Tufin Orchestration Suite Reviews

The most valuable feature for us is SecureTrack. With it, we have rule documentation, change documentation, and the ability to create various reports. We can also enforce compliance with our security policy, as well as to define exceptions.

Another valuable feature is SecureChange, which enables us to have individual workflows. Individual workflows have to be followed step-by-step without skipping a step. That's the great thing that we can do with automation so that firewall administrators don't have to do so much manual, routine work.

There's an automatic compliance check. If you have an accessory test from A to B, the system will check the entire firewall infrastructure to see if it's possible immediately or not, and if it's not possible now, then the change will be started, and if it's a standard change, the standard change will be run more or less automatically, and it's not necessary to involve the technical team for a standard change.

The GUI is not really adaptable as you cannot configure it. The buttons are fixed and it's not really intuitive. It's good for selling training, but in daily work, it's not very easy for those who are new at it.

We've had no issues deploying it.

I think the stability is very good. We've had no issues with instability.

It scales from small network segments up to very, very big companies with thousands of firewalls.

Once I heard from a German Tufin guy something about enthusiastic support, and I thought he was crazy. But now, I think it's true. Even when there's standard support, I become nervous when I don't get feedback within one or two hours, even if the SLA says twenty-four hours. They're very responsive, and also very technical. Technically, they're quite good.

It depends, but mostly the initial setup is straightforward. Just install the operating system, take the appliance, install the software, and then connect all the devices you want to monitor, then you have the basis. Maybe it takes some effort to implement or to import unsupported devices, or defining generic devices and so on. But the standard installation is very straightforward and easy.

I don't evaluate other vendors every two weeks, but I've evaluated them before, and I think Tufin is quite a technically-leading solution. It's very robust and Tufin has focused on stability and topology. Correct topology is the main factor for authorization speed, and Tufin is the best.

We use SecureTrack to walk us through the implementations of our firewalls and for all our policy checks, complaint checks, and reporting and overview of our monitoring policies.

It's given us an easier workflow since we go through the different steps of network validation to make sure that the request coming from the user is technically sound and implementable. It also helps us with security validation, that is, compliance with company goals and so on. We've also added change management so that we're able to implement solutions at the at the optimal time.

I'd like to see automation of a number of steps. In particular, I think that the implementation and validation steps that we're currently doing manually should be automated. Even the input part at the beginning of our workflow could be automated with a link to our ITSM solution.

Deploying it has been without issues.

I have no instability issues at all. It’s working so well that I’m not worried about it.

We have a number of firewalls with no concerns about scalability.

I have had a number of discussions with mostly the sales team and some engineers on how to go ahead and implement some things. So technical support in that regard has been great.

I wasn’t involved because I wasn’t in with the company at that time. I was involved since April and we had some upgrades to perform. It was straightforward and we had no issues with it.

We've implemented with just our in-house team since the initial setup.

We looked at some other solutions at events, but they are not as advanced or complete as what you get from Tufin.

Give it a try.

We're able to generate reports to know what's going on with our rules, specifically expiration dates and PCI's, for our firewalls. It lets us know exactly what's happening.

When we make changes, we need to know exactly what's going on between each firewall and why a rule may pass or not pass between each. It would be good if Tufin gave us the ability to do this in a graphical way.

We have sixty firewalls, and sometimes the path between any two firewalls may have five rules. We need to know exactly what is going on and where we have to implement a rule. It's very complicated to do right now, and that's why we want to implement a security change.

We've had no issues with deployment.

We've had no issues with stability.

We've had no issues with scalability.

We need a vendor that has good, responsive support. Tufin support has been that.

We have a virtual firewall and when we ran our system, there was a problem with mismatched object rules. We called support to help us clean the firewall. The rep looked around and, after an hour-and-a-half, confirmed the problem. Then another five or six technicians analyzed our request and, after three or four days, released a fix for us.

We had no issues with the setup.

There may be a better product a year from now, but we're using Tufin now and we're satisfied with it. We'll use it until it doesn't do the job. It's a big deal changing firewall vendors, so we don't want to change unnecessarily.

The primary use case is data flow analysis.

We use Tufin to clean up our firewall policies of unused policies.

It gives our firewall administrators visibility into the total infrastructure.

The most valuable feature is troubleshooting.

I would like something that addresses security in the cloud.

The stability is bulletproof. 

It is extremely scalable. It really addresses the scale of a company's firewall footprint.

The technical support is excellent.

Our account manager and Tufin support have been a big help to us.

