Tufin Orchestration Suite Reviews

It's mainly for the automation of policies.

The visibility is pretty good because it's a cross-vendor platform, so it provides visibility across different vendors.

We use this solution to automatically check if a change request will violate any security policy rules. We have a huge policy base, and we have certain compliancy requirements which we have to meet for the rules that we have. If we are planning to have a change in the policy base which could possibly violate the compliancy requirements, then we'd get the help of the tool to alert us in a way, which would make us aware of that.

It makes us aware when there will be any compliance violations possibly, and we can pro-actively prevent those violations from happening.

The automation because it is saving a lot of work, time, and effort required to do all of our manual work. The change impact analysis is pretty good, and with the automation, it takes care of a lot of things which we would be doing manually.

The change workflow process is flexible and customizable to some extent, but there is room for improvement. In some cases, we've found it difficult to get the exact thing which we were looking for. Then, we end up having to go and do the thing manually.

I would like them to have more focus on the whole compliance across the globe, like PCI DSS. These things keep on updating very frequently. If they can be on top of it and keep updating more frequently, getting more updates, that would be something good.

It's very stable. We haven't encountered any major issues, so it's pretty good.

It's pretty scalable. That's a good thing. 

Sometimes the technical support is able to help us quickly, and sometimes it just goes on for quite some time. Something complex or a new functionality requirement takes time, but if it's something simple, then they're pretty quick to resolve it. 

We didn't really do the deployment ourselves. So, it was someone else.

Tufin makes things a little easier. It lessens the amount of manual work which we have to do. It has a lot of benefits in terms of revenues, profits, employee costs, and operational costs. We have already seen return on investment.

The solution has helped us reduce the time it takes to make changes.

I also know that we evaluated AlgoSec.

I would suggest looking at not just the features and functionality which are specific to the environment which you are working in, but to be aware of the other features which the product has to offer. Because companies grow and things change, so it's always good to have at least a complete idea of what the product does and how it does it.

The way we've set up our policies are pretty unique in what they do, so there's not a lot of compare between them. But, historic is really important. We look at them and we say what is and what isn't important. We run through the compliance and the best practices. We're just starting to look at real usage and integration. That way, we would be able to say, "Okay, if this hasn't been used in a long time, maybe it's time to get rid of it." And we would be able to do our own cleanup because the tool will then tell us the value on long-term usage so we can take more advantage of it in real time.

We perform a lot of compares that show what was and what is now in our rule sets. In case there are issues or when somebody says, "Hey, this was working but now it doesn't," or, "Oh, I'm pretty sure that was in there and you must have removed it," we can validate those changes and go back in the history, say yes or no and do compares. There's a lot of new features that we're hoping to utilize, learn more about, and take advantage of. It's a timing thing and it's also education. We've been a Tufin customer for a long time and really like the product. We need to grow as much as the product is growing. 

There's tons of stuff in the product. The issue is more about what I don't know about it than what I am using it for. They definitely have kept up with the product and kept it moving forward. It looks like a really great partnership with Check Point and a lot of vendors. We're a Check Point shop, so it works very well.

We’ve asked them how to shorten the length of the change reports for global rules. They're going to try to allow us to select whether the global rule is reporting, or they're going to tell us how to do it a different way. We just brought it to their attention, so we're going to bring it to engineering. We’d like the reporting to be something similar to the reporting that Check Point puts out. There's some functionality that is very simple. I'll call it human reporting, such as a shared secret for a VPN change. Tufin does a really great job providing technical reporting, but it is unreadable to the average person. You look at it and think, "Yeah, I don't know what that did." We're asking Tufin to look at it, go over it with us, and say, "Is there a better way?" Either we're doing it wrong or they can improve the product to make it a little more usable, or at least readable.

It's been a very strong, reliable product.

As long as we keep up with the revisions, it's been very scalable. We just did another upgrade because we considered it a little slow. We were running an old version. Once we upgraded, it's been rock-solid. It's always been there, it's always been good.

We've been with Tufin for a long time. They’ve been very responsive to us. There was some changeover, and we have a new sales team. They called up, we had a meeting, and then, boom, we said, “Okay, let's schedule our upgrades.” That happened within two weeks.

The sales team so far has been great. We mentioned to them we're not educated enough on the product, they've already started talking to us about how to fix that. They're very responsive to our needs. It's a time and place issue, like anything. Unfortunately, we have to make the time and effort just as much as they have. They want to know when we want it. So they've been great for us, we've been very pleased with Tufin as a company.

They've been great. We have a good relationship with them and the product does a lot of things that we want. When I get challenged or it doesn't do what I want, it very easily could be me. I may be using it in the wrong fashion. 

We learned how to use it by just going and figuring it out ourselves. The way I'm doing a lot of things might not be the way they were designed to be done. But, as far response times from the company and everything else like that, I've been really pleased.

