Tufin Orchestration Suite Reviews

We use both modules, SecureTrack and SecureChange. With Securetrack, we follow rules implementation and compliance; with SecureChange we manage the workflow of firewalls openings.

Thanks to Tufin we're able to manage the life cycle of rules and to keep logs of each firewall modification. Policies are also optimized using the tool.

Checkpoint and Cisco products are well implemented and managed. For Fortinet firewalls some features are not yet available.

In networks where the WAN is managed by a third party, some features may be missing if you're not able to have information about routing, ACL, etc

2 years.

Product is quite complete. The hard work concerned building a topology on the product base on reality of the network. Some workaround we do in reality may be hard to model using the tool. Topology is mandatory for SecureChange to work.

Product is stable and we've had no problems concerning stability, even if we're not able to have a clear view of the capacity of this tool. There is no reporting on capacity. For instance, there is no alarm.

No issue specifically, but for large networks several appliances are required to have a distributed architecture. Also, for SecureChange it's necessary to have a separate instance so the topology calculation has no impact on user interfaces.

Excellent, even if we have more contact with support team, customer service is always checking that everything is fine.

Excellent, the support and the post sales service is the best I ever had. They're always available and listen our concerns. Even some features required have been delivered a few weeks after the requirement.

We used another solution some years ago, but we switched, first of all, for performance and stability issues. The old solution was not able to handle the number of rules we can manage in our network.

The main setup subject will be to check what's the first need you want to answer. In our cases we want to manage our life cycle of rules and we work on it. Start small and grow up smoothly while you understand your network topology.

Vendor was quite good. This is a tool with which the need to understand your network is mandatory. You must have an in-house team to be fully operate this tool. This is also the easiest for support.

Our main ROI is to be more agile and flexible for rules lifecycle. We're able to answer faster with the same number of people.

Pricing is correct. You've got one or several appliances and pricing is not too high. After licensing is per firewall managed by the tool, so you can grow smoothly.

We did an evaluation of the different solutions on the market, and it was our vendor that recommend us the solution.

I recommend this solution. In our case, it was the missing part to be able to provide a better service to our clients.

The solution is predominantly used for managing firewall changes, policy changes, and understanding those aspects.

Most people use it for the basics, even though they could use it for a lot more.

The most valuable feature is being able to customize your own clarity to that aspect of change management.

Having better visibility of what is going on. If it gets out of control, you can keep it in your head no matter how smart your administrators are.

From what I have seen, it's user-friendly.

It's a bit clunky, but that may be because of different environments, and it is struggling to get the information. It's possible that the performance issue is because of the network and not the right architecture.

I would like to see anything that is graphical, as much graphical representation of things. Modeling, and what-ifs. It becomes more intuitive and allows you to close some of the gaps between drawing stakeholders in, for example. If they ask "Why are you spending so much money on this tool?"  or "Why are you doing this?", you can show them examples and it becomes more obvious.

I would like to see AI elements included with this solution. There is quite a lot of human element in understanding the consequences of change within the firewall environment, but they might benefit from more of an AI element as well.

I am a security architect and I have been involved with it periodically for approximately five years.

It's a reliable solution.

It's a scalable product. I have dealt with companies that are pretty sizeable, and it seems to handle it.

I personally have not contacted technical support, but the information that is available on their website is pretty useful, it's pretty good.

You need to allow a fair amount of time. That is the case for all firewall management tools.

It gives the appearance of being straightforward to get going but they need a bit of time particularly to do the sorting of the matrices for example.

When planning, people should estimate it then double it, just to make sure they get things right.

Price could always be better, but there are always consequences. Normally, there are other issues that come into play. For example, you pay more and expect to lean on the vendor more for the services and support.

I have recommended this solution from time to time and I would definitely recommend it to others.

I would rate Tufin a seven out of ten.

So far, the solution has been fantastic. The customer has been very happy with its capabilities overall. 

It works very well in an enterprise environment.

There aren't any gaps in its offering at this time. It's a very complete solution.

The reporting on offer is very good. Tufin makes nice reports.

Technical support has always been very helpful and responsive. 

The pricing could be a bit more competitive. If you compare it to, for example, AlgoSec, AlgoSec has better pricing.

The implementation could be a bit easier. 

I've been working with the solution for about a year or so at this point. It hasn't been too long. 

We've had to contact technical support a few times in the past. Their support is fantastic. They are very helpful and responsive. They are knowledgeable about the product. We are quite satisfied with the level of service we receive. 

I also work with Cisco devices.

We had some issues during the initial implementation. Our client had some devices that, for some reason, just weren't integrating. If they could look into issues that clients face at the outset, when the setup is happening, it would make the experience a lot easier to handle. They just seem to need to be able to handle more integrations with other devices. 

The pricing could be a bit better. It's definitely not the least expensive option. It would be ideal if the product pricing came down a bit so that it was more competitive. The clients would appreciate that a lot.

I'm currently looking at other solutions to compare Tufin to. I have done some comparisons between Tufin and AlgoSec and my takeaway from that is that AlgoSec is less expensive.

I would advise other organizations considering the solution to first be aware of what they want to achieve. As a company, you need to start there before you start choosing solutions. That way, you'll know if the solution will properly meet your expectations. Tufin has a few options as well. It's important to understand which would work best according to your requirements. 

I would rate the solution at a nine out of ten overall. We've been very please with the capabilities of the product and our clients have been happy. 

The primary use case is automation.

We are using the latest version.

We find that the change workflow process is flexible and customizable. If we want to change approvers, that is very easy. If we wanted to add a step or get rid of a step, this is easily customizable.

