Try our new research platform with insights from 80,000+ expert users

Tufin Orchestration Suite Valuable Features

NetworkEccd3 - PeerSpot reviewer
Network Engineer Lead at a energy/utilities company with 10,001+ employees

The ability to write reports to figure out what ports and services are allowed into specific zones. For instance, we know that there are certain devices which are only allowed to have interactive remote access into an electronic security perimeter (ESP). We've written reports which can tell us if someone inadvertently opened something up that shouldn't have been, then we can pull it out. Now that we are using SecureChange, it can alert us to that fact as the rules are being built, which is huge for us.

The visibility is huge. In order to figure out what was going on previously, we would have to pull stuff out of firewalls and put them in spreadsheets, then do sorts. Now, it's all right there in Tufin. We can write reports to look for what we need, ad hoc searches to find object groups, and know which firewalls are on. This was almost impossible to do previously.

It makes it a whole lot easier for rule clean up because we can find rules that haven't been used. We can find rules that are too broad and pull those out, putting more specific rules in, which could be done before but this cuts the time way down to do it.

View full review »
Amroy Lumban Gaol - PeerSpot reviewer
Information Security Engineer at a financial services firm with 10,001+ employees

The solution's most valuable features are its security policy and steps for deployment. 

The solution is flexible and easier to integrate in a Layer 2 environment. Other solutions such as AlgoSec and Skybox have Layer 2 speakers but are complicated to implement.

View full review »
Jordan Kolimeczkow - PeerSpot reviewer
Networking and IT Services Monitoring Manager at Energa SA

It's a great tool for checking compliance of network device configurations against our company's rules and industry standards like NIST 2.0.

It made us look at security policies more holistically, from the perspective of the entire network across all our devices.

View full review »
Buyer's Guide
Tufin Orchestration Suite
November 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
NetworkS2695 - PeerSpot reviewer
Network Security Operations at a insurance company with 10,001+ employees

The central repository of information provides a consistent way of doing things, eventually shortening the time period to make changes. This is the most valuable thing at this point in time. 

I'm very happy with the visibility component. It gives us a reasonable insight into the most of the application flows. Obviously, most east-west application flows are missing from what we have. That is a component which we will need to eventually fill in the gaps.

Between the cloud and physical data centers, we definitely share Tufin policies. That definitely gives us visibility into both.

View full review »
ManagerOc5c3 - PeerSpot reviewer
Manager of Security Engineering at Global Payments Inc.

It is a great solution. If you have all the devices and firewalls in place, the amount of details that you get along with the network topology is very good.

If we had the budget and money, the SecureChange is really great. What you can do and where you can push everything from one console. You can create a change and do the whole automation: create the change, implement the change, and close the change. Right now, I have to go to two, three, or four different consoles. Whereas if I had SecureChange, I could do everything in one place. From an auditing perspective, it becomes easy. Right now, I have to give a change ticket number, then show the auditor and tell them to search for that change ticket number in a different place. If everything is in one place, that makes your life easier.

The change workflow process is flexible and customizable.

View full review »
EJ
Manager at PG&E Corporation

Firewall rule processing and compliance are its most valuable features.

The visibility is good. Overall, I can see the rules and headcount.

The change workflow process is flexible and customizable. I made my own custom workflow.

View full review »
EA
Senior Network Engineer at a pharma/biotech company with 10,001+ employees

The most valuable feature is the ability to gather all of the firewall information without having to do it manually. It makes it much easier and saves time.

We use Tufin to clean up our firewall policies. By doing so, we don’t have a bloated firewall policy that can, in the end, cost more in terms of processor overhead.

View full review »
RL
Director at Visa Inc.

The rule provisioning is the most valuable feature. We had a ticketing system, like Remedy, which had a homegrown product. It would take your source destination port and do a bit of analysis, then give us a ticket with the spreadsheet. Then, we had to take the information from the spreadsheet and enter it into the firewall. Now, with Tufin, it identifies which firewalls, generates the rules, and you just apply them. It is a big time saver.

