The multi-vendor support is very important for us. This is the most important feature because our system has integrations of software and hardware from many vendors. Tufin has also integrated well, supporting our system of multiple vendors.
Network System Architect / Technical Project Leader at a local government with 1,001-5,000 employees
The multi-vendor support is the most important feature because our system has integrations of software and hardware from many vendors. I think that it needs to be in the cloud.
What is most valuable?
How has it helped my organization?
Our company has a common policy that we need to ensure covers three different vendors we work with. Tufin helps us to manage this as it's where we've defined the common policy and also where we manage it.
What needs improvement?
I think that Tufin needs to be as-a-service, that is, in the cloud. The installation also needs to be easier. Additionally, with Tufin's business model, the licenses are quite expensive.
What was my experience with deployment of the solution?
It's hard to stay updated with the last version. That's really the main hurdle we have with our deployments of Tufin.
Buyer's Guide
Tufin Orchestration Suite
November 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
What do I think about the stability of the solution?
It's quite stable, but you always need to do updates. Staying updated has prevented instabilities.
What do I think about the scalability of the solution?
We don't have this issue because we only have four firewalls. It has scaled for our needs.
How was the initial setup?
The initial setup was straightforward and pretty easy.
What about the implementation team?
We implemented it ourselves with our in-house team. It was easy.
What was our ROI?
Sometimes it's very difficult to get the ideal revenue out of this tool. It's expensive.
What's my experience with pricing, setup cost, and licensing?
The licensing is expensive. Maybe for a big company, the price and the licensing is not a problem. For a small or medium company, though, it could be an issue.
Which other solutions did I evaluate?
We also looked at AlgoSec and FireMon.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network & Security Operations Manager at a retailer with 1,001-5,000 employees
It's a complete product, and we find the SecureTrack and SecureChange features to be most valuable to us.
What is most valuable?
We use both modules, SecureTrack and SecureChange. With Securetrack, we follow rules implementation and compliance; with SecureChange we manage the workflow of firewalls openings.
How has it helped my organization?
Thanks to Tufin we're able to manage the life cycle of rules and to keep logs of each firewall modification. Policies are also optimized using the tool.
What needs improvement?
Checkpoint and Cisco products are well implemented and managed. For Fortinet firewalls some features are not yet available.
In networks where the WAN is managed by a third party, some features may be missing if you're not able to have information about routing, ACL, etc
For how long have I used the solution?
2 years.
What was my experience with deployment of the solution?
Product is quite complete. The hard work concerned building a topology on the product base on reality of the network. Some workaround we do in reality may be hard to model using the tool. Topology is mandatory for SecureChange to work.
What do I think about the stability of the solution?
Product is stable and we've had no problems concerning stability, even if we're not able to have a clear view of the capacity of this tool. There is no reporting on capacity. For instance, there is no alarm.
What do I think about the scalability of the solution?
No issue specifically, but for large networks several appliances are required to have a distributed architecture. Also, for SecureChange it's necessary to have a separate instance so the topology calculation has no impact on user interfaces.
How are customer service and technical support?
Customer Service:
Excellent, even if we have more contact with support team, customer service is always checking that everything is fine.
Excellent, the support and the post sales service is the best I ever had. They're always available and listen our concerns. Even some features required have been delivered a few weeks after the requirement.
Which solution did I use previously and why did I switch?
We used another solution some years ago, but we switched, first of all, for performance and stability issues. The old solution was not able to handle the number of rules we can manage in our network.
How was the initial setup?
The main setup subject will be to check what's the first need you want to answer. In our cases we want to manage our life cycle of rules and we work on it. Start small and grow up smoothly while you understand your network topology.
What about the implementation team?
Vendor was quite good. This is a tool with which the need to understand your network is mandatory. You must have an in-house team to be fully operate this tool. This is also the easiest for support.
What was our ROI?
Our main ROI is to be more agile and flexible for rules lifecycle. We're able to answer faster with the same number of people.
What's my experience with pricing, setup cost, and licensing?
Pricing is correct. You've got one or several appliances and pricing is not too high. After licensing is per firewall managed by the tool, so you can grow smoothly.
Which other solutions did I evaluate?
