Policy analysis is the product’s most valuable feature. It can pull out various rules that we need to work on, edit, update, and so on. It can identify rules that need to be moved, or need to be optimized.
Security Engineer at a financial services firm with 10,001+ employees
Policy analysis is the product’s most valuable feature.
What is most valuable?
How has it helped my organization?
Tufin analyzes tens of thousands of rules for us. Not all one firewall, but there's thousands and thousands of rules that Tufin analyzes.
Reporting is great. The only issues that we ever run into are with usage reports. You can run into things where something will have been modified and it ends up changed or something like that. Other than that, reporting is great.
What needs improvement?
The capabilities Tufin has for Check Point products are excellent. It'd be nice to get the same level of features that it does for Check Point up to par with Cisco, Palo Alto, and so on. There's a couple of things that are lacking. For example, on the Palo Alto side, if you're using a lot of layer 7 rules, there's very little visibility into that. When you run policy analysis, you're still only getting back source IP, dest IP, ports. It's not showing the URLs, all that kind of stuff. That's the main thing.
The only other thing I could see being improved would be regarding one bug. Once in a while when you save a policy analysis query and you click save, it goes back to the screen where it lists them all. Someone else's will be there, and it's somehow swapped them with another engineer who was saving something at the same time. It doesn't happen often, but when it does, it's annoying. Especially if you've just entered a whole lot of info into it.
I’m rating it an 8 because of a couple of those little nagging features, the little bugs. But by and large, it does the job that we need it to do at the moment. We're going into the new world of SecureChange. We'll see how that goes, too.
What do I think about the stability of the solution?
In our previous configuration, it would take a beating. It would take days to get certain reports out of the system. We've just purchased a whole bunch of new hardware, and Tufin’s been a lot more stable. I'm getting reports again very fast.
Buyer's Guide
Tufin Orchestration Suite
November 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
What other advice do I have?
Based on looking at some of the other products out there, Tufin is definitely the leader of the pack. It's a good choice. Make sure you buy enough hardware, and make sure you know how you're going to use it. A lot of the features get very processor- and database-intensive, and you should have the proper gear to use it.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Security Engineer at a retailer with 10,001+ employees
The best feature is being able to query all our devices to find unused rules and objects and then clean them up.
Valuable Features:
The best feature is being able to query all our Check Point devices and certain other vendors like Fortinet as well. It can query and find unused rules and unused objects to clean things up for us.
I use reporting and assistance as a tool for cleanup. I would love to be able to get the newest version into our company and have it be used as a manager of not only Check Point but also the other vendors that we use. It looks like it's all there. - Fortinet, Palo Alto, some Cisco and other devices.
The fact that that we won't have to log into a Fortimaneger to manage Fortinet and then log into another to do Check Point, being able to log in straight to Tufin, build a rule and have it push it to the correct devices. That's huge and that's something that I really like about the new version.
Stability Issues:
We had some issues because of our unique configuration.
Scalability Issues:
I can't say too much about scalability, simply because it was not scalable for our environment because we are using a splintered specialized version just for our company. The Tufin apliance just doesn't play well with that specialized version. But for the things that we do have that are general release, it's awesome. It takes a little bit of a fiddling around but again, we're on an older version. It works flawlessly.
Other Advice:
Rating: because it's our unique older version, I'd give it a 6 or 7 but we only use it for reporting and cleanup. If we had the latest version, I'd easily give it an 8 or 9 because it can do so much more.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Tufin Orchestration Suite
November 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
Network Infrastructure Engineer at Ropes & Gray
Easy to set up and use with helpful alerting on rule changes
Pros and Cons
- "The most valuable feature is alerting, which lets me know when someone has made a change."
- "I would like to see visibility into the FW features like IPS/Content Filter policies, the same way it does for FW rules/policies."
What is our primary use case?
We use this solution for Firewall audit, compliance, and some automation.
How has it helped my organization?
Using Tufin makes it easy to visualize when investigating or auditing configs.
What is most valuable?
The most valuable feature is alerting, which lets me know when someone has made a change. When something stops working I can see what has been done and by whom.
This solution is easy to set up and use.