When it comes to searching our firewalls for things, I prefer the Policy Browser as opposed to going to the GUI. It seems just easier to search. I can start off with our Provider-1 for Check Point, search there, and get the information. Then, I can change the little drop down to say, "Okay, now go search Palo Alto." I don't have to change my search criteria, the platform pulls it right up.

View full review »
Security8043 - PeerSpot reviewer
Security Analyst at a retailer with 10,001+ employees

It provides a comprehensive overview of what our network looks like in terms of what is allowed and what is not, then how the traffic' is flowing with the Network Topology Map.

With the Unified Security Policy, the more you improve it, the more you will get out of it.

For the things that Tufin is able to work with, it is really great. It sort of provides a comprehensive view. It is easier to explain to people who don't really work with firewalls everyday:

  • Why this is an issue.
  • Why certain things are an issue.
  • Why some things are the way they are.
View full review »
JB
Security Consultant at a insurance company with 10,001+ employees

The most valuable feature of this solution is that it reduces both the time required and the number of errors when making changes. We reduced the time it takes to make a change from a week down to a few hours. It means that the business gets a faster turnaround time, and our group is not as much of an obstacle for getting things done. It reduced the change error, so there is a lot less manual work being done.

The automation provided by this solution has mostly eliminated the human error element.

The most powerful thing in Tufin is the ability to use the SecureChange API, where we can supplement our own functionality in addition to what is built-in.

View full review »
VT
Senior Network Engineer at Commercial Bank of Romania

The most valuable feature of Tufin is we have better visibility and management of our file infrastructure.

View full review »
BW
Change Manager at a pharma/biotech company with 10,001+ employees

One of the things that we really like is the ability to customize work flow. It seems like there are ways to make a workflow robust and capture multiple different types of things that you would want to do when you are maintaining a set of shop floor network firewall rules. These include things decommissioning a server and performing a common rule maintenance process, like a recertification process. 

The linkage between SecureTrack and SecureChange is nice. The way that you can identify a rule in SecureTrack that needs to be recertified, then create a ticket in SecureChange, which can essentially implement that, and complete the recertification process for workflow. This helps us keep organized, in a big way, a complex, large set of network firewall rules. Otherwise, there is no way for us to track who the business approver or owner is for each of those rules and when the last time each of the rules was looked at. In terms of keeping this set of rules clean, it goes a long way in helping with that.

I had been impressed with the depth of capabilities within SecureTrack, particularly, in terms of generating insights for a user and firewall operator. With SecureTrack, I've been impressed with the level of flexibility with workflow design and its ability to generate different work streams and flows through the tool that are customized for our organization processes.

One of the things that came up this week was the ability to decommission a server, which we thought was interesting. We had a workshop recently that talked about all the things that need to be thought about when managing firewalls. People said, "A lot of times, things get forgotten when you are decommissioning a server." E.g., making sure rules are taken away and taking out the rule set. The fact that there is an automated workload for that can be helpful.

From the training that I've done at the conference, I like the ability to visualize the network paths between different endpoints and servers. I thought that was cool.

I have been impressed with the range of capabilities. The ability to connect with other services and software solutions via APIs is very impressive. In terms of breadth of market coverage, that seems pretty robust.

View full review »
WT
CyberSecurity Supervisor at a energy/utilities company with 10,001+ employees

The most valuable feature is the ability to quickly identify where a rule needs to be put in place because right now we manage almost five hundred firewalls.

The visibility that this solution provides is great.

The workflow process is very customizable. I've played with it quite a bit in order to tailor it to our needs.

View full review »
MN
Works at Daimler AG

SecureChange Workflow: It is Firewall Admin Robot, which handles the ticket right from receiving until the implementing process with documenting all the approvals.

View full review »
AA
Infrastructure Engineer Specialist at a healthcare company with 10,001+ employees

The most valuable feature is the workflow.

Using this solution makes it easier to manage the firewall policy.

The reports that this solution provides are very useful. The report includes information about duplicate objects, duplicate services, shadowed firewall rules, and the firewall rules that have not been needed for a specified number of days or months. It sets my Check Point database.

