We just raised a $30M Series A: Read our story

Tufin OverviewUNIXBusinessApplication

Tufin is the #2 ranked solution in our list of top Firewall Security Management tools. It is most often compared to AlgoSec: Tufin vs AlgoSec

What is Tufin?

Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment. Customers gain visibility and control across their network, ensure continuous compliance with security standards and embed security enforcement into workflows and development pipelines. 

Tufin Buyer's Guide

Download the Tufin Buyer's Guide including reviews and more. Updated: October 2021

Tufin Customers

3M, AT&T, Blue Cross Blue Shield, BNP Parabas, ConocoPhillips, Deutsche Bank, GE, IBM, Pfizer, United States Postal Service 

Tufin Video

Pricing Advice

What users are saying about Tufin pricing:
  • "Because we're quite a large company, the price wasn't too much of a factor for us."
  • "I believe our cost is more than $100,000 per year."
  • "The price is on the cheaper side."
  • "Price could always be better, but there are always consequences."

Tufin Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
TL
Information Technology Graduate at a computer software company with 10,001+ employees
Real User
Top 20
Provides great visibility, allows us to automate the entire change process, and saves A LOT of time

Pros and Cons

  • "Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc. If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers."
  • "They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs."

What is our primary use case?

Some of our customers has Tufin, and we manage it. We're also planning to have our own Tufin that we're going to use as a leveraged service for all of our customers.

What is most valuable?

Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc. 

If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers.

What needs improvement?

They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs.

For how long have I used the solution?

We have been using this solution for three months.

How are customer service and technical support?

I have not contacted their technical support.

Which solution did I use previously and why did I switch?

We didn't work with any similar product, but we are just going with secure track and secure change, not secure cloud and secure app. That's all that we really need at this time, and obviously, we will work with Tufin in the future if we need more.

How was the initial setup?

A few of our clients have decided to implement Tufin themselves, whilst we just manage their firewalls. We were not involved in the setup of the management suite. However, after seeing the benefits of this, we have heavily considered the use of Tufin on a number of our other clients we manage.

We have identified that setup is a part of this and in our conversations with Tufin sought to address this. They offer a service for the full setup of the platform for use as an MSSP, and then providing a hand off service towards the end of this setup process which teaches engineers how to setup the remaining required devices.

For the full functionality, Tufin utilises all L3 devices on the network, so setup can be quite daunting. However, we identified that it would take ~30 minutes per L3 device, some of which can be done simultaneously. This is the biggest drawback to Tufin integration. However, Tufin can be used to some degree without this, meaning you can reap the benefits of it sooner rather than later.

What was our ROI?

What we found is that the return on investment will be pretty quick. This is because of the time saving that Tufin offers in FW changes, we can implement more changes at a faster rate. This has huge savings for employee's workload and the cost of their work. We have freed up a large majority of our FW engineer's time. The huge ROI we witnessed has resulted in us identifying that we can go to market to gain more customers and really broaden our customer base without the 'con' of hiring more people.

What's my experience with pricing, setup cost, and licensing?

Because we're quite a large company, the initial price wasn't too much of a factor for us. This is because the ROI was so significant for us.

Which other solutions did I evaluate?

We identified others, like Firemon and Skybox, however we found that they were not as mature as Tufin, not offering the same range of Firewall Vendors, e.g. Palo Alto, Check Point, etc., and the same level of automation.

What other advice do I have?

I would advise others to definitely work with Tufin and work out the best costs. Work out how soon you'll realize your return on investment. That has been a major kind of help. They've been brilliant in trying to help us develop a business case for using it, and then internally, I am sure there will be a massive help for implementing it in the future.

I would rate Tufin a nine out of ten based on the whole experience that we've had with it and the real kind of capabilities of the product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
TN
CyberSecurity Architecture Manager at a computer software company with 10,001+ employees
Real User
Easy to scale with good compliance and robust features

Pros and Cons

  • "You can easily scale the solution if you need to."
  • "The initial setup can be tough."

What is our primary use case?

We were primarily using the solution in order to grade the firewall rules.

How has it helped my organization?

How the solution benefits the organization is something that is currently being tested. We're considering doing something different, as we just used this product as a POC.

What is most valuable?

The compliance aspect of the solution is its most valuable aspect.

The stability is very good.

You can easily scale the solution if you need to.

The number of features is very robust - and there are a large number of features. That's a huge selling point, which is why its popularity is where it is.

What needs improvement?