We've had it for a very long time. We've just been upgrading it as long as I've been with the company. It was in place before I joined the company.

At the moment, we’re not thinking of switching to another vendor. I know there's a couple of other monitoring solutions, like FireMon, or a couple of other systems that people have looked at.

Try it. It's a great relationship, but it's also a great product to work with.

The best feature is being able to query all our Check Point devices and certain other vendors like Fortinet as well. It can query and find unused rules and unused objects to clean things up for us.

I use reporting and assistance as a tool for cleanup. I would love to be able to get the newest version into our company and have it be used as a manager of not only Check Point but also the other vendors that we use. It looks like it's all there. - Fortinet, Palo Alto, some Cisco and other devices.

The fact that that we won't have to log into a Fortimaneger to manage Fortinet and then log into another to do Check Point, being able to log in straight to Tufin, build a rule and have it push it to the correct devices. That's huge and that's something that I really like about the new version.

We had some issues because of our unique configuration.

I can't say too much about scalability, simply because it was not scalable for our environment because we are using a splintered specialized version just for our company. The Tufin apliance just doesn't play well with that specialized version. But for the things that we do have that are general release, it's awesome. It takes a little bit of a fiddling around but again, we're on an older version. It works flawlessly.

Rating: because it's our unique older version, I'd give it a 6 or 7 but we only use it for reporting and cleanup. If we had the latest version, I'd easily give it an 8 or 9 because it can do so much more.

It’s the fact that before Tufin it wasn’t possible to manage firewall changes. We used emails.

Different departments can actually intervene at the same time on the same workflow and actually accelerate the job. Previously, we didn’t have that, so that’s a big thing.

• Previously, we couldn’t figure out a way to make our processes more efficient. With Tufin our goal is to automate this process. We haven’t achieved it yet but at least we have a vision.
• The fact that tickets can be dispatched automatically and analyzed prior to them being validated by the security teams.

We have some regressions from one burden to another. It was hard, so that’s definitely something we’re not happy with.

We have a PS module that we have been developing since we started working with Tufin. It was around two years ago and still isn’t finalized.

One of the things that I would like to see improved is the stability of the solution.

They do everything they can to reply as fast as they can but sometimes when problems are too complex, and they have to involve R&D, it can take quite a while to solve.

It was already deployed when I started working here, and it was a change for me, but it was straightforward. Most of the guided stuff was internal to the company. The architecture is not good but that’s got to do with the architecture on our side.

We also looked at AlgoSec, and it looks interesting especially the workflow parts which are more detailed.

We have a lot of ASA firewalls. We primarily use the product in order to lay down the rules and try to find out if there are any duplicate rules that need to be cleaned up, et cetera. It is mostly tasks like that.

The solution is very straightforward to use. It makes doing our work easy. The product is very good at helping us clean up rules.

We've found the stability to be quite good.

The solution is quite scalable.

The older version that we have doesn't support some newer firewall vendors. I'm not sure what the status of integration is right now on the latest version, however, it would be nice if they updated the older versions to allow for better integrations with firewalls. 

Sometimes the solution does take a bit of time to load. That said, it is a pretty old version, and that may be the main reason this is the case. It's possible that if we just upgraded to the latest version everything would go faster. 

Everybody wants to implement some kind of standard rules, however, it's difficult to standardize everything due to the fact that each company is unique. That said, if there was some sort of universal guide to ensuring firewall rules were compliant, that would be helpful. 

I've been using the solution for a year and a half to two years at this point. It's been a while. I've definitely used it over the last 12 months or so.

The stability has been good. I haven't experienced any bugs or glitches. It doesn't crash or freeze. The stability has been reliable in terms of performance.

I find the product to be easy to scale. Adding new firewalls is pretty straightforward and it handles the process well. If a company needs to expand and add more firewalls it shouldn't be a problem at all.

I would say six or seven people are using it and they're network operation people who have to deal with day-to-day firewall management, putting in new firewall rules, et cetera.

I've never had an opportunity to reach out to technical support. I can't speak to how knowledgeable or responsive they are. I have no experience.

The initial setup happened before my tenure with the company. I was not present when it was set up, and therefore I can't directly speak to my experiences with any implementation. I do not have a sense of if it was difficult or straightforward, and I can't say how long the deployment took. 

There is a bit of maintenance required, in terms of adding new rules, et cetera. We have individuals on staff that can handle that.

I don't have any issue with the pricing, however, I was not the purchaser. I can't speak to the exact cost for our company.

While I was using Tuffin, I did want to evaluate AlgoSec. I wanted to compare the two to see which was better. In the end, I've decided I would stick with this product.

We are just a customer and an end-user.

We are not using the most up-to-date version of the product. We are using one of the previous versions. I cannot at this time remember the version number, however, it was pretty old. We had a plan to upgrade, and then unfortunately ended up not doing that.