View full review »
DH
Senior IT Analyst at Exelon Corporation

From our perspective, the most valuable features are the compliance and firewall reporting modules. Indirectly, we use Tufin to clean up our firewall policies. We run reports, and then use those reports to drive improvement in the firewall rules. The visibility into the Check Point firewall rules is a lot easier to look at using a Tufin report as opposed to a Check Point report.

This provides good visibility of our firewall rules. Using Check Point is a little cumbersome to get what you need, so with this solution, we’re able to filter through and better get the information.

View full review »
JF
Security Engineering at a financial services firm with 10,001+ employees

The reporting is very good and provides in-depth knowledge for Check Point. We can write the rules as we see them. We can review rules and do searches. It has its own database which pulls all the information in regularly. This is very nice, and it is a good product for us.

I like the change impact analysis. It tells you what is going on,so you can review what has changed. In case you have to go backwards, and say, “Oops, that wasn't supposed to happen. How do I go get it?”

View full review »
TL
Services Engineer at AccessIT Group
  • Cleanup
  • Visibility
  • Scalability

Cleanup is its most valuable feature. We use Tufin to cleanup our firewall policies. You can see unnecessary, unused objects. A lot of times, you will create a host, then it's not used. It's like, "Delete that, because we don't need that in the database." Or, it's a rule that is not needed: unused rules.

Its cloud-native security features are good. They add even more visibility to your environment.

View full review »
it_user335712 - PeerSpot reviewer
Senior Network Security Engineer at a retailer with 10,001+ employees

I am working in a DevOps environment. We are trying to automate firewall rules and allow Tufin to push these changes for us. Using SecureChange and SecureApp, it makes life easier for the user community and the firewall engineers by not having to manually input firewall rules. The DevOps environment allows the users to pick from a catalog and request what they need. SecureTrack gives us the audit capability of what is/was implemented.

To me, SecureTrack is the greatest thing since sliced bread, it allows you to see what is used and not used with your firewall, and gives extensive analysis in a very short period of time.

View full review »
reviewer1800321 - PeerSpot reviewer
Works at a media company with 10,001+ employees

We can check and analyze the current status of our firewall rules.

View full review »
NH
Firewall Architect at a financial services firm with 10,001+ employees

In general, the automation piece is the most valuable feature: having SecureChange make the change on the firewalls, instead of my having to go manually make the changes on the vendor product.

In terms of cleanup of our firewall policies, we don't officially use Tufin, but I, as an architect, do use the Automatic Policy Generator to review existing rules: high hit-count rules and open rules which aren't very secure. We use that to then build firewall rules which tighten up our firewall policy.

The change workflow process is flexible and customizable. We have had to edit and alter some of our workflow and it's pretty easy, pretty simple, pretty straightforward. We use Tufin support, their helpdesk, for that because we're a very new customer.

View full review »
Infrastra69d - PeerSpot reviewer
Infrastructure Analyst at a manufacturing company with 10,001+ employees

The most valuable features are the GUI interface and the API. 

We’ve found the change workflow process to be flexible and customizable. If it could not be customized then it would be very hard for us to make it work for our company.

View full review »
BS
Service Engineer at G2 Deployment Advisors

The APIs are the most valuable feature of this solution, as they facilitate integration with ServiceNow and other solutions. I'm a little biased because that's what I work with the most, but I have found, especially in comparison to other products I've interacted with, that the Tufin APIs are very well-documented. And the big thing about them is you can do pretty much anything with them that you can do in the UI. From what I've seen, the big focus of SecureChange, in particular, is automation. And you can't have automation - or complete automation - without the ability to interconnect with other systems. The APIs really assist with that.

All of the customers I have worked with who have the SecureChange product use the change request violation risk analysis in the workflows. It is usually the third step of every workflow that I configure. For example, we have an energy customer that has a particular team of people which deals with a given workflow if it has risks. They have Tufin set up to automatically run the risk reports and, in the next step, if the risk is considered low, it goes to one team; if it's considered medium, it goes to a different team. That really allows them to move their changes along without too much human intervention or too much delay.

