RedSeal vs Tufin Orchestration Suite comparison

"The most valuable features are network mapping and configuration."

"RedSeal has different modules, such as the Analyzer module, which can be leveraged."

"This is the only solution in the world that gives you a digital resilience score."

"RedSeal integrates the network and gives us a visual or graphical overview of our network. If an organization is geographically dispersed, for instance, with one office in Canada and one office in the Philippines, the whole network, including all devices, is integrated into RedSeal, and you can see from where the traffic is going in and out."

"I don't think that we were ever slow, but we can now say that changes are completed within twenty-four hours."

"The visibility is very good. We have managers who are overseeing it, and they are approving things through it."

"The most valuable feature is alerting, which lets me know when someone has made a change."

"The features I have found most valuable are its capability to check on the firewall and the routers. Afterwards it checks out all the configs, checks the vulnerabilities, checks the risks - it checks everything that may end up causing our router to be compromised. At the end it recommendations what we should do."

"It is very easy to use. We can get results back quickly."

"We use Tufin to clean up our firewall policies. It benefits us, because you can run a query for whatever your cleanup criteria is, e.g., "Has it been hit in 90 days?" It displays the list, then you can see the rules right there. If you want to get rid of it (or highlight it), then it creates a ticket that goes ahead and flags them all as disabled. While you can delete them, we always disable first. Then, we have a strip that comes back, and if it's been disabled for 90 days, then the system will remove them."

"I like the fact that Tufin was able to integrate with our firewalls, which include Palo Alto and FortiGate."

"The most valuable function is the SecureChange where it is able to automate everything from the validation of the rules to the pushing of the rules."

"One of the areas of concern is the GUI. It is important to our customers that the GUI looks beautiful. It's a Java Client, so you have a Java dependency."

"Sometimes, it required us to refresh the configuration. When we integrated any of the configurations into the device, sometimes, it could not detect the exact picture of that device. So, we had to reset the device to see that if it was giving true-positive results or false-positive results. In some cases, we were not able to get true-positive results. There was some kind of bug in that version. Its interface is not user-friendly and needs to be improved. It takes time to understand the interface and various options. Skybox has quite a user-friendly interface. They could provide a feature for compliance audit policy if it is already not there. A compliance audit policy ensures that all configurations are based on the best practices standards, such as CIS benchmarks standard or other similar standards. It provides visibility about whether your device configuration is based on best practices or not. Usually, such a feature is provided by other solutions such as Meteor or Tenable Nessus."

"There is room for improvement in integrating the OT security part and the private 5G security part in RedSeal."

"The dashboard should be improved to make correlating data easier to do."

"Our initial setup was complex from two dimensions, because we were deploying it globally and had to have a centralized view, but a distributed approach. We had it in Asia and North America, causing a slightly complicated approach."

"It needs better reporting with more graphics and more pie charts, so management can understand details. The reports that are done now are full of data and management would like to have an image to help understand, right away, what the reports are saying."

"A big improvement would be on the USP policy. If we could use Palo Alto to take those zone names and auto import them into the policy, then just do the policy based on the zone names instead of having to put in every single subnet."

"The network part of the solution could be improved. It's too hard because of the Tufin licensing model for the routing devices."

"We were just talking to them about usage for the F5 platform. They will not be going after specific environments, but a more OpenAPI. They will have other companies write it, etc. It's a little different than I had expected."

"In the next release I would like to see better migration in the Cloud because that will allow more visibility in the network."

"For me, there are two things that can make Tufin a bit better... [It needs] a better focus on automation - automating a lot of the processes; and automating rule re-certification, or at least finding a way to simplify it."

"The initial setup was complex. We have a big environment which contributed to the setup's complexity."

"The pricing is based on the number of endpoints and devices, and we have seen it range from mid-five figures to low six figures."

"I'm saving 20 man-hours a week, so I am seeing some ROI."

"Our evaluation showed that Tufin's features were on par with AlgoSec, but Tufin was the better financial choice."

"There is no issue with the pricing because we used a VM. That kept the cost low, as compared to an appliance."

"The price is on the cheaper side."

"Because we're quite a large company, the price wasn't too much of a factor for us."

"It's not that expensive, except for Security Groups. For us, just the Security Groups were about half of the total price. The total was about €500,000 a year, of which €200,000 was for Security Groups."

"Our licensing fees are approximately $100,000 USD yearly."

"We are seeing ROI in terms of having SecureApp."