Tufin Pros and Cons

Tufin Pros

Director at Visa Inc.
We use Tufin to clean up our firewall policies. It benefits us, because you can run a query for whatever your cleanup criteria is, e.g., "Has it been hit in 90 days?" It displays the list, then you can see the rules right there. If you want to get rid of it (or highlight it), then it creates a ticket that goes ahead and flags them all as disabled. While you can delete them, we always disable first. Then, we have a strip that comes back, and if it's been disabled for 90 days, then the system will remove them.
View full review »
PM
Senior Network Engineer at a financial services firm with 10,001+ employees
The best feature for me is being able to look up objects within all of our policies, because we have a little over 12,000 rules and over 30,000 objects. When one person says, 'Hey, where's my server?' I can just go to Tufin and say, 'Hey, where is that server?' and very quickly it tells you where it is, what policy it's on. That is a life saver.
View full review »
BW
Change Manager at a pharma/biotech company with 10,001+ employees
One of the things that came up this week was the ability to decommission a server, which we thought was interesting. We had a workshop recently that talked about all the things that need to be thought about when managing firewalls. People said, "A lot of times, things get forgotten when you are decommissioning a server." E.g., making sure rules are taken away and taking out the rule set. The fact that there is an automated workload for that can be helpful.
I had been impressed with the depth of capabilities within SecureTrack, particularly, in terms of generating insights for a user and firewall operator. With SecureTrack, I've been impressed with the level of flexibility with workflow design and its ability to generate different work streams and flows through the tool that are customized for our organization processes.
View full review »
Learn what your peers think about Tufin. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
511,607 professionals have used our research since 2012.
MH
Network Security Operations at a insurance company with 10,001+ employees
We use this product to sharpen our change cycle. A request used to take quite a while as we did manual assessments. A lot of that is now done through SecureTrack.
In the past, we would do certain things because of private knowledge of people's own understanding of the network. We don't have to rely on just that piece of it, because of the topology. We now know which firewalls come into play.
View full review »
BS
Service Engineer at G2 Deployment Advisors
The APIs are the most valuable feature of this solution, as they facilitate integration with ServiceNow and other solutions.
View full review »
Network Security Engineer at Customer Worldpay
In our current environment, the most valuable feature from Tufin is their Network Map.
View full review »
DS
Network Engineer Lead at a energy/utilities company with 10,001+ employees
The visibility is huge. In order to figure out what was going on previously, we would have to pull stuff out of firewalls and put them in spreadsheets, then do sorts. Now, it's all right there in Tufin. We can write reports to look for what we need, ad hoc searches to find object groups, and know which firewalls are on. This was almost impossible to do previously.
View full review »
SE
Security Analyst at a retailer with 10,001+ employees
It provides a comprehensive overview of what our network looks like in terms of what is allowed and what is not, then how the traffic' is flowing with the Network Topology Map.
View full review »
GK
Network Engineer at a healthcare company with 10,001+ employees
It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us... ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser.
The Topology Map, which feeds into our SecureChange - the latter being an automation platform - there's a lot of synergy between the two.
View full review »
Managing Director at Midpoint Technology
This solution has helped our clients because it allows them to leverage the tools so that they can actually reduce their overall expenses for the environment.
View full review »

Tufin Cons

Director at Visa Inc.
The topology needs improvement. If I click on the network tab, I can go get a cup of coffee, come back, and my topology is still not painted. Maybe, it's just because we have so many devices, but looking at the topology, it is too slow. The problem is that when I click on the network tab, I do not want to see the topology. I want to click on the "Next" button, so I can put in the source and destination, so I can see the path. However, I still have to sit there and wait for the topology to load, and it's frustrating. I'll click on topology and try to click that "Next" button in time to where I can get around it. But, typically, you have to wait for that topology to paint. When it paints it, it's just a bunch of black smudges because there is just so much there. It can't paint it to where you see something. I can always zoom out, or something like that, but it's really worthless.
View full review »
PM
Senior Network Engineer at a financial services firm with 10,001+ employees
For me, there are two things that can make Tufin a bit better... [It needs] a better focus on automation - automating a lot of the processes; and automating rule re-certification, or at least finding a way to simplify it.
View full review »
BW
Change Manager at a pharma/biotech company with 10,001+ employees
There are things that could be explained a little better for somebody brand new to this system, which could be helpful, especially if it was in real-time while you were working in the system. Having the ability in real-time to be able to understand search query suggestions would be helpful.
A limitation right now for compressed firewalls is the limited ability to see above a site level in terms of the Topology Mapping in the policy display. While Tufin's actively working on a solution, or at least they have this in the queue, from being able to view this on a higher level and how all of our site networks are connected, this ability would be useful, as we expect to have these compressed firewalls in place for quite some time.
View full review »
Learn what your peers think about Tufin. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
511,607 professionals have used our research since 2012.
MH
Network Security Operations at a insurance company with 10,001+ employees
The product that we have deployed for our main process gets bogged down in terms of its response. Maybe, we need to deploy a slightly smaller box. Eventually, we need to discuss this with Tufin is to see if we can move over to some sort of VM environment where we can add more processing power to it.
Our initial setup was complex from two dimensions, because we were deploying it globally and had to have a centralized view, but a distributed approach. We had it in Asia and North America, causing a slightly complicated approach.
View full review »
BS
Service Engineer at G2 Deployment Advisors
I would really like to see a new UI for SecureChange. SecureTrack 2.0 has quite an improvement in the UI and it flows more smoothly. The current SecureTrack and SecureChange are a little blocky, and sometimes loading a tab or a page is required to refresh information. Whereas in SecureTrack 2.0, they're starting to improve on that.
View full review »
Network Security Engineer at Customer Worldpay
The biggest area where I see a need for improvement is some of the documentation and training stuff. It does a really good job of hitting the big concepts, but it needs like another layer deeper of actually getting into some of the details of how to do some of the things. Conceptually, I understand how the product works, but now how do I start building stuff and integrating it into my environment.
View full review »
DS
Network Engineer Lead at a energy/utilities company with 10,001+ employees
The change workflow process is getting better. I wish it was a little more customizable. Right now, my biggest issue is that it wants to optimize everything we put in. Sometimes, we need a rule to be more readable, and we want it to go in a specific way. Sometimes, it's difficult to get Tufin to accept that. It wants to optimize and reduce the number of ACLs. On the compliance side, sometimes you just want more ACLs, so it's more readable for an auditor.
View full review »
SE
Security Analyst at a retailer with 10,001+ employees
I wish there was a read-only admin option. I don't like that you have to be a full admin just to see the Network Topology Map. That option is great out there if you are a user, multi-domain user, etc. However, that piece is very helpful for us, but I also don't want to be handing out admin access to every single person so they can see that network tab.
View full review »
GK
Network Engineer at a healthcare company with 10,001+ employees
Tufin has come a long way when it comes to visibility. What we would like to see is a little bit more on the discovery level, network discovery, which Tufin does not have today.
More API integration with third-party platforms is something that we would definitely like to see in upcoming releases.
View full review »
Managing Director at Midpoint Technology
We would like to see more in terms of integration with other application types within the context, such as next-generation firewalls or next-generation threat devices that are out there.
View full review »
Learn what your peers think about Tufin. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
511,607 professionals have used our research since 2012.