The solution allows for the creation of custom policies, which is helpful for rule cleanup and USP.

The visibility is as good as I’ve seen in any network product. It also has its own firewall stuff for Cisco routers.

The support for cloud-native security is pretty good. We have a large customer that uses AWS and AssumeRole, and they have 200 or 300 AWS accounts. They are pretty satisfied with the solution.

Tufin also supports all sorts of devices, cloud or otherwise. I've definitely seen unified security policies applied to both cloud and regular devices. Cisco, Palo Alto, you name it.

View full review »
it_user340728 - PeerSpot reviewer
Principle Mbr. Tech. Staff at a comms service provider with 10,001+ employees

Functioning monitors (not just marketing hype) for most types of firewalls and firewall managers, overall stability, scalability (could be better, but the still best on the market), and the ease of performing OS and software updates.

View full review »
PM
Senior Network Engineer at a financial services firm with 10,001+ employees

The reports are very valuable. In terms of cleaning up firewall policies, we use Tufin to gather information in the reports. However, we don't automate Tufin to do the work. It's still done by a firewall engineer.

But the best feature for me is being able to look up objects within all of our policies, because we have a little over 12,000 rules and over 30,000 objects. When one person says, "Hey, where's my server?" I can just go to Tufin and say, "Hey, where is that server?" and very quickly it tells me where it is, what policy it's on. That is a life saver. Without that, I'd be a janitor.

The visibility it provides is also very good.

The change workload process is flexible and customizable. For example, we have it working with ServiceNow. When somebody requests to have a rule in place or requests a firewall, they will first go to ServiceNow and put all their information in. ServiceNow then sends that over to Tufin and Tufin does its magic - verifies the USPs and does the design. That part is simplified. However, there are little mechanics in between that could be a lot better.

We use the solution to automatically check if a change request would violate any security policies or rules. Our cyber team is on it as well. We comb through all the changes done for that rule and verify. Before we do a push, we verify that there was no compromise to our security posture.

View full review »
Dominic Salzmann - PeerSpot reviewer
Senior Manager - Network-& Systems-Management at a computer software company with 201-500 employees

We discuss the solutions every year in terms of budgeting and the team has convinced me that it's necessary to spend this money on this solution. It provides value.

The initial setup is very straightforward. 

It is very stable. 

View full review »
reviewer898362 - PeerSpot reviewer
Information Security Engineer at a healthcare company with 10,001+ employees

The clarity around the auditing provides the most value for us.

View full review »
IM
Senior IP Network Defense at a comms service provider with 10,001+ employees

The features I have found most valuable are its capability to check on the firewall and the routers. Afterward, it checks out all the configs, checks the vulnerabilities, checks the risks - it checks everything that may end up causing our router to be compromised. In the end, it recommendations what we should do.

Then, if we apply the recommendations, it will scan again and give us a percentage. Sometimes we find out that at first that we didn't meet the compliance, getting a 46% maybe. Then, when after I apply the recommendations, after discussing with my team, and approving the recommendations, it is all remedied. After that, it goes to 80-something percent. And that is what we are looking for.

View full review »
reviewer1146690 - PeerSpot reviewer
Network Security Analyst at a energy/utilities company with 10,001+ employees

The most valuable feature are role and objects usage for individual objects and app usage.

View full review »
JR
Senior Specialist at Cigna

In my current role, the most valuable features are the API and the accessing. In my previous job, the analysis was my favorite.

View full review »
JF
Managing Director at Midpoint Technology

The full Orchestration Suite is what we've been primarily driving because many of our customers want to move into automation, or at least some aspects of it.

The audit portion of this solution has made a really big difference for us. Also, the flexibility of change has allowed us to really drive the product into the marketplace for a large clientele.

This solution provides great visibility, for both our customers from a primary firewall perspective, as well as for the other solutions that they tie into. For example, it gives us an ability to view what’s going on with full plant environments in various parts of the world.