I have heard many people complain that there is a high level of complexity. It may make it difficult to work with for some people. That said, I don't have those issues with the product.

The initial setup can be tough.

The product could use better integration with the cloud.

For how long have I used the solution?

I've been using the solution for years at this point, It's been a long time.

What do I think about the stability of the solution?

The stability is very, very good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. The performance is good.

What do I think about the scalability of the solution?

The scalability of the product is excellent. If a company needs to expand it, it can do so relatively easily.

In our case, while I don't have an exact user count, I can say that there were quite a lot of people on the product.

We're talking about shifting potentially away from Tufin, however, if we had kept it would have been used extensively.

How are customer service and technical support?

While other people have the opinion that it could be better, I've mostly been satisfied with the level of support we've received. They've been okay. I've had three or four run-ins with them and they were all positive experiences.

Which solution did I use previously and why did I switch?

I also work with AlgoSec. We use both solutions currently.

How was the initial setup?

The initial setup is not straightforward. It's a little difficult, a little tough. New users need to expect this before they get started.

Often, a consultant is involved in the process, as there is a large learning curve, and many companies don't have the bandwidth to ramp up the staff. Bringing on a consultant can speed up the processes a bit.

The deployment took about a month or so.

We're still working on how many people we actually require to handle the maintenance aspect of the product.

What about the implementation team?

Typically, we get a consultant for everything, however, this last deployment, in particular, seemed to be more challenging for the consultant and for the staff.

That said, our experience with the consultant was very good overall.

What was our ROI?

While we are getting what we need out of the solution in terms of functionality, I haven't really looked into an exact ROI. We got what we were looking to get out of it. 

What's my experience with pricing, setup cost, and licensing?

The billing and licensing aspect of the product is not something I'm a part of. I don't have any insights into the costs involved in using the solution. I cannot see if there's just a flat licensing fee or if there are other costs needed on top of that.

Which other solutions did I evaluate?

We are considering moving away from the solution currently. We're looking for other options. We might shift towards FireMon, however, nothing is set in stone.

What other advice do I have?

We're just a customer and end-user.

We're likely not using the latest version of the solution. Currently, there is a team that directly supports it. I can't remember the exact version number off-hand.

I'd advise organizations considering the solution to do their homework first and see if they can find out from industry associations and professionals what their experience has been.

In general, I would rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Tufin. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,721 professionals have used our research since 2012.
TI
Network Operations Engineer at a computer software company with 10,001+ employees
Real User
Top 20
Very straightforward to use with excellent scalability and reliable stability

Pros and Cons

  • "The solution is quite scalable."
  • "The older version that we have doesn't support some newer firewall vendors."

What is our primary use case?

We have a lot of ASA firewalls. We primarily use the product in order to lay down the rules and try to find out if there are any duplicate rules that need to be cleaned up, et cetera. It is mostly tasks like that.

What is most valuable?

The solution is very straightforward to use. It makes doing our work easy. The product is very good at helping us clean up rules.

We've found the stability to be quite good.

The solution is quite scalable.

What needs improvement?

The older version that we have doesn't support some newer firewall vendors. I'm not sure what the status of integration is right now on the latest version, however, it would be nice if they updated the older versions to allow for better integrations with firewalls. 

Sometimes the solution does take a bit of time to load. That said, it is a pretty old version, and that may be the main reason this is the case. It's possible that if we just upgraded to the latest version everything would go faster. 

Everybody wants to implement some kind of standard rules, however, it's difficult to standardize everything due to the fact that each company is unique. That said, if there was some sort of universal guide to ensuring firewall rules were compliant, that would be helpful. 

For how long have I used the solution?

I've been using the solution for a year and a half to two years at this point. It's been a while. I've definitely used it over the last 12 months or so.

What do I think about the stability of the solution?

The stability has been good. I haven't experienced any bugs or glitches. It doesn't crash or freeze. The stability has been reliable in terms of performance.

What do I think about the scalability of the solution?

I find the product to be easy to scale. Adding new firewalls is pretty straightforward and it handles the process well. If a company needs to expand and add more firewalls it shouldn't be a problem at all.

I would say six or seven people are using it and they're network operation people who have to deal with day-to-day firewall management, putting in new firewall rules, et cetera.

How are customer service and technical support?

I've never had an opportunity to reach out to technical support. I can't speak to how knowledgeable or responsive they are. I have no experience.

How was the initial setup?

The initial setup happened before my tenure with the company. I was not present when it was set up, and therefore I can't directly speak to my experiences with any implementation. I do not have a sense of if it was difficult or straightforward, and I can't say how long the deployment took. 