We were getting to the size where manual administration of firewalls did not make sense anymore.

The initial setup was straightforward, but time consuming.

This solution has helped us reduce the time it takes us to make changes. We have seen the reduction on the front end, when doing an analysis of the data flow.

We also considered AlgoSec.

I would recommend taking a look at the solution.

I use the solution daily and can see it anytime that I want. I find it invaluable in day-to-day management of firewall policy and policy changes.

This solution has sort of helped us to meet our compliance mandates.

The cloud-native security features will be more important in the future. I am just learning about them now.

I have not worked with SecureChange. I just took the SecureChange track, and from all of the exercises that we did, it seems like a very valuable tool after your firewall population reaches a certain density. If there are a certain number of firewalls, manual administration doesn't make sense anymore.

We have a better view of our compliance status. Most of our network is on-premise, so we don't have a cloud. We don't have a hybrid network, but it provides visibility for what we do have right now.

The USB is its most valuable feature. Inside of Tufin, we plan to leverage the USB in solutions.

The change workflow process is flexible and customizable.

It is very easy to use. We can get results back quickly.

I would like an improved reporting module which can be flexible (custom reports) and allow us to generate our own reports, because the data is already there.

It has been very stable since 2017. We haven't had any power problems. As far as hardware goes, it's been very stable. As for software, we found some bugs, but we're working with tech support to fix them, which is normal.

The scalability is very good. Hopefully, this year we are planning to add more entities with our custom platform. The more controller options would be something which will provide more flexibility.

The initial setup was very straightforward.

We used a boutique software with services at the time. For most of our onboarding, we did everything ourselves.

We also looked at AlgoSec and FireMon.

We did look at less expensive solutions than Tufin, but being a corporation, this solution made sense.

Our primary use case is configuration management and change management.

Tufin has improved my organization with its configuration management. It has tremendously improved operation's success and has made life easier. 

It has also increased the amount of gateways there, which has really helped us. Information is readily visible.

Tufin has ensured that the security policy is followed across our entire hybrid network in the way that it has given us what is in place now. We're trying to impose the security policies of the organization. There is still time to get in there.

• Configuration management
• Change management

I don't get the full visibility. There are a lot of improvements which can be done in terms of visibility.

We have had challenges implementing the change workflow process. We were trying to do and end-to-end automation part and standard services, like Active Directory, through a couple of customers and internal applications. We had challenges that we couldn't overcome, even with help. We are still trying to achieve this.

Change management is something which is currently difficult. It should work seamlessly, not have too many integration points. It should be simple.

Stability is good, so far it hasn't given us any trouble.

We've never really had the opportunity to check the scalability. Our company's growth at the moment is stagnant and normal.

Their customer service is better than it used to be.

We implemented through a consultant from Tufin, who was helpful.

We have seen ROI in operational aspects, in terms of how long it takes to resolve incidences which arise. 

I would rate it seven out of ten. I would recommend Tufin if someone is considering it.

We are still in the process of phasing it in to help us with our compliance mandates.

Firewall policy management over all firewalls from one single point. We browse policies, objects, and their usage. The report gives us an image of where risks are.

We now spend less time auditing rules with reports: 

1. The designer helps us in creating rules
2. It tells us what rule is missing and where to put it. 
3. The predefined reports are then sent to administrators.
4. It provides an exact image of how to improve security.

• The policy browser gives the ability to browse all firewalls from a single point. It's possible to see where an IP is inserted in rules. 
• The designer gives the ability to know where to add a rule, or if the rule is already in place. 
• The reports are personalized now and the cleanup is helpful for administrators.

It would be great to add a link to Visio to create shapes directly from Tufin, as it has the configuration. 

We're using it to write down policy changes. We have lots of jobs making firewall changes. We track down all of those in the reports and we can see what is going on. If something goes wrong, we can track down the latest changes and determine how to fix it.

We would like to use Tufin through the cloud. We don't want to keep the hardware or all those devices on premises, where we have to manage them and upgrade them. If we could use Tufin through the cloud, we could just tweak the firewalls, keep the changes, and then track them.

Right now, Tufin is on premises, which means we have to manage it, we have to upgrade it, and we have to take care of the devices. The infrastructure is not very critical for us, and we just need to use it, so we would prefer to use it through the cloud. Everything is in the cloud.

I have not found it to be slow at all. The speed is good. At first, we installed Tufin in one of our offices, but now we are using it everywhere.

Technical support has been good.