Policy analysis is the product’s most valuable feature. It can pull out various rules that we need to work on, edit, update, and so on. It can identify rules that need to be moved, or need to be optimized.
Security Engineer at a financial services firm with 10,001+ employees
Policy analysis is the product’s most valuable feature.
What is most valuable?
How has it helped my organization?
Tufin analyzes tens of thousands of rules for us. Not all one firewall, but there's thousands and thousands of rules that Tufin analyzes.
Reporting is great. The only issues that we ever run into are with usage reports. You can run into things where something will have been modified and it ends up changed or something like that. Other than that, reporting is great.
What needs improvement?
The capabilities Tufin has for Check Point products are excellent. It'd be nice to get the same level of features that it does for Check Point up to par with Cisco, Palo Alto, and so on. There's a couple of things that are lacking. For example, on the Palo Alto side, if you're using a lot of layer 7 rules, there's very little visibility into that. When you run policy analysis, you're still only getting back source IP, dest IP, ports. It's not showing the URLs, all that kind of stuff. That's the main thing.
The only other thing I could see being improved would be regarding one bug. Once in a while when you save a policy analysis query and you click save, it goes back to the screen where it lists them all. Someone else's will be there, and it's somehow swapped them with another engineer who was saving something at the same time. It doesn't happen often, but when it does, it's annoying. Especially if you've just entered a whole lot of info into it.
I’m rating it an 8 because of a couple of those little nagging features, the little bugs. But by and large, it does the job that we need it to do at the moment. We're going into the new world of SecureChange. We'll see how that goes, too.
What do I think about the stability of the solution?
In our previous configuration, it would take a beating. It would take days to get certain reports out of the system. We've just purchased a whole bunch of new hardware, and Tufin’s been a lot more stable. I'm getting reports again very fast.
Buyer's Guide
Tufin Orchestration Suite
March 2025

Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
848,253 professionals have used our research since 2012.
What other advice do I have?
Based on looking at some of the other products out there, Tufin is definitely the leader of the pack. It's a good choice. Make sure you buy enough hardware, and make sure you know how you're going to use it. A lot of the features get very processor- and database-intensive, and you should have the proper gear to use it.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

VP of Engineering at Netanium
The key area is the automation that it allows in place of manual reviews.
Valuable Features:
The biggest thing is regarding the automation that it allows our customers to do at the end of the day so that they can go and scale their environment a lot more than they could in the past. I think that's really where it comes in. It's the process behind it which can be very painful and tedious. They help make it easier and it's pretty simple from that perspective. You can review compared to past policies.
It's a multi-stage process. When you first start using it, you can go based on rules and find a lot of things that you didn't know before automatically. Then over time, you can go and see points along time. See what's happened, what's changed and also make sure they're applying the appropriate policy.
Without Tufin it's a lot of manual reviews, and you'll miss things. Humans miss lots of things especially as rule bases get big.
Improvements to My Organization:
The integration with other parts of the system, so it a lot about process. If you have ticketing systems, other things that you're using can be helpful. For the really leading edge customers, they're able to integrate it with their other processes to the end users. The end users can be the ones requesting, saying, "I have this application and I need it to work this way." Take the technical out of it and make it a lot more business oriented so that's pretty powerful.
Room for Improvement:
It's still challenging in some cases to get it integrated with other systems. Anything that Tufin or any company can do over time to make that easier and easier is going to make it easier for the end customer. A lot of times with implementations, companies don't get using it we've seen. A lot of times, we'll go in and help them which is good. In the early stages, like any product sometimes it can be hard to start using it. Ways to make it super easy for somebody coming into the game could be useful. Then from our perspective, we've seen so many services go and come. So many applications go service based (software as a service) so they certainly have an opportunity there too to do some things.
I'd rate it an 8.
Scalability Issues:
We've been working with it for a long time and it's been good from that perspective. Again, we have a lot of customers. It's been really scalable. We've had some customers that are on a hundred gateways on it.
Initial Setup:
It's straightforward to set up but like anything, there can sometimes be an initial gap with usage. Get it set up, get it running and then it's the habit. Forming that habit for companies, like anything new, can be hard.
Other Solutions Considered:
The space is pretty targeted. AlgoSec and Firemon are certainly their direct competitors. Those are really the big three in the space.
