Tufin Orchestration Suite Reviews

We are using SecureTrack and SecureChange to make policy changes.

For us, it's all the features that Tufin provides, including the 

• USP
• rule design
• documentation
• implementation
• auditing.

They're all important. We could not have one without the others.

In addition, it provides greater visibility, once the setup is configured correctly. It provides a real-time sense of how the policies are configured and whether there are any shadow rules. Another great thing is that it provides greater reporting based on how the rules have been set up.

There are at least two things that need improvement. One is the business workflow and the second is the integration with logging solutions.

The product is stable. Regardless of the software we are running, the current or the new one, it is stable.

The solution is scalable if we have to add more devices, more distinct resources, or also high availability. That's part of the solution. It's not like after-thought, it's there.

Tech support is very helpful. If there are any issues, we bring them to support and they get addressed immediately.

You should definitely be looking at this as in your top-two choices, before even considering any other solutions.

We are in the midst of a transition, going to a newer version. All the features which I talked about above, we want to implement them in a new production infrastructure. We are working with Tufin and Professional Services very closely, so we can enable it. There is the old way - the way we are using it - versus the way we want to. It is not there yet. 

Currently, it's not helping us meet compliance mandates, but the new way will definitely help us to meet them. In addition, once we go with the new way of doing things, the solution will ensure that security policy is followed across our entire hybrid network. At that point it will follow business practices.

A lot of the most valuable features have to do with the reporting and the cleanup of policy. With our day-to-day busy lives, we just want to get the change in and implement it, and that just increases rule base exponentially. From time to time you need to go back and find duplicate services, objects, rules, and cleanup. With a lot of the cleanup effort, I think the product helps out a lot.

Tracking changes is beneficial. We get alerted immediately who made the change, what change was made, and things like that. That's probably the most valuable.

It is important to keep up to date with the vendors you support. For example, Palo Alto, CheckPoint, Cisco, F5, and so on. They should make sure that Tufin supports the latest version of those products.

We upgraded to R80 two months ago, and our Tufin product hasn't been working. It's because there's no support for R80. We're hoping that Tufin supports R80 soon so we can start getting all the changes. If a vendor upgrades to a certain version, Tufin needs to provide support fairly quickly.

Also, our 20/20 vision is to be in the cloud wherever we can. Cloud first. If Tufin had any kind of management in the cloud, that's one less piece of hardware to manage in-house. Being in the cloud would definitely provide that extra missing feature.

We've had it for about 3 or 4 years now.

We have not had any stability issues at all. Upgrading has been simple, no issues at all.

It is scalable. We manage about 150 firewalls. There are no issues at all.

The support portal has been quick. I actually emailed them about R80 support, and they were really fast at letting me know that it's coming in mid-2016.

Along with a colleague of mine, I was involved in the decision to start using Tufin a few years ago. We compared it to AlgoSec and a couple other vendors. Tufin seemed to meet our requirements at the time. Before our renewal, we are looking to re-evaluate what all the vendors have to make sure we are getting the most out of the product.

It's a great product. It's pretty straightforward to use. It meets our needs and great support overall.

The ability to create out of the box reporting and to have real time awareness of the changes in our environment.

Our operations team will make firewall rule changes and I actually get an email telling me everything that's been done. The way that we have the two things set up it will actually link to the change control that they're doing the work under. I'm then able to review and say "okay, this is what they said they were going to do, this is what they actually did and it's done compliantly."

The reporting simplifies the ability to report towards the business about how our rules are being used so we can make sure the security is always optimally maintained.

We currently use it at the most fundamental levels. There are a lot of advanced features that we've investigated but the real core strength is for our compliance team to be able to pull the rule usage reports.

When we were an early adopter and there were things that were not there, Tufin was very anxious to understand what the need was and then figure out how to integrate it into the product

Over 5 years.

It's reaching the edge of stability since we're putting a very strong demand on it. The resources within it are starting to now be challenged. We haven't had any significant issues.

We've reached the capacity of the current system and we're looking to upgrade. We went from about 100 firewalls in Tufin to almost 300. We've tripled the demand on the same appliance, but we intentionally bought a large appliance so we could grow into it.

We've used technical support and they've always been excellent.

I deployed it. It was very easy. That was the one thing that we really appreciated about the product was the ease of deployment, the intuitive nature and that's what was one of it's strengths are. It came on an appliance, it was intuitive to deploy and it made it very beneficial.

When we selected we actually did a source selection analysis and from there we did a pilot with two of them

Regarding cloud solutions, it's going to be very interesting to do the security assessments with them.