The change workflow process is extremely customizable. We really like it from the standpoint that we can push it from department to department for approvals. It’s not contained within a single solution set, but rather, it moves across the silos of an organization for the approval process.

This solution has helped our clients to meet compliance mandates across the globe, including, for example, GDPR and SOX requirements.

View full review »
it_user399324 - PeerSpot reviewer
Network Lead - Security Architecture at a retailer with 10,001+ employees

The biggest value for me is the ease of implementation. I'm newer to the company, only been there a year, but the fact that I could could win and recommend this product within six hours of getting the license installed shows that there's immediate ROI to my CSO.

View full review »
it_user355590 - PeerSpot reviewer
Senior Network Engineer at a financial services firm with 10,001+ employees

The most valuable features for us are object looking, rule documentation, and reports. We use it for cyber security as well, so risk features and violations features are huge.

Even just looking up rules before we can make changes is a lifesaver. Previously, we'd have to go to the CMS of whatever firewalls we had. So instead of having to do that, now we can go to one location and search the rules that way.

Another major thing is the topology feature for the network part. Also, the SecureChange and automation means that the checkpoints can be done automatically, and they do the provisioning throughout the process. Looking up rules and understanding how they affect your environment.

It's also quite easy to use - there's nothing hidden, it's all laid out and that is much appreciated.

View full review »
reviewer1033653 - PeerSpot reviewer
DSI France retail banking networks at a financial services firm with 10,001+ employees

Policy management and the cartography of the network have been the most valuable features.

View full review »
IM
Senior IP Network Defense at a comms service provider with 10,001+ employees

The most valuable feature is the compliance check and the recommendations that it makes. This solution will connect with the firewalls and routers to check out the vulnerabilities, risks, and anything that can lead the organization to be compromised. From there it will make recommendations about what is required in order to ensure compliance. My team discusses the recommendations and then we remedy the issues.

View full review »
MU
Network Security Engineer at Customer Worldpay

In our current environment, the most valuable feature from Tufin is their Network Map because our network team can't give us a network map. Tufin has given me more than what the network team have ever given me, as far as documenting the network infrastructure. So, I'm thrilled.

The visibility is good.

View full review »
NetworkEae6b - PeerSpot reviewer
Network Engineer at a healthcare company with 10,001+ employees
  • Easability
  • Audit features
  • SecureTrack
  • Change of work allowance
  • It is very open to changing it and making it do what we need it do. 
  • We get a holistic view of the infrastructure, as well as automation workflows.

The visibility is great, so far. We are still building it out because we have a lot of firewalls from different vendors. Overall, it's a good product in the way it works.

The change workflow process is flexible and customizable. We use this process a lot. We have developers do custom integrations with different vendors, especially ones that are technically supported, as well as doing some custom integrations with our Juniper products, which are not officially supported.

The solution’s cloud-native security feature is definitely welcome. We are starting to embrace the cloud. We are a little more legacy and timid in our approach, considering the amount of data that we have and the way that we want it to be accessed. However, the cloud-native applications are going to be big, so I definitely think that's a welcome feature that they're working on.

View full review »
MM
Regional OSH at Pos Malaysia Bhd

The goal was policy management and Tufin's policy management features met our requirements. It allowed us to crosscheck policies.

I like the fact that Tufin was able to integrate with our firewalls, which include Palo Alto and FortiGate.

View full review »
reviewer1536771 - PeerSpot reviewer
Information Security Consultant at a comms service provider with 11-50 employees

The most valuable feature of Tufin is security auditing. We are able to check the rules and compliance of the company, for example, what is allowed or not. We are able to check the rules over different gateways and set over firewalls.

View full review »
reviewer1181328 - PeerSpot reviewer
IT Coordinator at a financial services firm with 10,001+ employees

The most valuable feature of Tufin is rule analysis.

View full review »
reviewer1126947 - PeerSpot reviewer
Project Manager at a comms service provider with 10,001+ employees

We use two main modules. We really appreciate the change manager. It's one of the most valuable aspects of the solution.

The technical support is pretty good.