We did an evaluation of the different solutions on the market, and it was our vendor that recommend us the solution.
What other advice do I have?
I recommend this solution. In our case, it was the missing part to be able to provide a better service to our clients.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Tufin Orchestration Suite
November 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
Works
Improves visibility, saves time, and assists with compliance
Pros and Cons
- "The filtering of lots of criteria is very valuable."
- "I would like to see more configuration options on next-generation firewalls, defining possible standards for devices."
What is our primary use case?
We use this solution for recertifying connections, application-based automation, and compliance with regulations.
How has it helped my organization?
The workflows save time and speed up the authorization processes for applications. For network operators, it enhanced visibility. For application operators, it increased knowledge of dependencies and also provided them with impact awareness.
What is most valuable?
Before this solution, we used Excel sheets. This approach did not provide ways to filter the options for implementing changes. The filtering of lots of criteria is very valuable.
What needs improvement?
I would like to see more configuration options on next-generation firewalls, defining possible standards for devices.
For how long have I used the solution?
We have been using this solution for more than three years.
What do I think about the stability of the solution?
The tool is highly reliable.
What do I think about the scalability of the solution?
We have not run into limitations around scalability. Depending on the devices, it is better to have a sizing discussion with the sales engineer.
How are customer service and technical support?
In the beginning, we did not have a dedicated support handler and it caused some issues because the service requests were interrelated. When we later obtained a central contact in support, it improved the handling.
Which solution did I use previously and why did I switch?
Prior to this solution, we used Excel and firewall vendor consoles.
How was the initial setup?
The initial setup was fairly complex because of the agreement with the network provider.
What about the implementation team?
We implemented this solution in-house with the support of Tufin Professional Services.
What's my experience with pricing, setup cost, and licensing?
I suggest talking with Tufin about the flexibility of the pricing structure.
Which other solutions did I evaluate?
We did not perform our own evaluation. However, one of the daughter companies evaluated multiple products (Tufin, FireMon, and AlgoSec) and selected Tufin. We relied on their research.
What other advice do I have?
Implementing the tool is easy, but introducing the changes within the company can be challenging.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network/Security Engineer at a leisure / travel company with 51-200 employees
Firewall automation saves us hours of time, but the platform stability needs work
Pros and Cons
- "The change workflow process is flexible and customizable... If we have a firewall completed and we want to redo it, if we need to re-engineer a particular firewall and open a different destination, we can do that by creating a break-fix... That is one of its useful tools."
- "When it comes to web services, in my experience, Tomcat has always gone down; after a certain amount of load it breaks down and we have to get things restored again."
What is our primary use case?
We are doing firewall automation through Tufin.
How has it helped my organization?
In terms of the change impact analysis capabilities of this solution, we get a lot of CNR queues and it has saved a lot of time when making changes. And the analysis tells us that we have made a particular change and it sends out a lot of alerts. We can analyze them and do some auditing stuff as well with Tufin.
We have a lot of teams that do stuff in Tufin, management teams, auditing staff, and a team for implementation. So the time it saves us across that whole scenario is hard to pin down, but it has saved us a lot of hours in implementing the CNR queues, approximately 20 to 30 hours a week. That a big time savings.
The solution will automatically check if a change request will violate any security policy rules. We have an auditing staff using this feature within Tufin. If we have an open rule, it will send us an alert and we can see why this alert has been sent and take action on it.
Tufin helps us ensure that security policy is followed across our entire hybrid network. We can set up rules and policies for this and we can do a lot of auditing as a result.
What is most valuable?
The topology and the config backup that we see for devices are key features we get from Tufin.
The change workflow process is flexible and customizable. We went through a lot of difficulties while doing stuff, and it now provides a lot of flexibility while making changes. We can go back and implement the changes again and that is one of the things that is very flexible. If we have a firewall completed and we want to redo it, if we need to re-engineer a particular firewall and open a different destination, we can do that by creating a break-fix. A break-fix is one of the things that we can use to redo things on Tufin, itself. That is one of its useful tools.
Auditing is another good tool within Tufin. The automation stuff and searching of reports are good for auditing as well.
What needs improvement?
I have gone over compliance issues in Tufin, but compliance is one of the things which might not be that clear in Tufin. It just shows the configuration. That is one of the things they have to work on. It is one of the constraints, in my opinion.