There is a bit of maintenance required, in terms of adding new rules, et cetera. We have individuals on staff that can handle that.

What's my experience with pricing, setup cost, and licensing?

I don't have any issue with the pricing, however, I was not the purchaser. I can't speak to the exact cost for our company.

Which other solutions did I evaluate?

While I was using Tuffin, I did want to evaluate AlgoSec. I wanted to compare the two to see which was better. In the end, I've decided I would stick with this product.

What other advice do I have?

We are just a customer and an end-user.

We are not using the most up-to-date version of the product. We are using one of the previous versions. I cannot at this time remember the version number, however, it was pretty old. We had a plan to upgrade, and then unfortunately ended up not doing that.

I'd rate the solution at a nine out of ten as it helps us do our work. We're mostly quite happy with its capabilities.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
MN
User at Daimler AG
Real User
Tufin is a great tool to automate Firewall change

Pros and Cons

  • "There are a lot of benefits to using the reporting. It gives us duplicate objects, duplicate services, shadow firewall rules, and the firewall rules not needed for a given number of days or months."
  • "There are pros and cons to the workflow. You cannot customize it fully and there are some limitations. You cannot create a pure object, a firewall, IP, or service (single layer) object. You can only create a firewall object group. That is one of the challenges."

What is our primary use case?

Automate the firewall change via SecureChange Workflow

How has it helped my organization?

1. Policy Optimization by using Tufin APG under SecureTrack. If you have a wide open policy, and you want to restrict it into fewer lines of policy based on last 30 or 90 days hits, you can use APG tool to build restrictive policy.

2. Firewall Cleanup: Deletering unused Rules, unsed objects, duplicate objects from firewall database, by using the report created by Tufin under SecureTrack. You can run this report on Tufin SecureChange to delete all the unwanted space. This will save tons of space on your Firewall database.

3. SecureChange Workflow: You can link Tufin to ticketing system to upload the firewall change ticket, and use the workflow to fully automate the firewall change process, from start to finish

4. Topology: If you a good topology, you don't need to see routing table on Firewall, or going through any visio network design to find the L3 networks in your enterprise. Topology under SecureTrack helped me a lot

6. Enterprise Unified Security Policy: Once I do have an Approved Unified Security Policy from the CISO, I don't need to ask approval for each low risk firewall change. USP not only saved CISO busy time, but also increased the efficiency of firewall team. The firewall change request doesn't have to stay in Approver Pending steps

What is most valuable?

SecureChange Workflow: It is Firewall Admin Robot, which handles the ticket right from receiving until the implementing process with documenting all the approvals.

What needs improvement?

1. Tufin workflow doesn't support IPS module, Identity Awareness Module, Policy Inline layer (Checkpoint)

2. Limitation on edit/create Group object: You can't create group Service object

3. You have to run Designer to Assign Firewall Rule Name, and Rule Number. By default, Tufin uses topology

For how long have I used the solution?

3

What do I think about the stability of the solution?

Tufin is very stable. There have been no major outages. 

Sometimes there is an SSL correction between Tufin and the management server. Sometimes it gets broken but I don't why. Apart from that, it is very stable.

What do I think about the scalability of the solution?

We can add as many firewalls as we need. It's just a matter of purchasing the licenses. It has good scalability.

How are customer service and technical support?

Tech support is very bad. I would give a zero rating to tech support. Compared to Check Point and Fortinet, Tufin tech support is worse. Even the Professional Services team doesn't like to respond to email. It is poor.

My team doesn't have a good relationship with Tufin. The Professional Services and even our Tufin account manager are not friendly. They're not helpful to us. But the Tufin product is fine.

How was the initial setup?

The initial setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

I believe our cost is more than $100,000 per year.

Which other solutions did I evaluate?

We haven't evaluate any competitors or consider other products.

What other advice do I have?

Tufin is not mandatory to manage firewalls or to manage any products. But it supplements. It will help you to get approvals and to push firewall policies. In the long run, when you have to manage hundreds of firewalls, obviously Tufin will help.

We are working on the USP, but so far we only rely on Tufin between about ten and 20 percent to see USP violations.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ALKAN Ermis
Network manager at Ekol Lojistik AS
Real User
A stable and scalable security solution with a user-friendly GUI

Pros and Cons

  • "It's user-friendly. It's easy to understand menus on the web GUI. That's a good feature for us. I can say that it's doing what it's supposed to do. It also integrates well with other products like Check Point."
  • "It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old."