View full review »
CM
Consultant at Critical Design Analytics

The preconfigured PCI compliance USPs are the best part for me. These make things a lot easier.

The visualizer for the Network Topology is really good. You can see all the routes throughout your entire environment.

The change workflow process is very easy to customize. You can do a workflow however you want, so you can have an approval every single step. Or, you can remove approvals on certain steps, automating some steps.

It capabilities are very good.

View full review »
VV
Head of IT Security at Banco Privado

The workflow is the most valuable feature.

The visibility that the solution provides is amazing.

The change workflow process is flexible and customizable. I can send one request to an IT Manager and another one to a Development Manager, making them customized.

View full review »
reviewer1147887 - PeerSpot reviewer
Senior Network Security Engineer at a retailer with 10,001+ employees

Comparing the rules and policy browser is valuable to me. It gives me the ability to pull running configs and be able to analyze them without having to go directly into the firewall.

The visibility is great.

View full review »
JY
Security Compliance at Caterpillar Inc.

The most valuable feature of this solution is reporting.

This solution has helped to reduce the time it takes to make changes. I don't think that we were ever slow, but we can now say that changes are completed within twenty-four hours.

View full review »
SF
Specialist in Network Security Operations Support at a financial services firm with 10,001+ employees

We are still using only one-third of the functions that Tufin has, but SecureTrack is among the most valuable.

The most valuable function is the SecureChange where it is able to automate everything from the validation of the rules to the pushing of the rules. We are mainly using Checkpoint and Tufin together.

In addition, it's helpful that we can generate accurate and detailed rule-usage reports. That enables quick clean up.

In terms of visibility, Tufin does show all the schedules based on the usage.

Another feature I like in Tufin is that we are able to track the flow of the source and destination, passing through which level of device and which firewall. It makes our operation, our daily tasks, much easier than doing it manually for each and every request.

View full review »
it_user475917 - PeerSpot reviewer
Director of Network and System Engineering at Allegiant Air

The visibility of the changes that are being made on the network. From a firewall perspective and router perspective, we have all our network devices in Tufin. We monitor all the changes that are made constantly. Prior to changes being made, they get approved by our IT security department, and then they're monitored after they're changed as well.

We haven't used it to push configuration yet, but we do have a third party network vendor that does our network changes for us. We immediately know if something was typed wrong or configured incorrectly. We'll get an email from Tufin, and we'll know that they typed something in wrong or incorrectly because that's the email that we receive from Tufin. A lot of times they'll transcribe things, and rules will get set in different directions. We'll know immediately when something happens.

Being the Director of Networking, that's what I'm primarily concerned about. It's to make sure that all the network changes that are being made are the correct changes, we're not opening things up to vulnerabilities that we shouldn't have, as well as making sure that we're locking down what we need to lock down.

View full review »
reviewer1185804 - PeerSpot reviewer
Works at a insurance company with 10,001+ employees

The most valuable feature of this solution is APG, the Automatic Policy Generator. Further there are very good capabilities for policy browsing and reporting implemented.

View full review »
it_user376773 - PeerSpot reviewer
Global Network Security Specialist at a pharma/biotech company with 10,001+ employees

Following installation, we mentioned to the SE what ports were on the rule already, and he responded that those were the right ports. So immediately, Tufin already saved us work. And there was already traffic to the destination of a requested rule that needed to just be added to another group. Previously, we would have had to make a new rule and type in the source destination ports. With Tufin, however, the group already existed and we just needed to add it to another group.

Object look-up is also valuable. When someone needs to know about a particular endpoint and what's allowed to it, we only need to type in the IP address and are then able to see every rule associated with that address line by line.

View full review »
it_user483792 - PeerSpot reviewer
Director, Enterprise IT Security and Compliance at a transportation company with 1,001-5,000 employees

The most valuable features are the ease of use and the portal. It is very easy to log in, to navigate, to produce reports and to create workflows. Creating workflows is actually one of the best features that I've seen in the product.