The topology is good but they could work on it and get something better out of it.
If we talk about the complexity of getting more nodes over Tufin, Tomcat or web services become flat. This is one of the constraints that I have seen. The web services are not that stable. This has to be checked and taken care of.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
If you have a normal load in Tufin it works perfectly fine. But they need to work on the stability because if a certain amount of load is put in Tufin it just breaks downs, from what I've seen lately. That has to be taken care of. The parameters for the platform also matter in that situation, but if they can work on the stability, that would be great.
What do I think about the scalability of the solution?
The scalability is fine but when it comes to web services, in my experience, Tomcat has always gone down; after a certain amount of load it breaks down and we have to get things restored again. The scalability is perfectly fine but, performance-wise, they have to work on the platform or the base of Tufin to make it more robust. In a bad situation, if a lot of guys are logging in, it breaks down.
How are customer service and technical support?
Although I am in India, we have U.S. support. I haven't had any interactions directly with tech support, but one of my counterparts in the U.S. talks to them and sorts things out for us. I haven't had any discussions with them where I can analyze their work.
It was challenging at the time because we wanted to implement a lot of things which Tufin doesn't have as default. There was a lot of customization required and it took a lot of time - one or two months - to sort that out.
Which solution did I use previously and why did I switch?
We did not have a previous solution. We were moving towards automation and we wanted something that would save time in doing firewall queues and creating firewall rules. We were looking for a good tool and Tufin was one of them. It is a multipurpose tool that gives us topologies, and auditing and alerting.
How was the initial setup?
I don't think we had any issues installing it. That was not a problem. It is not that difficult but it is not easy either. The setup was normal and I wouldn't complain about it.
Our deployment took about ten to 15 days to get things onboarded. There were many other guys who were also involved in it and I don't remember entirely, but I think that's how long it took to onboard things.
The number of people involved in the deployment depends on the infrastructure and what kind of services you are looking for. If you're looking at server management, that would require one or two guys. If you're looking at onboarding of devices, you would need another one or two guys. For the auditing stuff, again, another one or two guys could do it. So for each of these areas, one or a maximum of two guys could handle it. Once you are done with onboarding, managing it takes two guys.
Regarding our implementation strategy, our primary motive was to get firewall automation in place. With that in mind, we worked to bring in all the devices and all the firewalls. Then we started talking about getting the different packages over to it and working to get the firewall automation done. There were a lot of things we had to do - it took months - when we had to bring in new patches or requests.
What about the implementation team?
It was Tufin only and one or two guys within our team. There was no third-party involved.
What was our ROI?
Firewall automation was one of the biggest concerns we had, and we have largely sorted that out with this tool. If we are saving hours, then we are saving money.
What's my experience with pricing, setup cost, and licensing?
I was involved with the pricing at the start. But then management took over that issue. In terms of affordability, this company is using it, so it seems they are fine with it. We just provide management with our requirements and it's their concern and responsibility to bring us what we need. Since we still have this solution, I think they are fine with it. But it's a management call.
What other advice do I have?
My advice would depend on what kind of implementation and what kind of environment you have. If you are looking for automation and auditing you should think about this solution. Talk to the technical guys at Tufin about how your environment works and can ask them about what they can do. If you are looking for automation you should look at Tufin.
Regarding Tufin's cloud-native security features, I am only familiar with their on-prem stuff. I haven't seen any of the cloud features on Tufin yet. I would really like to know what it will bring us at the end of the day.
We have three or four teams using it on different platforms and for different use cases, like auditing and alerting. On my team there are 25 guys using it. I don't have any idea how many guys on other teams are using it. Our security area is managing and maintaining it.
As engineers, we are certainly using it daily. I just made a scheduled change today through Tufin. We are certainly using it but I can't say what our plans are for it in the future.
I would rate Tufin at seven out of ten. The things that come to mind with this rating are the implementation of firewalls, the alerting and security. We can set out the security rules. I deducted three points because of the platform. I don't think that it has a stable platform. If there are 20 people and 22 need it, it will not be able to support us in that scenario. So that is a weak point. Stability and robustness are the things I'm looking for.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Security Engineer at a retailer with 1,001-5,000 employees
We like the side-by-side policy revision comparisons and the ability to list all policies. I’d like to see it work with F5.
