In the end, the correct tool, not the better salesman, will win. View full review »
Samuel Taxis
Information Security Engineer at a tech company with 1,001-5,000 employees
I would rate it a seven out of ten mainly because it does everything really well. In general, it still does what it's supposed to do, and we don't have any issues with it. I would advise someone considering this solution to know exactly what you need before you start the process. Be very thorough, because the devil is in the details and you need to know exactly what you want and need. Then you'll be able to tell which solution is better, and which one gives you the better return on investment. View full review »
John Fulater
Security Engineering at a financial services firm with 10,001+ employees
Buy Tufin because it works! I love the product. It's been a great product to work with. The people are great, and the support is awesome. I have had no downside out of it. We're just getting started on the change workflow. So, we're learning it, and it's working well. It helps with our review process. We do a peer review, saying "Hi, here's all the changes," then you can look at it and go, "Oops I forgot something," or, "I don't think that was in any drop," and we can go back and review that. This is where it helps us minimizes errors. Before Tufin, we would not end up not catching these errors. We are automating, so we are getting to a place where our engineers are spending less time on manual processes. View full review »
NetworkS6585
Network Security at a transportation company with 10,001+ employees
It is a good solution, somewhat easy to implement, and gives you a lot of information. It takes time to learn all the little nuances of it. I don't think we're using cloud native security quite yet. View full review »
Shawn Babinyecz
Cyber Security Engineer at a healthcare company with 10,001+ employees
It's very solid product. There are definitely a few things that I wish I could do with it, but I'm so new to the product that maybe I'm just not looking at the right spots. Try it out. It's pretty cool. I was very impressed with the initial presentation and how it could automate everything. It's just that getting to the point where you want it to do what you need it to do is definitely time-consuming and a lot of work. However, I think it will be worth it in the end. We are working to use this solution to automatically check if a change request will violate any security policy rules. We are not there yet. We are still in the process of getting it developed. Some of the portions that I have used have helped me, as I can just go to one place and find out if a rule exists, or if there's any type of traffic. View full review »
Securitye949
Security Engineer at Allegiant Air
We are really interested in the Tufin Orca product. * For visibility in the network, I would rate the product as a nine out of ten. * For usability, I would rate the product as a seven out of ten. * For liability, I would rate the product as a nine out of ten. View full review »
Consulta38b6
Consultant at Sirius Computer Solutions
I would suggest looking at not just the features and functionality which are specific to the environment which you are working in, but to be aware of the other features which the product has to offer. Because companies grow and things change, so it's always good to have at least a complete idea of what the product does and how it does it. View full review »
Security4691
Security Engineer at a manufacturing company with 10,001+ employees
While it has its highlights, it has deep issues that need to be addressed. This solution help us ensure that security policy is followed across our hybrid network. Our company doesn't really have federal or regulatory compliance requirements. Spend a lot of time testing and doing a PoC for it, before you make the final decision to go for it. View full review »
SrAdvisof832
Senior Adviser Cyber Security at a comms service provider with 10,001+ employees
You need a product like this, but look at difference solutions in the market. I would rate it a seven out of ten. We do not use the product across our entire network. We do not use the cloud native security features. In the future, we will use the solution to check if a change request will violate any security policy rules. View full review »
Salvador Teran
Network Security at a tech services company with 5,001-10,000 employees
I would recommend Tufin. They are very helpful for IT organizations, as they continue improving SecureChange. With our security plan, we can see how Tufin meets the basic requirements. Then, we can go and customize if there is any risk, which might be interfering with ports or external networks. View full review »
SrInfoseb35c
Senior Information Security Architect at First Citizens Bank
It does what it needs to do for our needs. We are in the process of doing a PoC for the new changes. Currently, it's all reactive. We do the changes, then we review it at a later time. View full review »
SrNetwor9adb
Senior Network Engineer at a financial services firm with 1,001-5,000 employees
There is room for the product to grow. View full review »
Profferefb28
Professional Services Engineer at a tech services company
Check the product out for yourself. I wasn't using it for visibility into my firewall infrastructure, because I have other avenues. I wasn't using the compliance portion when I was testing it, only the orchestration. I want to look at Tufin for remediation and compliance in the future. View full review »
SeniorCofe32
Senior Consulting Manager at a tech services company with 10,001+ employees
I would rate it seven out of ten. I would recommend Tufin if someone is considering it. We are still in the process of phasing it in to help us with our compliance mandates. View full review »
Security1d40
Security Analyst at a government with 1,001-5,000 employees
Really dig deep and understand your use cases, then what exactly you're looking for out of the solution. It has allowed us to maintain particular rules in regards to CJIS and HIPAA compliance. We have multiple networks connected to this solution. So, we are able to design and monitor different rule sets in the three different domains that we control. View full review »
NetworkS3480
Network Security at a insurance company with 1,001-5,000 employees
Seriously Tufin for your final decision. View full review »
Securitye57f
Security Architect at a manufacturing company with 10,001+ employees
The topology doesn't work and SecureApp doesn't seem to be a strategic product for Tufin anymore. Proceed cautiously with that in mind. I would rate their SecureChange an eight out of ten. I would give their vision an eight, but for their execution I would give a three out of ten. View full review »
ITManage3885
IT Manager at a financial services firm with 10,001+ employees
I would rate it an eight out of ten. It's very easy to use and you can get good results very quickly. We don't use the cloud native security features yet. View full review »
NetwEng3023
Network Engineer at a tech services company with 11-50 employees
Plan ahead because the implementation of Tufin is hard if you don't have an idea of what you want to do. Without a plan, it will be hard to get it working. When I'm selecting a vendor, I read the opinion of other people who use the product. I want to learn if it is buggy and if it is doing what people need it to do. I rate Tufin at about eight out of 10 because they really need to improve the reporting. View full review »
ITSecuri46f3
IT Security Professional at a pharma/biotech company with 10,001+ employees
It is a really good product. It does exactly what you want it to do. Get the training. I didn't get the training. I assume they provide training. View full review »
Find out what your peers are saying about AlgoSec, Tufin, FireMon and others in Firewall Security Management. Updated: June 2019.
348,275 professionals have used our research since 2012.

Sign Up with Email