What is our primary use case?

We're using this solution mainly to get some audit reports regarding the policy installations on our firewalls. We aren't using any changes or other features, and we're not installing policies automatically. We're just using it to collect some log data like who installed something and what they did.

What is most valuable?

It's user-friendly. It's easy to understand menus on the web GUI. That's a good feature for us. I can say that it's doing what it's supposed to do. It also integrates well with other products like Check Point.

What needs improvement?

It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old. It would also be better if they had an SMS gateway integration. I would like to have some integrations with other products like Jira for change management and incident management.

For how long have I used the solution?

I have been using Tufin for about three years.

What do I think about the stability of the solution?

Tufin is a stable product. We're not having any issues. Sometimes we do have problems with the product, but it wasn't related to Tufin. Sometimes when we had an upgrade on the firewall product itself, we encountered some problems.

What do I think about the scalability of the solution?

It's a scalable product. We have about 50 gateways, and Tufin collects data from all of them. We also have a management server, and we've integrated two important classes of databases. We're only using three instances, and we're not having any issues.

How are customer service and technical support?

Tufin support is good, and we managed to implement this solution by ourselves. But it would be better if some engineers from Tufin joined a session and did stuff together with us. That would have been much appreciated. I would expect them to organize the session and provide some support, at least in the beginning.

Which solution did I use previously and why did I switch?

I also have AlgoSec, and it seems to be much more complicated. I would say that Tufin is much more compatible with Check Point firewalls. That was the main reason for choosing Tufin over AlgoSec.

How was the initial setup?

The initial setup is complex. I didn't have any Linux knowledge in my past, but I could say Tufin support is good at it. When we need to get some support, they respond quickly. They explained everything to finalize issues regarding the installation.

What about the implementation team?

We implemented this solution by ourselves. It took us one or two hours to install and deploy this solution.

What's my experience with pricing, setup cost, and licensing?

The price is on the cheaper side. I'm not planning on adding additional resources, and I don't expect any additional costs.

Which other solutions did I evaluate?

Not before but after using tufin actively about a year, we have evaluated algosec as an alternative solution. It was also well designed alternative but it was not well integrated as tufin did with Checkpoint

What other advice do I have?

There aren't many products like Tufin and AlgoSec. I think both products are good, but when people are using Check Point applications, we recommend Tufin.

On a scale from one to ten, I would give Tufin a ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
AW
Principal Consultant at a consultancy with 1-10 employees
Consultant
Good visibility, user-friendly, and stable, but needs better graphical representation capabilities

Pros and Cons

  • "Being able to customize your own clarity to that aspect of change management."
  • "I would like to see AI elements included with this solution."

What is our primary use case?

The solution is predominantly used for managing firewall changes, policy changes, and understanding those aspects.

Most people use it for the basics, even though they could use it for a lot more.

What is most valuable?

The most valuable feature is being able to customize your own clarity to that aspect of change management.

Having better visibility of what is going on. If it gets out of control, you can keep it in your head no matter how smart your administrators are.

From what I have seen, it's user-friendly.

What needs improvement?

It's a bit clunky, but that may be because of different environments, and it is struggling to get the information. It's possible that the performance issue is because of the network and not the right architecture.

I would like to see anything that is graphical, as much graphical representation of things. Modeling, and what-ifs. It becomes more intuitive and allows you to close some of the gaps between drawing stakeholders in, for example. If they ask "Why are you spending so much money on this tool?"  or "Why are you doing this?", you can show them examples and it becomes more obvious.

I would like to see AI elements included with this solution. There is quite a lot of human element in understanding the consequences of change within the firewall environment, but they might benefit from more of an AI element as well.

For how long have I used the solution?

I am a security architect and I have been involved with it periodically for approximately five years.

What do I think about the stability of the solution?

It's a reliable solution.

What do I think about the scalability of the solution?

It's a scalable product. I have dealt with companies that are pretty sizeable, and it seems to handle it.

How are customer service and technical support?

I personally have not contacted technical support, but the information that is available on their website is pretty useful, it's pretty good.

How was the initial setup?

You need to allow a fair amount of time. That is the case for all firewall management tools.

It gives the appearance of being straightforward to get going but they need a bit of time particularly to do the sorting of the matrices for example.

When planning, people should estimate it then double it, just to make sure they get things right.

What's my experience with pricing, setup cost, and licensing?

Price could always be better, but there are always consequences. Normally, there are other issues that come into play. For example, you pay more and expect to lean on the vendor more for the services and support.