I'd rate the solution at a nine out of ten as it helps us do our work. We're mostly quite happy with its capabilities.

We use SecureTrack for tracking unused rules, tracking risky rules for compliance, and policy optimization, which I think is the best because you get duplicate objects and you get covered rules. I would say that trying to tune your policy and get rid of unused rules is the most valuable for us.

At the moment, we have not really found any other side benefits, but we will be implementing SecureChange which will then allow us to track changes. The topology feature will show us what devices in the pack need to be touched. Depending on the complexity of the routing and knowledge of the environment by the engineers, policies could be missed that need the rules. That particular aspect is going to help us a lot.

I’d like to see the application topology developed more. You have a database layer, a web-front end and other applications that, along with the policy rules, have a path that they need to take and they need to traverse several devices. That gives you almost like a network topology of the applications and I believe that you're going to be able to use that for compliance also. I can’t think of any other configurations I’d like to see right now. Nothing's perfect.

With change restrictions, we can't remediate things immediately, but Tufin gives us the information we need to then submit a change, to go ahead and clean up the policy.

We have not come across any stability issues. We support the platform, we support all of our platforms and that's the one that we've had to do the least amount of support for, but I can't speak for the other engineers.

I don't know how many devices we have in there but there hasn't been a problem. We have several business units with multiple devices across each business unit. I don't believe that I've come across a problem getting a large amount of devices in.

Tufin’s technical support engineers seemed to be knowledgeable and very helpful.

I helped import devices for a specific business unit I was supporting at the time. I found it to be very intuitive and not hard to use at all.

If you're in a large environment, a large enterprise, it's a good tool. It does certainly help with the workload. For the app team who are trying to develop the applications, it makes them more accountable for how it's supposed to work.

I find that he most valuable feature is actually optimizing my real firewalls. It shows me any issues. I track the change and it will tell me when it is actually going to affect any other rules or any other applications. That is the biggest feature.

Then the reporting functionality that comes along with it - for one change, this change what, when, etc. This is the main function that I will always be using, as well as positioning of the rules on the rule base and to optimize the firewall for me. Those are the best features and that is what sold me initially.

The thing I like about it is that it's real time, that's the biggest benefit. It helps me with everything that I need to do. Every time we want to make a change we put it in the system and it tells us, OK all good, or it tells you, these, this and this you have to fix. Have a look at it, send it to the service, they have a look at it, mediate, put it through again, and if it is clean it will go.

It prevents human error. That is the biggest benefit for me as you can load in as much high availability as you wish. Human error is always the thing that is hardest to get rid of as well because now the change team don't question any rule base that we are putting in because of the checks Tufin does prior to the change, so we know the impact is not going to impact anybody else. What the biggest problem was whenever we would change a rule before there was always the question, what is the small thing doing. Now I can do production changes during production time. Due to this, we have a seen a positive impact for the company, and that is what they wanted.

Small reactive. It is sometimes stuck or kind of jumps, but no actually business impact, but from an IT perspective, whatever we want we are getting on the fly.

It's not actually user intensive, so it does not hamper our power in any way.

It is expensive. It cost me about a million, which is quite expensive for us, but the benefit is worth it.

I used to have FireMon, and we changed it  because of their features. The main feature that made us change was SecureChange, and like I said when you do changes now, assist with the change that you are going to make to see if there is impact to the other, so this is what gives us this feature, now you can assess and say, will it have a problem? That is why it helps with the changes.

I'd definitely say go with Tufin as it's a brilliant solution. What is brilliant is the firewalls themselves. I'd check out CheckPoint as well to make sure that the solution meets your needs and works with your plans. It doesn't matter what CheckPoint plans you use, Tufin works with them all.

The most valuable function of Tufin is that it provides compliance tests on security devices. It gives us a great idea of what is going wrong and what we have to do to improve. Then, when we try to apply the solution to our policies, it provides us help in doing so. It tells us where to put our policy on both the front and back ends, as well as in the configuration files.

The usability and speed of the solution needs improvement. In our experience, it seems a little bit slow.

We've had it in place for more than a year now.

We've had no issues with deployment.

The stability of Tufin has been quite good for us. I have no complains about stability.

Honestly, I don't have too many devices running with Tufin, so we don't really have a need to scale much. But I do think that it needs improvement in the area of scalability.

In our experience, customer service is OK, but the product really doesn't need too much help. It works by itself and is quite stable.

In regards to technical support, we work with our partner's company, so we don't communicate directly with Tufin.

We co-operate with our partner's company, so we do not communicate directly with Tufin support.

The initial setup was straightforward.

The implementation was so simple we did it ourselves without too much help from our partner company, so I can say that it was easy for us to adopt the solution.

Fro my perspective, it's a solution that covered all our needs, so it was an easy choice. It was a bargain at the price point.

For us, it works, so why can't it work for you?