It is very easy to see what has changed when comparing two different revisions.
What needs improvement?
I would like to see visibility into the FW features like IPS/Content Filter policies, the same way it does for FW rules/policies.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Networking Engineer at a comms service provider with 1,001-5,000 employees
Handling firewall rule request tickets are more centralized and easier to manage, but its cloud-native security features are lacking in support
Pros and Cons
- "Tufin has made handling firewall rule request tickets more centralized and easier to manage."
- "I would like the application to have faster response times. E.g., the dashboard may take up to two minutes to load. Or, when we do the topology seating its two and a half hours. I would like to get those times down and increase the efficiency of the product there."
What is our primary use case?
The primary use case is tickets.
How has it helped my organization?
Tufin has made handling firewall rule request tickets more centralized and easier to manage.
We have previously use Tufin to clean up our firewall policies, but we are not doing that currently.
What is most valuable?
The workloads are the most valuable feature right now, as it stands.
We find that the change workflow process is flexible and customizable. We change our workflow several times a year.
What needs improvement?
The visibility is good for the most part, but there are limitations to it. E.g., there is a lack of certain routing/networking protocols across all the vendors that they support.
The solution is not sophisticated enough for us to automatically check if a change request will violate any security policy rules.
Tufin's cloud-native security features are lacking in support.
I would like the application to have faster response times. E.g., the dashboard may take up to two minutes to load. Or, when we do the topology seating its two and a half hours. I would like to get those times down and increase the efficiency of the product there.
I would like more support for Juniper and Junos Space. I would like more of the features which are offered for other platforms being extended to the Juniper platform.
The USP needs improvement. It is pretty much not usable right now for us. It is all IP-based. The issue with that is we may have one subnet, but we have multiple things that would go in different zones all in that same subnet. Therefore, to use the USP, we would have to bring it out in tons of /32s, and it's not usable. Whereas, it would be far better if we could just put tags associated with IPs, then do USP based on tags.
What do I think about the stability of the solution?
In the sense of operating, the stability is good, but in the sense of performance efficiency, it is bad.
What do I think about the scalability of the solution?
The scalability is bad.
Which solution did I use previously and why did I switch?
We did not have a previous solution that we were using. We were looking to work towards improving the whole requesting of firewall policies.
What about the implementation team?
We used a reseller for the deployment. Our experience was not that great, which has more to do with how our supply chain works and why we picked them. However, I don't ever really talk to them or hear from them.
What was our ROI?
We have seen ROI from the side of operations, and we'll probably get to more of that as time goes on. However it took a while to get to that point.
The solution has helped us reduce the time it takes us to make changes by at least a day.
It did reduce the time part of engineers manually spending time on processes from the aspect of manually having to go through the network and finding the path that a request would take to know where to put the rules. We have had some issues with topology, so not all of our tickets get that advantage. Probably 40 percent of them are that way, so that's why right now it is not as big of a gain.
Which other solutions did I evaluate?
We did consider other solutions.
What other advice do I have?
Do proper research. Look at Tufin and all of the other products.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Security at a insurance company with 1,001-5,000 employees
The product streamlines our change management process
Pros and Cons
- "The product streamlines our change management process."
- "The product is good at auditing the changes that we make in our environment."
- "There were some hiccups here and there with the initial setup."
What is our primary use case?
The primary use case is for firewall auditing. We use it for audit monitoring, login changes, and firewall changes. We are looking at automation, but not yet.
How has it helped my organization?
The product is good at auditing the changes that we make in our environment.
We use this solution to automatically check if a change request will violate any security policy rules. For example, if the engineer is making a change that hasn't been authorized, we will know about it.
The product streamlines our change management process. It assists us in reporting on some of the compliance for our auditing department. It helps us in managing the process and having some auditing capabilities.
What is most valuable?
- The reporting is its most valuable feature.
- The change impact analysis capabilities of this solution are good.
- It is able to detect our changes, email, and alert us.
What needs improvement?
There are features that we haven't used, and we need to understand them first.
What do I think about the stability of the solution?
Product seems to be stable. We haven't had any outages yet.
How are customer service and technical support?
I personally haven't called into support yet, but some of my peers have. They seem to get their questions resolved.
