The SecureTrack and SecureChange features are the most valuable for us. SecureChange can work with different appliances. The integration between topology, security, and workflow is powerful, and the workforce capability to create a lot of different scenarios is great.
Security Solution Architect at a tech services company with 1,001-5,000 employees
The integration between topology, security, and workflow is powerful.
What is most valuable?
How has it helped my organization?
We use SecureChange because we have separate views to see those who are compliant with rules, those who are on probation, and the managers. The integration with our system is quite good, which is important because we have 5000 firewalls. Fortunately, we don't have a lot of rules but there are many people who can make and change rules. With this approach, Tufin has become a very powerful tool for us by creating an automatic implementation.
What needs improvement?
I would like to see a powerful integrator for automation in the environment.
What was my experience with deployment of the solution?
We haven't had any issues with deployment.
Buyer's Guide
Tufin Orchestration Suite
November 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
What do I think about the stability of the solution?
We've had stability issues because it's a heavy solution. It takes a long time to get up and running, and when we migrate releases, that's an issue.
What do I think about the scalability of the solution?
We've had no issues scaling it for our needs.
How are customer service and support?
Our experience with technical support has been mixed. Sometimes we've gotten prompt responses; sometimes we didn't. We're also very, very busy and it's difficult for anyone to find time to work with technical support. Our last trouble ticket took two months before they asked us if we were ready for a fix, but we were all busy!
How was the initial setup?
Implementation is complex now and the two-track environment is very stressful. I'd like the capability to put different rules within the appliance in order to manage the implementation.
What about the implementation team?
We implemented it ourselves.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Evangelist
Allows uses to compare the revisions of the devices, analyze the network and generate reports.
Valuable Features:
Tufin provides Unified Security Management across heterogeneous environments. This is one of the great features of Tufin. We could easily compare the revisions of the devices, analyze the network and generate reports.
Improvements to My Organization:
Before we started using this product, to resolve the network problems, it used to take a week or so. But once we started working with Tufin the problems are resolved in a day or two. And also, we can monitor different firewalls under a single GUI using Tufin.
Room for Improvement:
I think SecureApp could be improved because, many organizations who implement Tufin majorly use SecureTrack and SecureChange, SecureApp is rarely used basing on their requirement. SecureTrack and SecureChange have been updated a lot and I personally can't see any changes in further in these. So, I think SecureApp has scope in developing more.
Use of Solution:
3 months.
Stability Issues:
The best 10/10.
Scalability Issues:
10/10 They maintain good sessions in providing support
Initial Setup:
The initial setup is a straightforward, not that complex; just had a few Linux commands to setup the software part and of course there will be some physical effort in setting up hardware as well.
Implementation Team:
In-house.
ROI:
Above 100%.
Cost and Licensing Advice:
Nominal and market competitive.
Other Solutions Considered:
I couldn't find other products which have similar features as Tufin.
Other Advice:
Surely, I would recommend this product in implementing. If the organization has a large network and different firewalls/network devices; Tufin really helps a lot.
We are a Cyber Security Products and Services company. We resell Tufin products and provide Tufin technical services.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
Buyer's Guide
Tufin Orchestration Suite
November 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
Security Engineer at a insurance company with 201-500 employees
Every change is tracked down to the person and time
Pros and Cons
- "This solution has helped us meet our compliance mandates. Everything is all auditable. Every change is tracked down to the person and time."
- "We are using the visibility with notifications on every firewall change and what those changes were. We have visibility to see who is making the changes, and when."
- "With scalability, we are going to run into some issues. We have been talking about converting over to actual hardware as opposed to virtual. Therefore, I don't think we are scalable at this time, especially with the updates coming. I'm told that they're going to need a lot more horsepower to push them."
What is our primary use case?
The primary use case is automation.
We are using the latest version.
How has it helped my organization?
We find that the change workflow process is flexible and customizable. If we want to change approvers, that is very easy. If we wanted to add a step or get rid of a step, this is easily customizable.