We deployed the solution based on the preferences and needs of our clients. The solution was deployed on cloud and on-premises. However, it was primarily deployed on cloud.

The firewall security was very valuable.

The firewall management is complex for beginners, and the solution could be improved by including icons that provide insight into what they are and how they function. For example, the ability to understand what an icon does by hovering over it.

We have been using this solution for three months.

The solution is stable.

The solution is scalable.

We have had a good experience with customer service and support.

I rate the initial setup a seven out of ten. Deployment on cloud is done through a web platform, and deployment on-premises takes two to three days.

We implemented it in-house but got assistance from someone with hands-on experience with the product.

The licensing costs for this solution are decent for the services provided. From my perspective, the prices should be higher because the organization that often uses this solution is critical.

I rate this solution a ten out of ten. The solution is good, and no clients complained about it. Therefore, I recommend this solution for people seeking to use it, as they can never go wrong with it. However, for a beginner, it could be tricky to implement.

We're using this solution mainly to get some audit reports regarding the policy installations on our firewalls. We aren't using any changes or other features, and we're not installing policies automatically. We're just using it to collect some log data like who installed something and what they did.

It's user-friendly. It's easy to understand menus on the web GUI. That's a good feature for us. I can say that it's doing what it's supposed to do. It also integrates well with other products like Check Point.

It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old. It would also be better if they had an SMS gateway integration. I would like to have some integrations with other products like Jira for change management and incident management.

I have been using Tufin for about three years.

Tufin is a stable product. We're not having any issues. Sometimes we do have problems with the product, but it wasn't related to Tufin. Sometimes when we had an upgrade on the firewall product itself, we encountered some problems.

It's a scalable product. We have about 50 gateways, and Tufin collects data from all of them. We also have a management server, and we've integrated two important classes of databases. We're only using three instances, and we're not having any issues.

Tufin support is good, and we managed to implement this solution by ourselves. But it would be better if some engineers from Tufin joined a session and did stuff together with us. That would have been much appreciated. I would expect them to organize the session and provide some support, at least in the beginning.

I also have AlgoSec, and it seems to be much more complicated. I would say that Tufin is much more compatible with Check Point firewalls. That was the main reason for choosing Tufin over AlgoSec.

The initial setup is complex. I didn't have any Linux knowledge in my past, but I could say Tufin support is good at it. When we need to get some support, they respond quickly. They explained everything to finalize issues regarding the installation.

We implemented this solution by ourselves. It took us one or two hours to install and deploy this solution.

The price is on the cheaper side. I'm not planning on adding additional resources, and I don't expect any additional costs.

Not before but after using tufin actively about a year, we have evaluated algosec as an alternative solution. It was also well designed alternative but it was not well integrated as tufin did with Checkpoint

There aren't many products like Tufin and AlgoSec. I think both products are good, but when people are using Check Point applications, we recommend Tufin.

On a scale from one to ten, I would give Tufin a ten.

We have a lot of ASA firewalls. We primarily use the product in order to lay down the rules and try to find out if there are any duplicate rules that need to be cleaned up, et cetera. It is mostly tasks like that.

The solution is very straightforward to use. It makes doing our work easy. The product is very good at helping us clean up rules.

We've found the stability to be quite good.

The solution is quite scalable.

The older version that we have doesn't support some newer firewall vendors. I'm not sure what the status of integration is right now on the latest version, however, it would be nice if they updated the older versions to allow for better integrations with firewalls. 

Sometimes the solution does take a bit of time to load. That said, it is a pretty old version, and that may be the main reason this is the case. It's possible that if we just upgraded to the latest version everything would go faster. 

Everybody wants to implement some kind of standard rules, however, it's difficult to standardize everything due to the fact that each company is unique. That said, if there was some sort of universal guide to ensuring firewall rules were compliant, that would be helpful. 

I've been using the solution for a year and a half to two years at this point. It's been a while. I've definitely used it over the last 12 months or so.

The stability has been good. I haven't experienced any bugs or glitches. It doesn't crash or freeze. The stability has been reliable in terms of performance.

I find the product to be easy to scale. Adding new firewalls is pretty straightforward and it handles the process well. If a company needs to expand and add more firewalls it shouldn't be a problem at all.

I would say six or seven people are using it and they're network operation people who have to deal with day-to-day firewall management, putting in new firewall rules, et cetera.

I've never had an opportunity to reach out to technical support. I can't speak to how knowledgeable or responsive they are. I have no experience.