Which solution did I use previously and why did I switch?
We previously had FireMon, but FireMon kept giving us inaccurate information and not up-to-date information. Therefore, we thought we would try out Tufin, which has provided us with the information that we needed.
How was the initial setup?
There were some hiccups here and there with the initial setup, but we used Tufin's support to assist us with that.
What about the implementation team?
We deployed it in-house.
Which other solutions did I evaluate?
On the shortlist was AlgoSec, which was the only one that we actually tested.
Tufin and AlgoSec were pretty much in the competitive price range, but this one provided us better integration into the Check Point environment.
What other advice do I have?
Seriously Tufin for your final decision.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder at a tech services company
The product suite itself brings together organizational units. They can have their own interface and ability to understand what different parts of the company are doing.
What is most valuable?
From my perspective, I think that it’s hard to break it down to a single feature. The visibility it gives and the customizability it provides is invaluable and the change automation is the most powerful capability, at least for now. The application awareness component is a close second. As more organizations adopt this revolutionary way of visualizing enterprise connectivity, SecureApp will fundamentally change the way connectivity is provisioned and decommissioned.
How has it helped my organization?
The product suite itself brings together organizational units. So when you talk about operations, development, management and auditing, all of these organizations have their own interface and abilitie to understand what different parts of the company are doing.
What needs improvement?
I think Tufin is continuously moving towards broader support for other platforms. Including a significant focus on the cloud. This approach is critical to the model of normalizing policy management across the environment - regardless of platform.
For how long have I used the solution?
We've used it for nearly eight years.
What do I think about the stability of the solution?
It's absolutely stable and this is why I always promote it. They have the finest set of coders and developers you can find.
What do I think about the scalability of the solution?
The distributed architecture capabilities allows this solution to scale to anybody’s needs.
How is customer service and technical support?
The support team is second to none. They have multiple offices in multiple countries. They're always available. I know the support teams and leaders personally and they are of great quality.
How was the initial setup?
It’s very easy to get up and running. With anything that is so feature rich and customizable, the installations range from a couple of days to more complex with many days and script writing. It just depends.
What's my experience with pricing, setup cost, and licensing?
Spend the time to evaluate all of the components of the Tufin suite. When you bundle different features together and you bundle components, you get a better price.
What other advice do I have?
We often find customers that have purchased this product for a specific purpose and they limit its use to only that purpose. Do yourself a favor and really explore the entire product and maximize the features and functionality of what you have purchased.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: I used to work for Tufin. My current company is a Tufin Partner.
Security Architect at a healthcare company with 1,001-5,000 employees
Improved policy management. With SecureTrack, I can track the policy and find all the policies that we're not using.
Valuable Features:
Policy management.
Improvements to My Organization:
A lot of policy is legacy. With SecureTrack, I can track the policy and find all the policies that we're not using. Basically, we create a process out of it and actually get rid of those legacy policies.
I don't have a real idea of how many policies we’ve found, but the outcome for that policy management is usually better for our file work because it runs much more smoothly because of less policy, less memory usage, and less CPU.
We try to make the file work much more efficient. We also do auditing for file work, such as who made changes on the file work. You can use it for accountability, if needed.
We also use some of the compliance features. We define policy on what is compliant. If anyone tries to create certain stuff that is not compliant, we get notified. I haven't fully utilized Tufin yet and I'm working toward that area. Hopefully I can give it a higher rating as we explore more functions. We know the capability; we just need to get to that point. If we reach that point, it'll be much better actually. We’re just not there yet.
Room for Improvement:
We’re hoping to be able to share the data Tufin’s collecting with other platforms so they can be more integrated with those metrics, because the governance tool is where we create policy. And then using Tufin’s metric, we can actually know what kind of policy we can create. That would help out.
Stability Issues:
It's good. I haven't rebooted.
Scalability Issues:
We are big, but we are only using a fraction of what Tufin is capable right now. I'm hoping that we can explore a lot more and then try to utilize more on Tufin because my big way to look at Tufin is this ability to gather all that data. If Tufin doesn't have that footprint, you won't get that data. So right now, I'm working on that.