Other Advice:
Criteria when selecting a vendor -I think it's looking at your current processes and where you'd like to be is really what it comes down to. If you're frustrated with the ways things are working, think about the way you'd like it to be and then see what product fits into that mindset for you.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Tufin Orchestration Suite
March 2025

Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
848,253 professionals have used our research since 2012.
Security Architect at a wholesaler/distributor with 5,001-10,000 employees
Identifies redundant rules that we're not aware of.
Valuable Features:
The ability for it to identify unused rules, and overlapping/redundant rules. If you had a more open rule at the top, but you put a more granular rule at the bottom, it would tell you that that granular rule wasn't needed because it was already covered by another rule. A lot of times you get multiple firewall admins who just go in and start adding stuff, and they're not always looking for what's already in place. It's redundant and they don't realize it.
So somebody could have added a rule but they couldn't find it, so they just went ahead and added access, and in the end, Tufin will identify it and say - you have rules that you don't need. When you're dealing with very large policies (hundreds - thousands of rules) it's a big advantage. Such as if you're dealing with firewalls that host 2000+ rules.
I used to use the reporting. It was able to at a glance tell me every rule that that particular IP address was given access.
Room for Improvement:
The ability to export the data outside of a PDF on some of the reports, I'm not sure that it can do that.
Scalability Issues:
It scaled for our needs.
Other Advice:
It fits in as part of the bigger picture. At the end of the day, I wish the firewall products themselves could do some of that stuff inherent to their own solution.
Make sure you understand the capabilities and use it for what it's intended. It's not going to tell you the intent of rules, it's not going to tell you if it's a good rule or is it a bad rule, but it's going to help you with firewall clean-up or redundancy. It doesn't help a firewall admin create a better rule.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Works
Improves visibility, saves time, and assists with compliance
Pros and Cons
- "The filtering of lots of criteria is very valuable."
- "I would like to see more configuration options on next-generation firewalls, defining possible standards for devices."
What is our primary use case?
We use this solution for recertifying connections, application-based automation, and compliance with regulations.
How has it helped my organization?
The workflows save time and speed up the authorization processes for applications. For network operators, it enhanced visibility. For application operators, it increased knowledge of dependencies and also provided them with impact awareness.
What is most valuable?
Before this solution, we used Excel sheets. This approach did not provide ways to filter the options for implementing changes. The filtering of lots of criteria is very valuable.
What needs improvement?
I would like to see more configuration options on next-generation firewalls, defining possible standards for devices.
For how long have I used the solution?
We have been using this solution for more than three years.
What do I think about the stability of the solution?
The tool is highly reliable.
What do I think about the scalability of the solution?
We have not run into limitations around scalability. Depending on the devices, it is better to have a sizing discussion with the sales engineer.
How are customer service and technical support?
In the beginning, we did not have a dedicated support handler and it caused some issues because the service requests were interrelated. When we later obtained a central contact in support, it improved the handling.
Which solution did I use previously and why did I switch?
Prior to this solution, we used Excel and firewall vendor consoles.
How was the initial setup?
The initial setup was fairly complex because of the agreement with the network provider.
What about the implementation team?
We implemented this solution in-house with the support of Tufin Professional Services.
What's my experience with pricing, setup cost, and licensing?
I suggest talking with Tufin about the flexibility of the pricing structure.
Which other solutions did I evaluate?
We did not perform our own evaluation. However, one of the daughter companies evaluated multiple products (Tufin, FireMon, and AlgoSec) and selected Tufin. We relied on their research.
What other advice do I have?
Implementing the tool is easy, but introducing the changes within the company can be challenging.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at a healthcare company with 1,001-5,000 employees
It can look at specific metrics across technologies. We would like the ability to correlate it with other toolsets
Valuable Features:
Policy management.
Improvements to My Organization:
It understands my need to make sure that there are specific metrics that we are looking at and with those seeing across our technologies, as opposed to just a vendor technology building reports. It's easier for us.
So far, with the asks that have been requested, we have been able to find the metrics we need.
Room for Improvement:
My suggestion would be to be able to correlate it with other toolsets, and not just have it contained in their own toolsets. I’d like to be able to extract it so it can be consumed by other tools, like a governance tool such as GRC2, Archer, and by algorithms. It should not be contained in their environment. Let them perform their functions, but allow me to absorb others and use other governing tool sets to take a look at your metrics.