Valuable Features
It can compare policy revisions side by side to see when you've made a change, and what the change is. It also lists the detail of the objects and policies. In other words, it has the ability to list all the policies as well as having side by side revisions.
Improvements to My Organization
I think we knew we needed to invest in the solutions because of a replacement we had to do last year. We had no other way of gathering the information. It wasn’t replacing anything.
Room for Improvement
I would like to be able to see the changes made on the software blades that Check Point has, such as URL filtering, IPS.
I’d like to see it work with F5. It's supposed to work and it doesn't. The problems we have with the F5 is what brings the rating down, because that was a big part of the reason we purchased it. If they fix the F5 issue, I’d probably rate it an 8 or a 9.
Use of Solution
We have been using it for one year. When we first implemented Tufin, we were replacing firewalls that had been in place for so long, there was absolutely no way of migrating the policy over so we had to recreate it from scratch. We were able to use the information provided from Tufin to do that.
We’ve used the recording tools a little bit, but just for Check Points, not the F5s. They're helpful in a way. Sometimes it seems like they're giving you partial information, like it wants to give you some information that you've made a change to, but it's really hard to track down where that change actually was made. It’s more like configuration-level changes are difficult to read on the report.
Deployment Issues
We've had issues with using Tufin for the F5 load balancers. We can't get our information out of our F5s.
Customer Service and Technical Support
Using technical support was kind of cumbersome. They couldn't figure out what the problem was with the F5s. After they thought they found the problem, we set up another set of F5s. The problem that they thought was causing it, was no longer in place with the other set of F5s, but they didn't work either.
Initial Setup
I was involved in the initial setup a year ago. It was straightforward. It was pretty easy to set up.
Other Solutions Considered
We weren’t comparing it to anybody else.
Other Advice
Keep in mind that you're only going to get the network security layer of the Check Point showing up on the recording. You're not going to get all of the software blades that come along with it. One of the things my manager was disappointed to find was that we weren't able to gather that information.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Advisor Security Architect at a comms service provider with 10,001+ employees
Tufin Lets Us Clean Up the Rule Base Quickly and Remove Unused Rules.
Valuable Features
Tufin has helped us a lot. It lets us clean up the rule base in a short period of time and remove unused rules. Tufin provides you a report on rules for this that lets you delete objects that are obsolete and no longer needed in the rule base. If you don't use a tool like Tufin, this is done manually and may take days, because for every object, before you delete it, you have to make sure that it is not being used by someone else.
Improvements to My Organization
From a security point of view, Tufin can provide the posture of your environment, meaning whether your rule base is secure or not. It will analyze the file rule base, tell you if the service you enabled is secure, and give you some advice how to deal with the situation.
Room for Improvement
I want Tufin to be used by my entire team, but due to a lack of training and lack of resources, we are not able to do that. I would like to see more training videos that can be distributed to my team in order to really take advantage of the product.
Use of Solution
We have been using it for about 3 years now.
Stability Issues
I find it very stable. We haven't had any big issues since we started using it. Issues we have had have mostly been related to new features being added that weren’t supported by the device. In those scenarios, we submit the case to Tufin and they tell us about the new release.
Scalability Issues
We are a big company and I can say that we are not using the product in its fullest capacity. We have a different type of policy because we are using different vendors and different technologies, and while we have some issues with the juniper devices, it has absolutely been scalable.
Customer Service and Technical Support
Tech support has been fine. Right now I have an ongoing case and there is a delay, but it mostly comes from me because I took time to respond and they are telling me other ways that I know.
Other Solutions Considered
I implemented FireMon three years ago for a customer because the customer specifically requested it. I found it very hard to put in place. I wasn’t a part of the Tufin implementation, but in terms of the product itself, Tufin is easier to use.
Other Advice
I would give Tufin an 8 out of ten because some vendors own multi-contexts, and there are challenges supporting these devices. We are having issues with the Juniper device, for example.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IT Security Engineer at a energy/utilities company with 1,001-5,000 employees
Gives you the ability see what changes have been made and who made them, as well as pinpoint what has changed.
