Tufin Orchestration Suite Reviews

We use it for advanced reporting and root analysis. In some cases for clients, we use it for root deployment. 

Some clients wanted to have more latitude with root deployment. Instead of deploying through us every time, they want to deploy a new root, making quick roots or small roots, like adding an object to a root. They now have the possibility to go direct.

It has helped our clients to meet their compliance mandates. They will ask us for evidence that we can provide them.

The analysis is the most valuable feature. People see it first and that is why they want in their enterprises, then they start explore the other features.

It provides a great visibility around the roots: Root implementing which can be done, roots that have changed, and what has been done. So, it's pretty useful when you have an audit going on. 

I would rate their reports as a four out of ten. I don't like the way that they are shown. It is too hard to export and send them to our clients.

We are switching to AlgoSec. It's a corporate decision. There's probably room for improvement. 

It is pretty stable. We have more issues with the VMs than with the software.

We have not had any issues with scalability. When we needed more power, we just added a new server, and that was straightforward. So, it is pretty scalable. 

I have not personally used Tufin's technical support.

The last time that we initialed setup, it was straightforward. 

If you want to install a new root automatically using the tool, the change impact analysis capabilities are useful.

We deployed it in-house. 

This solution helps us to reduce the time it takes to make changes (by 10 to 15 percent).

We are going to keep Tufin as is, but we are going to add AlgoSec. The prices are comparable. We have corporate pricing with AlgoSec. The ease of use of AlgoSec is one of the reasons why we considered using it.

You need a product like this, but look at difference solutions in the market. I would rate it a seven out of ten.

We do not use the product across our entire network. We do not use the cloud native security features.

In the future, we will use the solution to check if a change request will violate any security policy rules.

It can compare policy revisions side by side to see when you've made a change, and what the change is. It also lists the detail of the objects and policies. In other words, it has the ability to list all the policies as well as having side by side revisions.

I think we knew we needed to invest in the solutions because of a replacement we had to do last year. We had no other way of gathering the information. It wasn’t replacing anything.

I would like to be able to see the changes made on the software blades that Check Point has, such as URL filtering, IPS.

I’d like to see it work with F5. It's supposed to work and it doesn't. The problems we have with the F5 is what brings the rating down, because that was a big part of the reason we purchased it. If they fix the F5 issue, I’d probably rate it an 8 or a 9.

We have been using it for one year. When we first implemented Tufin, we were replacing firewalls that had been in place for so long, there was absolutely no way of migrating the policy over so we had to recreate it from scratch. We were able to use the information provided from Tufin to do that.

We’ve used the recording tools a little bit, but just for Check Points, not the F5s. They're helpful in a way. Sometimes it seems like they're giving you partial information, like it wants to give you some information that you've made a change to, but it's really hard to track down where that change actually was made. It’s more like configuration-level changes are difficult to read on the report.

We've had issues with using Tufin for the F5 load balancers. We can't get our information out of our F5s.

Using technical support was kind of cumbersome. They couldn't figure out what the problem was with the F5s. After they thought they found the problem, we set up another set of F5s. The problem that they thought was causing it, was no longer in place with the other set of F5s, but they didn't work either.

I was involved in the initial setup a year ago. It was straightforward. It was pretty easy to set up.

We weren’t comparing it to anybody else.

Keep in mind that you're only going to get the network security layer of the Check Point showing up on the recording. You're not going to get all of the software blades that come along with it. One of the things my manager was disappointed to find was that we weren't able to gather that information.

It allows us to use the compliance portion of it to do our compliance reports. It also allows us to do peer review on our changes when we do firewall pushes. Before we do our firewall pushes, we compare what changes we made during the staging process in the week. We go over them to make sure that nothing is going in that should not be going in. Also, we check each other's work to make sure nobody fat-fingered anything and gave somebody some crazy access to somewhere that shouldn't have been.