It also gives tremendous insight in that we now know exactly where the rules are, who they belong to, if they being used, and if we need to follow up on a yearly basis to find out if they still need access or if we removed the access because the server went down for whatever reason. Seeing that these rules are actively used helps us a lot. Before Tufin, we knew that we had issues with regards to how many firewalls we had in place. We had rules that were outdated and never being used. We started bringing visibility to that, and that's when we decided that we needed assistance on how to audit the firewall rules.

View full review »
it_user489261 - PeerSpot reviewer
Senior Network Security Engineer at a financial services firm with 10,001+ employees

In my group, we use Tufin to prove recourse. With firewalls, in terms of searching for existing rules, if we are looking for a particular rule, it shows whether an object exists, the network objects that exist. And if it does, it shows what is already in place and if we need to add something here and there. It's basically research analysis.

View full review »
it_user369300 - PeerSpot reviewer
CEO at Irvin Networks
  1. It's easily deployable.
  2. It provides change and reporting on changes 
  3. One of the features helps you clean up firewall rules, and maintain a good, clean rule set.
View full review »
DL
Executive Director at a financial services firm with 1,001-5,000 employees

Tufin gives us the rule, definitions and things of that sort, which is great. All the basic functions work well. 

View full review »
NetworkE78f6 - PeerSpot reviewer
Network Engineer at a healthcare company with 10,001+ employees

It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us. It depends on which application we're talking about. ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser. The Topology Map, which feeds into our SecureChange - the latter being an automation platform - there's a lot of synergy between the two. All the features that we have used are critical and are good.

The change workflow process is flexible and customizable. It's not 100 percent but it's definitely in the high 90s. It is very customizable, it's easy to set it up. There are certain fields that we feel might require some enhancements but, overall, it is customizable. It's very easy to use and super-efficient.

View full review »
LeadEngia25d - PeerSpot reviewer
Lead Engineer at a insurance company with 1,001-5,000 employees

For us, it's all the features that Tufin provides, including the 

  • USP
  • rule design
  • documentation
  • implementation
  • auditing.

They're all important. We could not have one without the others.

In addition, it provides greater visibility, once the setup is configured correctly. It provides a real-time sense of how the policies are configured and whether there are any shadow rules. Another great thing is that it provides greater reporting based on how the rules have been set up.

View full review »
it_user488085 - PeerSpot reviewer
Sr. Security Administrator at a consultancy with 1,001-5,000 employees

A lot of the most valuable features have to do with the reporting and the cleanup of policy. With our day-to-day busy lives, we just want to get the change in and implement it, and that just increases rule base exponentially. From time to time you need to go back and find duplicate services, objects, rules, and cleanup. With a lot of the cleanup effort, I think the product helps out a lot.

Tracking changes is beneficial. We get alerted immediately who made the change, what change was made, and things like that. That's probably the most valuable.

View full review »
it_user475893 - PeerSpot reviewer
Manager at a pharma/biotech company with 1,001-5,000 employees

The ability to create out of the box reporting and to have real time awareness of the changes in our environment.

Our operations team will make firewall rule changes and I actually get an email telling me everything that's been done. The way that we have the two things set up it will actually link to the change control that they're doing the work under. I'm then able to review and say "okay, this is what they said they were going to do, this is what they actually did and it's done compliantly."

The reporting simplifies the ability to report towards the business about how our rules are being used so we can make sure the security is always optimally maintained.

View full review »
AO
Application Developer at CyberAge

The firewall security was very valuable.

View full review »
AE
Network manager at Ekol Lojistik AS

It's user-friendly. It's easy to understand menus on the web GUI. That's a good feature for us. I can say that it's doing what it's supposed to do. It also integrates well with other products like Check Point.

View full review »
reviewer1554918 - PeerSpot reviewer
Network Operations Engineer at a computer software company with 10,001+ employees

The solution is very straightforward to use. It makes doing our work easy. The product is very good at helping us clean up rules.

We've found the stability to be quite good.

The solution is quite scalable.

View full review »
reviewer1185783 - PeerSpot reviewer
Works with 10,001+ employees

The automated reporting on a regular basis is helping us to be compliant with legal requirements.