Valuable Features
Tufin gives you the ability see what changes have been made and who made them, as well as pinpoint what has changed so if there is an issue you can easily review it. I also like that if there is a new request that's coming in, you have the ability to compare the request with what is already in the system so you don't have to go into the firewall rules to try to figure it out. You can just do a comparison between different policies.
Improvements to My Organization
We use reports a lot for cleaning up, which is part of our regulatory requirement. You need to review the policies for any old reports, used objects or used services. That's basically what draws the purchase of this product.
I also like the product’s ability to reduce security risks. Being able to do some of the compliance checks has been very good for us.
Room for Improvement
The ability to search could be improved, and it would be helpful to be able to display more than a hundred results on a search or share when you do the workflow with multiple people at the user level on your same team. If you have a team of three people each one should be able to see each other's request without having high-level access rights.
Also, the workflow is very rigid. It's not very easy to manipulate. The graphical interface needs to be a little more user-friendly. You need to be able to move objects around to make a nice display. Right now, if you select an object, it just sits there and everything goes sequentially. I want to be able to move objects around to make the interface more presentable in the way you would normally code something. That's a big concern, because we've gotten several complaints.
Use of Solution
We have used Tufin for at least seven years.
Stability Issues
We haven’t had any problems, except for some licensing issues a long time ago.
Scalability Issues
For what we do we haven't seen any performance issues so far.
Customer Service and Technical Support
Technical support has been good. We've had different engineers help us out and they've all been very helpful.
Other Solutions Considered
We compared Tufin to AlgoSec. At that time, we felt that what Tufin had in terms of their workflow and the option to transfer over our existing workflow was more flexible. It was a hard decision. One of the other reasons we picked Tufin up versus AlgoSec was the responsiveness of the people we were working with. They understood the company and our relationship, and we felt that it would be easier to have the ear of the company if we needed customization. They did the changes that we requested, which made life easier. We felt that if we were to go with AlgoSec, it would be a lot harder.
We closed the deal after they made a change to DNS lookup. Objects need to be created on our DNS system before they’re populated, and you didn’t have a way to validate your IP with a host name at that time.
Other Advice
If I had to rate it one to ten, I’d give it a nine, since there’s room for improvement, even though they’ve been doing a lot of improvements over the years. I would also say that if you buy the product make use of it. There are more features available than you always realize, so a lot of times you might try the harder way first because you are used to working that way. You might discover that your life can get a lot easier.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Network & Security Service Delivery Manager in Spain at a transportation company with 10,001+ employees
Depending on the kind of device, we can correlate information from both the device and from the client.
Valuable Features:
The most valuable feature for us is Tufin's versatility. Depending on the kind of device, we can correlate information from both the device and from the client. This is highly useful for us.
Improvements to My Organization:
Tufin's given us the ability to correlate between policy and firewall rules. We can even search for the correlations to determine violations and exceptions. Also, it's a solution where we can define our entire company's security policies.
Room for Improvement:
It needs better correlation so that it's easier to not have to look for information underneath all the data. So, even though the policy and firewalls are correlated, it's difficult to find them when we need to.
Deployment Issues:
We haven't had any issues with deployment. In fact, it was very easy to do.
Stability Issues:
We haven't had any issues with stability.
Scalability Issues:
We haven't had any issues with scalability.
Initial Setup:
The initial setup was not complex. It was fairly easy and straightforward.
Implementation Team:
We implemented it with our in-house team.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
FireMon Security Manager
Skybox Security Suite
Palo Alto Networks Panorama
AWS Firewall Manager
Azure Firewall Manager
ManageEngine Firewall Analyzer
Cisco Defense Orchestrator
Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between AlgoSec and Tufin?
- Comparing network security vendors and devices
- When should companies use SSL Inspection?
- When evaluating Firewall Security Management, what aspect do you think is the most important to look for?
- What are the most important features you would be looking for in a firewall?
- How do I estimate the required firewall throughput for my organization?
- What are the pros and cons of Tufin, AlgoSec and RedSeal?
- Tasks to Perform on Preventive Maintenance.
- Why is network segmentation important?
- Can a router with automatically-created firewall access lists be considered a scrubbing center?
Cool reviews & helpful