We are using the visibility with notifications on every firewall change and what those changes were. We have visibility to see who is making the changes, and when. This is the biggest thing because we are underutilizing the product right now.
This solution has helped us meet our compliance mandates. Everything is all auditable. Every change is tracked down to the person and time.
What is most valuable?
The auditing is a valuable feature. We can be audited, because it has the ability for approvals to be set up and to put in policies. It is all automated.
For how long have I used the solution?
We bought it about a year ago, but we have been doing other projects. We haven't fully implemented it.
What do I think about the stability of the solution?
So far, the stability is good.
What do I think about the scalability of the solution?
With scalability, we are going to run into some issues. We have been talking about converting over to actual hardware as opposed to virtual. Therefore, I don't think we are scalable at this time, especially with the updates coming. I'm told that they're going to need a lot more horsepower to push them.
As far as scalability, it is great for adding network objects and so on.
How are customer service and technical support?
i have not talked to technical support.
As we start to dive in, I'll be reaching out to the customer success team.
How was the initial setup?
The initial setup was straightforward. We did it in three days.
What about the implementation team?
We used a reseller for the deployment. They were very good.
Which other solutions did I evaluate?
There was one other solution that we evaluated, but it didn't stack up. Tufin was the best solution.
What other advice do I have?
Everything is good right now.
Reach out to whoever does your implementation and support. Ask as many questions as you can and do research.
We haven't got to the point where we've used the solution to clean our firewall policies yet. That is the next phase.
This solution won't help us ensure that our security policy is followed across our entire hybrid network until the next stage.
We're not in the cloud.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Analyst at a government with 1,001-5,000 employees
We are able to design and monitor different rule sets in the three different domains that we control
Pros and Cons
- "Its ability to detect changes within our firewall."
- "I would like a better reporting feature and automatic alerting based upon rule changes."
What is our primary use case?
Our primary use case is firewall monitoring, rule changes, and logging.
How has it helped my organization?
The change work flow process is flexible and customizable. We found it pretty easy, particularly when we were implementing new rules and with our cleanup. We found that the rule change was fairly easy to implement.
It has allowed us to monitor rule changes. This way we know exactly what would happen behind the scenes in the event of an after-hours change.
What is most valuable?
Its ability to detect changes within our firewall.
What needs improvement?
We had some issues initially with the initial reporting and alerting system.
While the visibility was pretty good initially, we have had issues with configuring and reporting.
I would like a better reporting feature and automatic alerting based upon rule changes.
Our engineers still have plenty of manual processes to work with.
What do I think about the stability of the solution?
The product seems stable from when we implemented it at the time.
What do I think about the scalability of the solution?
We're pretty small scale, so I don't know how much larger it would go. We're about a 4,000 device network.
How are customer service and technical support?
I haven't interacted with the technical support.
How was the initial setup?
The initial setup was straightforward, but then it became complex due to our rule set.
What about the implementation team?
We used a reseller, who was fine to work with.
What was our ROI?
The solution has helped reduce the time it takes us to make changes. It helps make overall integrated changes immediately. It allows us to cut down at least a few hours in the week in regards to changes and monitoring.
What other advice do I have?
Really dig deep and understand your use cases, then what exactly you're looking for out of the solution.
It has allowed us to maintain particular rules in regards to CJIS and HIPAA compliance.
We have multiple networks connected to this solution. So, we are able to design and monitor different rule sets in the three different domains that we control.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at a non-tech company with 1,001-5,000 employees
I've been converting from ASAs to Check Point. I used Tufin to analyze all the rule bases to get rid of what I don't need, and create less permissive rules.
Valuable Features:
The Automatic Policy Generator is a valuable feature, because I've been converting from ASAs to Check Point. I used Tufin to analyze all the rule bases to get rid of what I don't need, and create less permissive rules.
I had only 300 rules, but I've been able to consolidate it down to 67. There was a lot of duplication, and they're all interface based.
I like the diff where I can actually compare configs: who changed it, when they changed it, the last time it was saved, what changes were made. I can also do that in SolarWinds, but Tufin just makes it a little easier for me. Some of the tools’ features that they have, they're a little bit more mature in the later versions. The version that I have uses the spider-like view, with just the branches everywhere. It actually shows the network connectivity and the traffic. The routes, basically. I actually like that, but what I don't like about it is that, on the ASAs, it didn't take into account the weighted security code: 100, 50, 90 and so on. On the ASAs, according to that security code, you can talk to less secure networks without actually hitting a firewall policy. But if you want to talk to more secure networks, you actually have to go through the policy. The policy is basically the ACLs are interface based.
Room for Improvement:
I'm really interested in seeing the real risk value. Firewall policy management was great, but it's not something that's critical for me because I'm a smaller organization. I don't have 500 or 1000 rules. I'm more interested in just being able to show risk.
Other Solutions Considered:
I've kind of lost a little bit of interest in it, to be honest. There's some other tools that are doing a little bit better. I like AlgoSec and I also like Skybox. I’d like to be able to incorporate my policy data into it and actually be able to see a risk score from end to end. Tufin was not doing that at the time that I purchased it. A true risk score allows you to see the impact of a sev 1 versus a sev 5. Most organizations do sev 4 and 5 patching. They hardly ever go back and do a sev 1 and 2. You can actually take that data, analyze it, put it into your infrastructure, consolidate it and look at your total risk score for a vulnerability. Tufin might be offering that now, but it's modularized and I don't have the budget for it at the moment. I already spent a half-million dollars, so it's a little out of my budget at this point.
I did like the SecureChange feature, and they were one of the first to actually offer that. It allows people to log into a webpage, and if they needed a firewall rule, they would actually submit the request through Tufin. Tufin would then compare it to the compliance policy that you manually build into Tufin. If it violated the policy, it would deny the request for you. It would allow you to make an exception for it because of x, whatever that reason may be.
Other Advice:
All the competitors have their niches. Not one of them does anything perfectly. If you're comparing these type of management products, you want to look at what you're really going to use it for.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Specialist at a financial services firm with 501-1,000 employees
It’s not a dangerous solution because we use it for looking at things and not for making changes.
Valuable Features
I use Tufin SecureTrack, which means I use it for looking at things and not for making changes. The value of it there is that, since I deal with Check Point policies a lot, I can use it to see what changes have been made to the policy since the last time I looked at it, because it may have been a couple of weeks since I last installed a policy or maybe somebody else has had their hand at it.
Tufin gives me a really easy way to graphically look at the policy, before and after changes are made, through two panes. As you drag around one pane, the other moves with it, and they resemble the Check Point dashboard view so it’s very familiar. You can easily spot all the differences and see what has changed in the policy to make sure there are not any mistakes and that nobody accidentally added a block edited any rule at the top of the policy—that’s probably happened to everybody, right?
I also use a feature where you can run a report on rule and object usage. This helps me spot rules or objects that aren’t really ever hit, so I can remove them from the database if they no longer exist.
Improvements to My Organization
Tufin is easy to use, which was really important for us. Also, it’s not a dangerous solution because we can’t make changes with it.
Room for Improvement
I'm running R77, and I'm concerned with how well it will work with R80, the new release of the operating system. R80 changes the way that the dashboard you use to manage the policy looks and operates, and we will have to see whether Tufin keeps up with that or not. Also, in the current R77, the various blades appear as different tabs in the interface and dashboard, and Tufin doesn't look at any of those tabs except the security policy. I'd like it to be able to look for changes in some of the other configurations. In R80, it's all tied together, but for now, it's in a separate panel. I don't currently have any way of using Tufin to audit what changes have been made to the web filtering configuration, for example.
Stability Issues
It's very stable.
Scalability Issues
I don't have a huge environment, but it doesn't seem to require a lot of horsepower. We're running it as a virtual machine, and that's working fine.
Customer Service and Technical Support
We haven’t needed technical support since we moved from a physical to a virtual world.
Initial Setup
It was straightforward. It’s been a few years, but I don’t recall any problems with setup.
Other Advice
I have no problems with Tufin, and it works great, but I would have to give it an eight out of ten. It’s just not as amazing as some of the other technologies I use, like Lancope StealthWatch. I wouldn’t tell anyone to stay away from it—It’s just a good idea to look at the competition and see what’s out there.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT-Security - Consulting (Licensing, Maintenance) at a tech consulting company with 501-1,000 employees
It addresses the weaknesses of our internal customers and we can perform changes in real-time.
Valuable Features
It supports failure operational processes of the administrator, which sometimes in small companies is difficult to do. This helps me in my job to help others free up time to do other, more important tasks.
Improvements to My Organization
The biggest and most important benefit is that it addresses the weaknesses of our internal customers. We can perform changes in real-time instead of having to wait for days or weeks. Of course, if there are compliance issues, we can see right away whether they have documentation that addresses the issues and we can then approach management with the solution.
Room for Improvement
It doesn't have cross-vendor support for solutions such as Barracuda.
Deployment Issues
We had no issues with deployment.
Stability Issues
We haven't had to log any support cases, so I'd say that it's a stable solution. We haven't had any issues with stability.
Scalability Issues
Our Austrain customers are not big, so scalability from my point of view is not an issue. At the moment, we haven't come across any issues with scalability, so I'd say it's perfect in that regard.
Customer Service and Technical Support
We aren't in direct contact with technical support, but we could be if necessary. But I've heard my colleagues talk about how Tufin isn't as big a company as Check Point, so that if there's a problem, the entire company helps to find a solution.
Initial Setup
I didn't perform the initial setup, but I don't think it was too complex. We have a lot of Check Point engineers and thy have an understanding of security solutions, so it was easy for them. We have all three Tufin solution, and I think SecureApp was the most challenging, but we have experience, so the setup was still not too difficult.
Implementation Team
We implemented it with our in-house team.
Other Solutions Considered
We have a close relationship with people within Tufin, many of whom came from Check Point. We didn't think about going with another vendor.
Other Advice
Just try it out. You should perform Proof of Concept and you’ll be reaping the benefits and seeing it’s a good product.
Disclosure: My company has a business relationship with this vendor other than being a customer: We're partners.
Security Operations Engineer at a hospitality company with 1,001-5,000 employees
I use it for traffic analysis, to check the traffic hitting a specific rule, for rule consolidation and so on.
Valuable Features
I have used Tufin for traffic analysis, to check the traffic hitting a specific rule, for rule consolidation and so on. It’s really helpful. For my usage, it's very good.
Room for Improvement
We would like to see historic reports for the device, for a policy, for rule consolidation, and for rule optimization.
Also, it's pretty slow for us. Just to run an analysis for a single rule, we need to wait at least five minutes.
Stability Issues
We had a couple of stability issues before, when we were running on our old core. We used to not get the reports as we expected. The Tufin used to get disconnected from the device and just not provide the exact reports such as the hits on the rules.
Over the last year and a half, we upgraded twice, and right now it's pretty stable.
Scalability Issues
It has been scalable for our needs.
Customer Service and Technical Support
Technical support is really good. They're supportive.
Other Solutions Considered
We've been using AlgoSec as well for analysis. We use both Tufin and AlgoSec for our reports.
Other Advice
It's a good tool. We would need a view of all the tabs, for the analysis. If it's pretty fast, that should be good for us.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
FireMon Security Manager
Skybox Security Suite
Palo Alto Networks Panorama
AWS Firewall Manager
Azure Firewall Manager
ManageEngine Firewall Analyzer
Cisco Defense Orchestrator
Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between AlgoSec and Tufin?
- Comparing network security vendors and devices
- When should companies use SSL Inspection?
- When evaluating Firewall Security Management, what aspect do you think is the most important to look for?
- What are the most important features you would be looking for in a firewall?
- How do I estimate the required firewall throughput for my organization?
- What are the pros and cons of Tufin, AlgoSec and RedSeal?
- Tasks to Perform on Preventive Maintenance.
- Why is network segmentation important?
- Can a router with automatically-created firewall access lists be considered a scrubbing center?