I’m rating it a seven just because I don't think I'm using the tool at its full functionality yet. It's meeting my current needs, but I don't know what the future use cases would be. So I can't say it's a ten, yet, but I'm moving towards ten. So, I start with a five as I use its functionality as meeting my needs. It will grow, I have confidence.
Deployment Issues:
The speed is good. As we continue to upgrade the software, I've been keeping up to date. Every version that I install, I see some improvement on the speed actually. So far so good.
Stability Issues:
I haven't had any issues. Even though my interaction has not yet provided me with a full understanding of whether it's stable or not, I have been interacting with the tool enough to determine whether there are any stability issues.
Other Advice:
If the tool meets your needs, evaluation process wise, then you should make sure that you reap the benefits. It has a lot of functions, and a lot of benefits and features. Start using them all.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Network Security Engineer at a transportation company with 1,001-5,000 employees
We Chose Tufin for its Ease of Use, Customization, and Workflow.
Valuable Features
The most valuable feature is the ease of use. Creating workflows for users is very easy. It's also pretty straightforward to look at audits and compare policies.
Improvements to My Organization
Before Tufin, we had a very antiquated way of doing firewall requests. It was a terrible workflow system. Workflow was one of the main reasons we looked at Tufin, since it is really easy for users.
Room for Improvement
I would like to see more customization with the emails that go out, the UI, the things that I look at, and the things that I see when I log in. We mostly use SecureChange, and when I look at my tasks, I would like to have more customization to maybe add a column, for example.
Use of Solution
We deployed it well over a year ago - Tufin SecureChange and Tufin SecureTrack.
Stability Issues
There have been no stability issues whatsoever. It’s rock solid.
Scalability Issues
Right now, with what we're using it for, it has been scalable. We haven't had an issue with scalability at all. It's been able to keep up.
Customer Service and Technical Support
We had to work with technical support to get the certificate set up and get SSL initially configured. It went well.
Initial Setup
Putting it together and getting it up and running was a breeze.
Other Solutions Considered
The top two we looked at were AlgoSec and Tufin. We felt that Tufin was the leader in the space and we chose it because it was easy to use, very customizable, and it gave us every one of the requirements that we were looking for.
Other Advice
I would give it a nine out of ten. It’s been a great product so far. I'd just like some more customization.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Consulting Manager at a tech services company with 10,001+ employees
Ensures the security policy is followed across our entire hybrid network, but there are a lot of improvements which can be done in terms of visibility
Pros and Cons
- "Tufin has improved my organization with its configuration management. It has tremendously improved the operation's success and has made life easier."
- "I don't get the full visibility. There are a lot of improvements which can be done in terms of visibility."
What is our primary use case?
Our primary use case is configuration management and change management.
How has it helped my organization?
Tufin has improved my organization with its configuration management. It has tremendously improved operation's success and has made life easier.
It has also increased the amount of gateways there, which has really helped us. Information is readily visible.
Tufin has ensured that the security policy is followed across our entire hybrid network in the way that it has given us what is in place now. We're trying to impose the security policies of the organization. There is still time to get in there.
What is most valuable?
- Configuration management
- Change management
What needs improvement?
I don't get the full visibility. There are a lot of improvements which can be done in terms of visibility.
We have had challenges implementing the change workflow process. We were trying to do and end-to-end automation part and standard services, like Active Directory, through a couple of customers and internal applications. We had challenges that we couldn't overcome, even with help. We are still trying to achieve this.
Change management is something which is currently difficult. It should work seamlessly, not have too many integration points. It should be simple.
What do I think about the stability of the solution?
Stability is good, so far it hasn't given us any trouble.
What do I think about the scalability of the solution?
We've never really had the opportunity to check the scalability. Our company's growth at the moment is stagnant and normal.
How are customer service and technical support?
Their customer service is better than it used to be.
What about the implementation team?
We implemented through a consultant from Tufin, who was helpful.
What was our ROI?
We have seen ROI in operational aspects, in terms of how long it takes to resolve incidences which arise.
What other advice do I have?
I would rate it seven out of ten. I would recommend Tufin if someone is considering it.
We are still in the process of phasing it in to help us with our compliance mandates.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Manager, Information Security at Neustar
We are starting to use it more as a compliance tool as opposed to just for tracking changes and backups.