We are using the visibility with notifications on every firewall change and what those changes were. We have visibility to see who is making the changes, and when. This is the biggest thing because we are underutilizing the product right now.

This solution has helped us meet our compliance mandates. Everything is all auditable. Every change is tracked down to the person and time.

The auditing is a valuable feature. We can be audited, because it has the ability for approvals to be set up and to put in policies. It is all automated.

So far, the stability is good.

With scalability, we are going to run into some issues. We have been talking about converting over to actual hardware as opposed to virtual. Therefore, I don't think we are scalable at this time, especially with the updates coming. I'm told that they're going to need a lot more horsepower to push them. 

As far as scalability, it is great for adding network objects and so on.

i have not talked to technical support.

As we start to dive in, I'll be reaching out to the customer success team.

The initial setup was straightforward. We did it in three days.

We used a reseller for the deployment. They were very good.

There was one other solution that we evaluated, but it didn't stack up. Tufin was the best solution.

Everything is good right now.

Reach out to whoever does your implementation and support. Ask as many questions as you can and do research.

We haven't got to the point where we've used the solution to clean our firewall policies yet. That is the next phase.

This solution won't help us ensure that our security policy is followed across our entire hybrid network until the next stage.

We're not in the cloud.

Firewall policy management over all firewalls from one single point. We browse policies, objects, and their usage. The report gives us an image of where risks are.

We now spend less time auditing rules with reports: 

1. The designer helps us in creating rules
2. It tells us what rule is missing and where to put it. 
3. The predefined reports are then sent to administrators.
4. It provides an exact image of how to improve security.

• The policy browser gives the ability to browse all firewalls from a single point. It's possible to see where an IP is inserted in rules. 
• The designer gives the ability to know where to add a rule, or if the rule is already in place. 
• The reports are personalized now and the cleanup is helpful for administrators.

It would be great to add a link to Visio to create shapes directly from Tufin, as it has the configuration. 

From my perspective, I think that it’s hard to break it down to a single feature. The visibility it gives and the customizability it provides is invaluable and the change automation is the most powerful capability, at least for now. The application awareness component is a close second. As more organizations adopt this revolutionary way of visualizing enterprise connectivity, SecureApp will fundamentally change the way connectivity is provisioned and decommissioned.

The product suite itself brings together organizational units. So when you talk about operations, development, management and auditing, all of these organizations have their own interface and abilitie to understand what different parts of the company are doing.

I think Tufin is continuously moving towards broader support for other platforms. Including a significant focus on the cloud. This approach is critical to the model of normalizing policy management across the environment - regardless of platform.

We've used it for nearly eight years.

It's absolutely stable and this is why I always promote it. They have the finest set of coders and developers you can find.

The distributed architecture capabilities allows this solution to scale to anybody’s needs.

The support team is second to none. They have multiple offices in multiple countries. They're always available. I know the support teams and leaders personally and they are of great quality.

It’s very easy to get up and running. With anything that is so feature rich and customizable, the installations range from a couple of days to more complex with many days and script writing. It just depends.

Spend the time to evaluate all of the components of the Tufin suite. When you bundle different features together and you bundle components, you get a better price.

We often find customers that have purchased this product for a specific purpose and they limit its use to only that purpose. Do yourself a favor and really explore the entire product and maximize the features and functionality of what you have purchased.

Policy management.

A lot of policy is legacy. With SecureTrack, I can track the policy and find all the policies that we're not using. Basically, we create a process out of it and actually get rid of those legacy policies.

I don't have a real idea of how many policies we’ve found, but the outcome for that policy management is usually better for our file work because it runs much more smoothly because of less policy, less memory usage, and less CPU.

We try to make the file work much more efficient. We also do auditing for file work, such as who made changes on the file work. You can use it for accountability, if needed. 

We also use some of the compliance features. We define policy on what is compliant. If anyone tries to create certain stuff that is not compliant, we get notified. I haven't fully utilized Tufin yet and I'm working toward that area. Hopefully I can give it a higher rating as we explore more functions. We know the capability; we just need to get to that point. If we reach that point, it'll be much better actually. We’re just not there yet.

We’re hoping to be able to share the data Tufin’s collecting with other platforms so they can be more integrated with those metrics, because the governance tool is where we create policy. And then using Tufin’s metric, we can actually know what kind of policy we can create. That would help out.

It's good. I haven't rebooted.

We are big, but we are only using a fraction of what Tufin is capable right now. I'm hoping that we can explore a lot more and then try to utilize more on Tufin because my big way to look at Tufin is this ability to gather all that data. If Tufin doesn't have that footprint, you won't get that data. So right now, I'm working on that.

For my current company, I inherited it.

I haven’t thought of using any other solution, so, I haven't looked at other solutions yet.

Let Tufin help you see what can be. Make the tool work for you and be creative.

You can't always use it in a certain way. There are many ways to use a tool. You just have to be creative on how you use the tool. Find holes and ways to use it.

Figure out how you use the tool, and then figure out if you can create a process out of it, so you are not only using it when you are free. You want to use it as a process because it has to be repeatable. If something is not repeatable, there's no way to improve the process.

If I'm going to find a policy right now and I don't repeat that process, those policies will continue to become legacy, so you have to repeat using the tool.

• The ability to compare the old policy and the new policies is real handy.
• The topology view is really good. 
• You can kind of see where the flows are coming and how they're working.

I come more from the WAN space as opposed to the security space, so I would obviously like to see Tufin integrate with Cisco routers. There's room for more integrations with other products.

I'm just kind of getting into it, so I don't think I have the full breadth of the product personally, but it is pretty usable.

It's been stable in our environment.

We haven't had any trouble scaling it. We have about 100 policies.
There haven’t been any issues with speed, as far as I can tell.