The initial setup happened before my tenure with the company. I was not present when it was set up, and therefore I can't directly speak to my experiences with any implementation. I do not have a sense of if it was difficult or straightforward, and I can't say how long the deployment took. 

There is a bit of maintenance required, in terms of adding new rules, et cetera. We have individuals on staff that can handle that.

I don't have any issue with the pricing, however, I was not the purchaser. I can't speak to the exact cost for our company.

While I was using Tuffin, I did want to evaluate AlgoSec. I wanted to compare the two to see which was better. In the end, I've decided I would stick with this product.

We are just a customer and an end-user.

We are not using the most up-to-date version of the product. We are using one of the previous versions. I cannot at this time remember the version number, however, it was pretty old. We had a plan to upgrade, and then unfortunately ended up not doing that.

I'd rate the solution at a nine out of ten as it helps us do our work. We're mostly quite happy with its capabilities.

We are using Tufin to manage our multi-vendor firewall environment.

We are using the Secure Change workflow to request, asses, and implement Firewall requests. Secure Track is used from our Security and Audit department for regular policy reviews.

Due to the usage of Tufin, we reduced the manual effort during audits to a minimum. The central place to request Firewall Rule Changes supports our Operation teams in a multi-supplier environment on a daily basis.

The automated reporting on a regular basis is helping us to be compliant with legal requirements.

We would like to see granular user permissions on SecureTrack.

The topology should be made easier to configure.

I would like to see the setup of the Unified Security Policy simplified.

We have had no outages over the last six years, so this solution is very stable.

This solution is highly scalable.

Customer support reacts very fast. Due to the complexity, sometimes additional support levels need to get involved.

We did not use another solution prior to this one.

The initial setup was complex.

A mix of Tufin Professional Services and in-house.

We evaluated other options before choosing this solution.

I recommend getting Tufin Professional Services involved when implementing automation.

The primary use case is locking down the firewalls to Zero Trust and automating the risk assessments.

We use Tufin to clean up our firewall policies. It very easily shows us what is not used, so we can take it out. It shows us head counts as well, so if something is used once or twice a year, that might not be something we want to keep. Thus, we can have the conversation. We also like how it has a business owner of the firewall policy, so we'll be filling that in. So, those people will be involved ongoing with the approvals.

This solution has helped us meet our compliance mandates by providing visibility into firewall rules.

Today, we can check to see how our lockdowns have gone and what unusuals are still there. We have a long way to go, but we've done a lot already.

We were hit by the NotPetya attack. Therefore, our whole company and all its sites were down for several months. So, you don't have an attack like that and not need something like Tufin. Other companies can prevent these attacks, or at least slow them down, by having this type of a tool. We will never go back.

In the future, we will be using this solution to automatically check if a change request will violate any security policy rules.

1. Being able to see all the firewall rules in one place. 
2. Being able to query them. 
3. SecureChange will automate and put the rules into Remedy.

The visibility is incredible. It has never been there before.

The UI was a little clunky at the first. It was confusing. They are working on that. The new one is better.

We haven't really overburdened it yet. What we have has been very stable. There have been no issues that I have seen.

It seems very scalable.

We have 40 consultants and too many people.

The regular technical people seem okay when you put in a help call, and they do get back to you. We actually had a key issue, which was a bug, that the development team didn't want to fix. We escalated it, then it got fixed. So, the management level seems very responsive at least, but at a support level, they are just regular support people and not outstanding.

I asked our firewall team if they had the tools that they needed to do their job, and they said, "No."

We did not have a previous solution.

The initial setup was pretty straightforward. The problem was getting people to pay attention to it.

It is a lot of work to implement.

We used Tufin for the deployment.

We have not seen ROI yet. What we are going to see is fewer cyberattacks. When you have a multimillion dollar cyberattack, you don't care about three million dollars in a one time cost.

Engineers are spending less time on manual processes by weeks. Huge amounts of time have been saved.

Our licensing costs are three million total and then we pay for maintenance, which is an additional cost for three years.

We did a comparison of three products and Tufin was recommended at the time. We got quotes from Tufin and another product, and Tufin came in under.

I just talked to two people who switched to Tufin from another product. It seems to be the leader of the pack.

Tufin seems like a high quality product from a company that cares. It focuses on exactly what we need.

We would like to get to having Tufin make changes on firewall rules, but we are going to need help convincing our management of that we should be using Tufin to do that. It looks very promising, but we can't use it for that yet.

We haven't implemented the change workflow process yet.

While we didn't buy it for the solution’s cloud-native security features. I'm interested in that, but it is not in my mandate right now.

The product has been fabulous.