There should be a heck of a lot more benefits for us. The problem being we don't have the time or the training to do that. We just upgraded to 16.1. Now that we're on a supported version, we hope to get some training so that we can utilize the product a lot more than we currently are. It does exactly what we need it to do. I think with some tweaking and some more knowledge of the product, I think we'll get to where we need to be.

When we do our change reports, some of those reports come out at a thousand pages. We have to submit those to management. When they look at the report, they say, "Why is this report a thousand pages?" We found out that, when we do a global rule, it removes all the global rules and then re-adds all the global rules.

We're in a Provider-1 environment, we have four CMA's, we have 78 firewalls. That generates a huge report. Management looks at it and says, "This is useless. You should filter through x amount of pages to get to the meat."

From what we found out, they have an idea about how to fix it, but I don't think they really know what to fix.

We also have had challenges with the way it does certain functions. For example, the exceptions. I think a lot of it could be we're just not trained and don't have the knowledge of the system. And I think once we start getting in there and start using it more, that's when we’ll find little things that happen like the global policy injection and removal. Our biggest challenge now is we have new management. When we send them the reports, they're not really happy with the reporting structure of it.
Otherwise it does what we ask it to do. It's never been down, it's always reported everything that we needed to report. We never have challenges in that regards. But again, it's a lot of the reporting structure that is challenging for us right now.

We don't have a problem with it crashing at all. We've never had a problem with it crashing at all. It's always been functional.

I think it's been solid. It's always been there for us.

We have used support in the past. We use it mainly for compliance, for when we want something not to show up on a report.

They're constantly upgrading, they're constantly adding new things to it. That's a good sign. As the technology changes, they're on the forefront of it to get you those reports and use that technology in their new functionality. They just need to keep doing what they're doing.

It is an important application for controlling and monitoring firewall rules. It is useful for making and monitoring the changes.

Its price is reasonable, but it could be lower. 

It could have a more effective approach for creating and changing rules. It could provide advice or suggestions for a better understanding of rules and changing the rules. There should be suggestions for the rules that need to be changed to make them less risky.

I have been using this solution for eight months. We have recently done an upgrade, and we are using the latest version.

It is stable.

We have not been using it for a long time. So far, it is scalable for us. We have more or less ten people.

Their technical support is good.

We have worked with AlgoSec but in a restricted topology of the network. Both of these solutions are useful. It mainly comes down to the price. Even though Tufin is more costly, it has been more cost-effective for us, but it is not the same for all companies. It also depends on the integrator.

Its initial setup has medium complexity. It was not complex, but it was also not easy. We had some problems because it was a fresh installation.

Its price is reasonable, but it could be lower. It has been cost-effective for us. We have a contract for three years.

I would rate Tufin a nine out of ten. 

The primary use case is tickets.

Tufin has made handling firewall rule request tickets more centralized and easier to manage.

We have previously use Tufin to clean up our firewall policies, but we are not doing that currently.

The workloads are the most valuable feature right now, as it stands.

We find that the change workflow process is flexible and customizable. We change our workflow several times a year.

The visibility is good for the most part, but there are limitations to it. E.g., there is a lack of certain routing/networking protocols across all the vendors that they support.

The solution is not sophisticated enough for us to automatically check if a change request will violate any security policy rules.

Tufin's cloud-native security features are lacking in support.

I would like the application to have faster response times. E.g., the dashboard may take up to two minutes to load. Or, when we do the topology seating its two and a half hours. I would like to get those times down and increase the efficiency of the product there.

I would like more support for Juniper and Junos Space. I would like more of the features which are offered for other platforms being extended to the Juniper platform.

The USP needs improvement. It is pretty much not usable right now for us. It is all IP-based. The issue with that is we may have one subnet, but we have multiple things that would go in different zones all in that same subnet. Therefore, to use the USP, we would have to bring it out in tons of /32s, and it's not usable. Whereas, it would be far better if we could just put tags associated with IPs, then do USP based on tags.

In the sense of operating, the stability is good, but in the sense of performance efficiency, it is bad.

The scalability is bad.