What other advice do I have?

I have recommended this solution from time to time and I would definitely recommend it to others.

I would rate Tufin a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
RO
Project Manager at a comms service provider with 10,001+ employees
Real User
Good change manager and technical support but needs to be more comprehensive

Pros and Cons

  • "The technical support is pretty good."
  • "The pricing of the solution is rather expensive."

What is most valuable?

We use two main modules. We really appreciate the change manager. It's one of the most valuable aspects of the solution.

The technical support is pretty good.

What needs improvement?

We need the solution to have full compliance with IPV6. 

We also use VMware features and we need the solution to be fully integrated. We used to make micro-segmentation. We'd like to be able to do this again, and for that to happen, we need more integration.

The pricing of the solution is rather expensive. 

It needs to be more comprehensive. There are also some drawbacks in trying to import a policy matrix inside. If some people design a policy matrix in the file, in an Excel file, the problem is that we will have to work a bit to interact with it properly. Something more economical needs to be in place to deal with the policy matrix.

What do I think about the scalability of the solution?

We have a small team working with Tufin. That said, even though the team is not a big team, we have a lot for it to do. Tufin now is our policy manager for the private cloud. It's the main policy manager. We also use Skybox for the legacy part.

How are customer service and technical support?

I've dealt with technical support in the past. They are okay. They really try to work with us. I'd describe them as being helpful and responsive for the most part. We're largely satisfied with their level of service.

Which solution did I use previously and why did I switch?

We also use Skybox Security Suite. We use both that and Tufin simultaneously.

How was the initial setup?

The initial setup was actually handled by another team. I can't speak to the implementation process due to the fact that I did not participate in the process directly.

What's my experience with pricing, setup cost, and licensing?

As an architect, the pricing seems expensive to me. For what it does, I would say it's expensive. 

Which other solutions did I evaluate?

I can only really compare it to Skybox, which is a solution we also use. 

If I compare it with Skybox, I see it is the best. It is better than the Skybox. However, we need it to do more. 

What other advice do I have?

We are not a reseller. We are an IT enterprise. We are customers and end-users. That said, our relationship is evolving. It's becoming something like a partnership, as we need more features and are making suggestions and trying to develop it out a bit. 

I'm not sure of which version of the solution we're using. I can't recall the version number off-hand.

I'd rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
VM
Uridium Technologies at Uridium Technologies
Real User
A complete solution with good reporting and excellent technical support

Pros and Cons

  • "The reporting on offer is very good. Tufin makes nice reports."
  • "The pricing could be a bit more competitive."

What is most valuable?

So far, the solution has been fantastic. The customer has been very happy with its capabilities overall. 

It works very well in an enterprise environment.

There aren't any gaps in its offering at this time. It's a very complete solution.

The reporting on offer is very good. Tufin makes nice reports.

Technical support has always been very helpful and responsive. 

What needs improvement?

The pricing could be a bit more competitive. If you compare it to, for example, AlgoSec, AlgoSec has better pricing.

The implementation could be a bit easier. 

For how long have I used the solution?

I've been working with the solution for about a year or so at this point. It hasn't been too long. 

How are customer service and technical support?

We've had to contact technical support a few times in the past. Their support is fantastic. They are very helpful and responsive. They are knowledgeable about the product. We are quite satisfied with the level of service we receive. 

Which solution did I use previously and why did I switch?

I also work with Cisco devices.

How was the initial setup?

We had some issues during the initial implementation. Our client had some devices that, for some reason, just weren't integrating. If they could look into issues that clients face at the outset, when the setup is happening, it would make the experience a lot easier to handle. They just seem to need to be able to handle more integrations with other devices. 

What's my experience with pricing, setup cost, and licensing?

The pricing could be a bit better. It's definitely not the least expensive option. It would be ideal if the product pricing came down a bit so that it was more competitive. The clients would appreciate that a lot.

Which other solutions did I evaluate?

I'm currently looking at other solutions to compare Tufin to. I have done some comparisons between Tufin and AlgoSec and my takeaway from that is that AlgoSec is less expensive.

What other advice do I have?

I would advise other organizations considering the solution to first be aware of what they want to achieve. As a company, you need to start there before you start choosing solutions. That way, you'll know if the solution will properly meet your expectations. Tufin has a few options as well. It's important to understand which would work best according to your requirements. 

I would rate the solution at a nine out of ten overall. We've been very please with the capabilities of the product and our clients have been happy. 

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate