Tufin Orchestration Suite Reviews

The module we have used the most is SecureTrack. Our technicians use that for firewall audits and analysis. We use other drivers due to PCI regulations, so we have to have proper reporting compliance, change management, and network changes. Also in our road map is to implement secure change.

Based on the work our technician has done on it, I think it serves the purpose we brought it in for. The only issue we have had is that we have been working a long time, from the build and configuration, and we still have one issue that our Palo Alto devices are still not reporting correctly to Tufin and that needs to be resolved. I believe it’s a software compatibility issue, so it might require an update on our side. That’s still an outstanding issue. We have a known issue integrating Palo Alto, but if they have a roadmap with other customers we would love to know.

We've used it for almost a year.

Performance is good and any queries we run are smooth and straightforward. But we haven’t loaded too much on yet. There’s a lot of build still to come. For the basic purpose of what we are using it for, it’s pretty good.

They are knowledgeable and available. I've had no issues with professional services.

Exactly because we had no firewall analyzer or a compliance and reporting tool, we brought it in. We have business requirements like PCI, and we are yet to use it for reporting or secure change.

We just put it in to the rack, consoled in, and did the basic set up.

We did it ourselves. Just looked at the PDF.

When I did the self-service for licensing, I encountered some issues. Perhaps it’s because I didn’t know how many we had purchased before I had arrived, as it was sold through a WebEx.

Pretty good, very supportive, understanding and recognizing we need to move in a phased manner. They are definitely in it for the long term. Support and professional services, we will require going in to the future.

I have used Tufin for traffic analysis, to check the traffic hitting a specific rule, for rule consolidation and so on. It’s really helpful. For my usage, it's very good.

We would like to see historic reports for the device, for a policy, for rule consolidation, and for rule optimization.

Also, it's pretty slow for us. Just to run an analysis for a single rule, we need to wait at least five minutes.

We had a couple of stability issues before, when we were running on our old core. We used to not get the reports as we expected. The Tufin used to get disconnected from the device and just not provide the exact reports such as the hits on the rules.
Over the last year and a half, we upgraded twice, and right now it's pretty stable.

It has been scalable for our needs.

Technical support is really good. They're supportive.

We've been using AlgoSec as well for analysis. We use both Tufin and AlgoSec for our reports.

It's a good tool. We would need a view of all the tabs, for the analysis. If it's pretty fast, that should be good for us.

The first one is the policy analyzer to help the network facility to remove objects and the server needs an object, an appliance object.

For the first one, we were able to reduce the number of rules, and the signaling one is about the compliance. We have many security rules to define the flows between the security zones, so we put all the rules under 13, and then we can generate reports.

It needs more compatibility with older firewalls.

We have no issues.

We have 2000 employees, and it's been able to scale to meet our needs.

Very easy. We got the license, and we got all the roles and information from the firewall to generate reports.

Prior to implementing, you need to know the needs for each project. If you know the needs, you will probably meet expectations.

It supports failure operational processes of the administrator, which sometimes in small companies is difficult to do. This helps me in my job to help others free up time to do other, more important tasks.

The biggest and most important benefit is that it addresses the weaknesses of our internal customers. We can perform changes in real-time instead of having to wait for days or weeks. Of course, if there are compliance issues, we can see right away whether they have documentation that addresses the issues and we can then approach management with the solution.

It doesn't have cross-vendor support for solutions such as Barracuda.

We had no issues with deployment.

We haven't had to log any support cases, so I'd say that it's a stable solution. We haven't had any issues with stability.

Our Austrain customers are not big, so scalability from my point of view is not an issue. At the moment, we haven't come across any issues with scalability, so I'd say it's perfect in that regard.

We aren't in direct contact with technical support, but we could be if necessary. But I've heard my colleagues talk about how Tufin isn't as big a company as Check Point, so that if there's a problem, the entire company helps to find a solution.