What is most valuable?
Tufin is invaluable for helping us keep track of things, providing us a method for checks and balances. We're a Tufin SecureTrack customer at this point, and the product serves multiple purposes when tracking changes. We’ve also starting using it as a compliance tool, utilizing its capacity to help us analyze policies. Overall, SecureTrack is a very easy tool to use, and it’s relatively fast. We've recently virtualized it, and from a performance aspect, it works great.
I think we're on Version 15 right now – almost the latest one. Moving from the appliance to the virtual platform was really simple, and from a performance standpoint, it was pretty much seamless.
How has it helped my organization?
We are starting to use it more as a compliance tool as opposed to just for tracking changes and backups. Because it tracks changes, SecureTrack maintains a complete CVS (Concurrent Versions System of all of the configurations of a lot of our systems. Because we're a multi vendor environment, it's not just Check Point. We have licenses for all of the different firewall vendors’ products and things like that.
What needs improvement?
With SecureTrack, I think it does what it needs to do, so I can't recommend any changes, although I would like to see additional vendors added to it (and I’ve already discussed that with Tufin). They already support F5 BIG-IP, so we've discussed possibly adding Citrix. And, although they support A10 for the Tufin Orchestration Suite, I’d like to see support for SecureTrack as well. Because they already have those plug-ins on the Orchestration Suite side, it doesn't mean that they can't have it on the SecureTrack side as well.
I do think some of the licensing can be simplified or made more flexible. Because we are multi-vendor, it would be nice to have a way to convert licenses from one product to another. For example, I’m phasing out all of my Juniper firewalls, and I want to turn them into Cisco. It would be nice to be able to detach licenses and re-attach them to different types of devices.
I also think that at some point they're going to have more integration on the SecureTrack side for some of the other switching and routing platforms – not just Cisco. They already support some of the Juniper routers and switches, and SRX from the firewall standpoint. I am not sure of where they're going to go with Pulse Secure.
What do I think about the stability of the solution?
No, we never had any stability issues because it's a browser-based tool. We've never had any problems with accessing the tool, and its performance is great.
What do I think about the scalability of the solution?
I think it's scalable for what we have today. If we were to move to Tufin Orchestration Suite, we would probably look at putting more distributive Tufin appliances out in different places because we are worldwide and have major data centers throughout the world. We would probably try to keep things localized.
How are customer service and technical support?
Tufin’s support is actually very good. In the early years, there was a support guy who we would always end up getting, so he kind of knew us personally. He was great at helping us jump on things, running all sorts of different SQL commands and similar processes in order to fix whatever upgrade issues we had. Tufin support has always been great.
Which solution did I use previously and why did I switch?
We relied on other logs and on open source tools. We used about five or six different tools for various functions, but we were able to consolidate by moving over to Tufin SecureTrack.
Which other solutions did I evaluate?
At the time, we did a bake-off between Tufin, AlgoSec, and FireMon. One of the main things was that Tufin was just simple. It was basically: rack it, stack, turn it on, IP it, start plugging things in, and it was ready to go. With some of the competitors we had to set up a Window server, buy a Windows license, expertise it, etc.
We're using Tufin OS, which is just Linux. For any customer who wants a solution that is quick to set up and just works, Tufin's the way to go.
What other advice do I have?
I really, really like the solution and we’ve been really happy with Tufin. Even though our Tufin sales rep recently changed, they've always been engaged with us. They hit us up pretty often to find out if there's anything that we need, or if there's anything that they can do to improve or even expand the use of their product.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Firewall Security ManagementPopular Comparisons
FireMon Security Manager
Skybox Security Suite
Palo Alto Networks Panorama
AWS Firewall Manager
Azure Firewall Manager
ManageEngine Firewall Analyzer
Cisco Defense Orchestrator
Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between AlgoSec and Tufin?
- Which lesser known firewall product has the best chance at unseating the market leaders?
- Comparing network security vendors and devices
- When should companies use SSL Inspection?
- When evaluating Firewall Security Management, what aspect do you think is the most important to look for?
- What are the most important features you would be looking for in a firewall?
- How do I estimate the required firewall throughput for my organization?
- What are the pros and cons of Tufin, AlgoSec and RedSeal?
- Tasks to Perform on Preventive Maintenance.
- Why is network segmentation important?