We did not have a previous solution that we were using. We were looking to work towards improving the whole requesting of firewall policies.

We used a reseller for the deployment. Our experience was not that great, which has more to do with how our supply chain works and why we picked them. However, I don't ever really talk to them or hear from them.

We have seen ROI from the side of operations, and we'll probably get to more of that as time goes on. However it took a while to get to that point.

The solution has helped us reduce the time it takes us to make changes by at least a day.

It did reduce the time part of engineers manually spending time on processes from the aspect of manually having to go through the network and finding the path that a request would take to know where to put the rules. We have had some issues with topology, so not all of our tickets get that advantage. Probably 40 percent of them are that way, so that's why right now it is not as big of a gain.

We did consider other solutions.

Do proper research. Look at Tufin and all of the other products.

We have a better view of our compliance status. Most of our network is on-premise, so we don't have a cloud. We don't have a hybrid network, but it provides visibility for what we do have right now.

The USB is its most valuable feature. Inside of Tufin, we plan to leverage the USB in solutions.

The change workflow process is flexible and customizable.

It is very easy to use. We can get results back quickly.

I would like an improved reporting module which can be flexible (custom reports) and allow us to generate our own reports, because the data is already there.

It has been very stable since 2017. We haven't had any power problems. As far as hardware goes, it's been very stable. As for software, we found some bugs, but we're working with tech support to fix them, which is normal.

The scalability is very good. Hopefully, this year we are planning to add more entities with our custom platform. The more controller options would be something which will provide more flexibility.

The initial setup was very straightforward.

We used a boutique software with services at the time. For most of our onboarding, we did everything ourselves.

We also looked at AlgoSec and FireMon.

We did look at less expensive solutions than Tufin, but being a corporation, this solution made sense.

Our primary use case if for risk compliance. 

The change workflow process is flexible and customizable. 

It has helped us to meet our compliance mandates. We have some requirements that we need to provide more visibility on the risk levels of our firewall base, and Tufin helped us with that requirement. 

The USB is the most valuable feature for us. Inside of Tufin, we are planning to leverage the USB solution.

The visibility is excellent. We have a better view of our compliance status. 

I would like to see an improved reporting model that can be flexible for us to generate our own reports. The data is already there. 

It has been very stable since 2017. We haven't had any power problems. As far as hardware goes, it's been very stable. In the software, we found some bugs, but we're working with support to fix them.

Scalability is very good. We are planning to add more entities this year. 

Technical support is satisfactory at the moment. 

The initial setup was very straightforward. 

We did most of the onboarding ourselves. 

We also looked at AlgoSec. 

I was part of the decision-making process.

I would rate it an eight out of ten. It's very easy to use and you can get good results very quickly. 

We don't use the cloud native security features yet.

The primary use case is for firewall auditing. We use it for audit monitoring, login changes, and firewall changes. We are looking at automation, but not yet.

The product is good at auditing the changes that we make in our environment.

We use this solution to automatically check if a change request will violate any security policy rules. For example, if the engineer is making a change that hasn't been authorized, we will know about it.

The product streamlines our change management process. It assists us in reporting on some of the compliance for our auditing department. It helps us in managing the process and having some auditing capabilities.

• The reporting is its most valuable feature.
• The change impact analysis capabilities of this solution are good. 
• It is able to detect our changes, email, and alert us.

There are features that we haven't used, and we need to understand them first.

Product seems to be stable. We haven't had any outages yet.

I personally haven't called into support yet, but some of my peers have. They seem to get their questions resolved.

We previously had FireMon, but FireMon kept giving us inaccurate information and not up-to-date information. Therefore, we thought we would try out Tufin, which has provided us with the information that we needed.

There were some hiccups here and there with the initial setup, but we used Tufin's support to assist us with that.

We deployed it in-house.

On the shortlist was AlgoSec, which was the only one that we actually tested.

Tufin and AlgoSec were pretty much in the competitive price range, but this one provided us better integration into the Check Point environment.

Seriously Tufin for your final decision.