I didn't perform the initial setup, but I don't think it was too complex. We have a lot of Check Point engineers and thy have an understanding of security solutions, so it was easy for them. We have all three Tufin solution, and I think SecureApp was the most challenging, but we have experience, so the setup was still not too difficult.

We implemented it with our in-house team.

We have a close relationship with people within Tufin, many of whom came from Check Point. We didn't think about going with another vendor.

Just try it out. You should perform Proof of Concept and you’ll be reaping the benefits and seeing it’s a good product.

Our primary use case is the policy request automation workflow.

Tufin saves a lot of time on the policy requests deployment. It enhances the SLA of the policy requests or changes and enhances the accuracy of the policy deployment.

I like the policy topology map, which allows us to visualize the picture of the security policy of the whole organization.

I would like to see the hardware specifications improved. The solution requires very high specifications of hardware platforms to run it. These high requirements are quite difficult to be acquired for users. 

I have been working with Tufin for the past three or four years.

Tufin performs very well.

Tufin is definitely scalable.

Technical support is very good when escalating questions with them.

Positive

The initial setup is straightforward and easy.

I think the pricing, comparatively, is good.

The functionality, roadmap, and technical support are important to most customers. It is important to consider the integration support with other security tools and compatibility. I would rate Tufin a eight out of ten.

Our customers use Tufin to manage multiple firewall access rules through a single console. We have done on-prem, public, and private deployments of this solution.

It provides very good reports. It can easily integrate with multiple firewalls, such as Cisco, Juniper, Palo Alto, and Checkpoint. 

We can push a policy from Tufin to a firewall, which is a very good feature. We can monitor all access rules and the operating system of a firewall.

Currently, we are able to monitor access rules and the operating system of a firewall. It would be great if we can also monitor the configuration of the firewall through Tufin.

I have been using this solution for the last three years.

It is very stable. It has good stability.

It has very good scalability.

Their technical support is good.

Its initial deployment is not very easy. It is a little bit complex. After the deployment, it is easy to work with it in the GUI. Its deployment takes at least two or three days.

Customers usually evaluate AlgoSec. 

I would advise others to go for it to manage firewalls from multiple brands in a single console.

I would rate Tufin a nine out of ten.

The primary use case of this solution is for monitoring, automation, policy orchestration, and security.

The most valuable feature is the monitoring. I quite enjoy the monitoring this solution provides. It allows administrators to visualize the traffic flow, and troubleshoot when necessary. It's a useful tool.

The interface is quite user-friendly and intuitive.

The cost of this solution should be improved.

They need to offer more support to vendors, such as Cisco, Checkpoint, Fortinet, and Forcepoint.

They have an API, but it needs more service on this.

While technical support is good, they could still improve.

I have been working with Tufin for one year.

It's a stable solution. There are some bugs that they are working on but that is common with any vendor.

They do mention that they don't support specific features from Nexus for some automation but it does actually work, although it is not listed as working.

Technical support is relatively good. They are not the best but they are good.

They could improve but they do respond with accurate responses.

The initial setup was straightforward. It was deployed in less than an hour.

The first time without training, it took an hour or so, but it was quite easy.

It's quite an expensive solution.

I would recommend this solution to others who are interested in using it.
I have not worked with any other vendors with this type of solution, for example, FireMon. I haven't worked with it. 

I would recommend it specifically to start with a secure track, which is a monitoring tool. Once the customer sees it, they want the solution. Afterward, for automation and secure change.

I would rate Tufin an eight out of ten.

We do firewall reviews on a quarterly basis.

It provides me great insight into my firewalls across my organization.

We are able to stay compliant with many of the regulations. 

The rules, as they change over time, are the most valuable feature.

Its capabilities help me grow trust back and have less in-depth experience to go faster.

It is very stable.

It is very scalable.

The technical support has been on point.

The previous solution was all manual.

There was some complexity during the initial setup, but otherwise, it was fairly straightforward.

I used a partner for the integration, who was very good to work with.

Our engineers are spending less time on manual processes: 20 to 30 hour plus.