Initial Setup:
For my current company, I inherited it.
Other Solutions Considered:
I haven’t thought of using any other solution, so, I haven't looked at other solutions yet.
Other Advice:
Let Tufin help you see what can be. Make the tool work for you and be creative.
You can't always use it in a certain way. There are many ways to use a tool. You just have to be creative on how you use the tool. Find holes and ways to use it.
Figure out how you use the tool, and then figure out if you can create a process out of it, so you are not only using it when you are free. You want to use it as a process because it has to be repeatable. If something is not repeatable, there's no way to improve the process.
If I'm going to find a policy right now and I don't repeat that process, those policies will continue to become legacy, so you have to repeat using the tool.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Security Consultant at a tech services company with 1,001-5,000 employees
We use Tufin for oversight and revision control to avoid implementing rules that are against security policy documentation.
Valuable Features
We use Tufin for oversight and revision control to avoid implementing rules that are against security policy documentation, and also to correct any kind of issues or mistakes in policy changes.
It can be useful for comparing rule changes to create rules that are more efficient and more consistent.
Improvements to My Organization
We primarily use Tufin to alert us whenever a firewall policy change has occurred. We immediately get an email with a summary of what changed, the objects, any kinds of rules that were created, and so on. We can review that from our email client to see what the other admin changed and visually see if they did something that was against our standards, if it was just a poorly written rule or something like that.
Room for Improvement
It's asking a lot, but anytime they add stuff to the rule usage analysis or the policy generator - those things are amazing already as they are - we'd really like to leverage that for cleanup and so on. One of the biggest issues for an encroached application silo firewall is that the policies get super-complicated and cleanup is not only a hassle but can impact business.
I’d like to see the cleanup process be more efficient. That's my biggest headache and the biggest elephant in the room. When you have a policy that's got hundreds of rules, help me clean it up please: tell me what rules aren't used, tell me what rules are redundant, and tell me how I can simplify the rule base. I mean it does a lot of that today, but feel free to innovate there. Make it better.
Stability Issues
It has been stable. We pretty much just set it and forget it. It reaches out to us or, when we want to go consult it, we don't typically have any problems pulling it up.
Scalability Issues
It has scaled well for us. We probably have about a couple hundred firewalls feeding it information including rule usage and so on.
Customer Service and Technical Support
We haven't really had to use technical support. I think the only time we had to was during implementation. We have kind of a weird setup where we needed to split out syslog for rule usage analysis because we consolidated our syslog in one place. We said, "Hey, can you just have Tufin pull from that?" Support helped us with that.
Implementation Team
Implementation was easy. The previous solution we had didn't really work. We brought Tufin in, got it working, and rolled it right out.
Other Solutions Considered
I was involved in the implementation, not so much in the vendor selection. Of course, I knew about Tufin, its reputation and so on, so I was not opposed to it at all.
Other Advice
I’m rating the product a nine just because I’m stingy with my tens.
Tufin delivers on everything that we've asked them. For a similar use case, they're solid and you're not going to have any kind of surprises or issues that are going to crop up from what I've seen. As an administrator rolling something out and having it work the first time, that's pretty much all you can ask for.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
FireMon Security Manager
Skybox Security Suite
Palo Alto Networks Panorama
AWS Firewall Manager
Azure Firewall Manager
ManageEngine Firewall Analyzer
Cisco Defense Orchestrator
Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between AlgoSec and Tufin?
- Comparing network security vendors and devices
- When should companies use SSL Inspection?
- When evaluating Firewall Security Management, what aspect do you think is the most important to look for?
- What are the most important features you would be looking for in a firewall?
- How do I estimate the required firewall throughput for my organization?
- What are the pros and cons of Tufin, AlgoSec and RedSeal?
- Tasks to Perform on Preventive Maintenance.
- Why is network segmentation important?
- Can a router with automatically-created firewall access lists be considered a scrubbing center?
So many words - so little substance...
I can continue to explain to you why you are wrong (and why an audit license does not constitute as a customer - read what I wrote again about installing the product *on your network* - so you can attest to scalability, reliability etc.) but I realize it will fall on deaf ears.
Let's let the readers of this community be the judge.
Over and out...