View full review »
Associate8c2 - PeerSpot reviewer
Associate Director Program Management at a pharma/biotech company with 10,001+ employees
  1. Being able to see all the firewall rules in one place. 
  2. Being able to query them. 
  3. SecureChange will automate and put the rules into Remedy.

The visibility is incredible. It has never been there before.

View full review »
NetworkE9856 - PeerSpot reviewer
Network Engineer at a energy/utilities company with 10,001+ employees

The most valuable features are the rule set analysis reporting that you can do. We use it day in and day out for doing rule cleanup and policy analysis.

The policy comparison reporting is one of the more basic functions that it has, but it is very critical for us. We built it into our processes that before we push any change to production, an engineer will stage actual date rule changes and policy changes. Another engineer will go in and do a comparison report of the last push policy to the last save, making sure what has been changed is what is expected to. From an operational excellence, it's huge for us. We have huge policies. All it takes is one accidental right click, delete, or backspace button, which could impact our business. So, this is something that we use almost day in and day out.

We're definitely happy with the visibility. It gives us a lot more visibility and can do a lot more reporting that just wouldn't be possible for a human to do, who might just be looking at traditional log files.

View full review »
InfoSecC1266 - PeerSpot reviewer
InfoSec Consultant at a insurance company with 10,001+ employees

The most valuable feature of this solution is the ability to develop it further than what's out of the box.

View full review »
SS
Automation Engineer at Cox Communications

The most valuable feature for us is the topology validation that is part of the workflow.

This visibility that this solution provides is better than that of the competitors that I have looked at.

When this solution works in the way that we need it to, my impressions of the change impact analysis are very good. The hardest thing for us is the inefficiencies with topology. This often means that the results we get are inaccurate.

View full review »
ITManage3885 - PeerSpot reviewer
IT Manager at a financial services firm with 10,001+ employees

The most valuable feature is the reporting of our risk poster in our firewall. We clean up our firewall rules using this solution. The reporting helps us carry this out quickly.

This visibility is good and I would say that the change workflow process is average to good.

We expect that SecureChange will help us to reduce the time it takes to make changes. It is on our roadmap.

View full review »
it_user884007 - PeerSpot reviewer
Network Architect at a transportation company with 10,001+ employees

SecureChange is the most interesting part. It all comes down to having the user request firewall access and SecureChange, based on workflows, takes care of it, sending two or three emails to the business approvers. With one click, you can automate a firewall rule. We have many problems like, I imagine, the whole industry, with delays in implementing firewall rules.

SecureTrack provides all these regulations, PCI kinds of things, so you can try to match all your security policies and firewall configuration to the standard. 

There is also a feature to optimize firewall policies that will delete duplicate objects and rearrange the rules so the machine will function faster.

In addition, the change impact analysis capabilities allow you to do automatic checks of whatever rules you are implementing.

Finally, the change workflow process is flexible and customizable. I was really impressed with it. It's pretty easy. You can add automatic validation steps. Depending on the security matrix, you can pre-allow whatever flow you want. You can do your change analysis automatically or risk analysis automatically; whichever steps you want. It's pretty cool.

View full review »
SrNetwor9adb - PeerSpot reviewer
Senior Network Engineer at a financial services firm with 1,001-5,000 employees

SecureChange makes our lives easier with automation. 

It provides a granular report, like what is there or not and what is required or not in the clean up. This makes our lives operationally easier. 

It is very easy to learn and is user friendly. The GUI is user-friendly.

View full review »
Security4691 - PeerSpot reviewer
Security Engineer at a manufacturing company with 10,001+ employees

Workflows that help continue automation.

The change workflow process is flexible and customizable. Just about every step has some flexibility to it. While there is room for it to improve, it is very flexible to our needs.

View full review »
it_user489240 - PeerSpot reviewer
Consulting Information Security Engineer at HCA

The biggest thing that we have been using is the automated reporting. I work on a very specific portion of our network enclaving strategy. For the initial ones we’re working on, I get a big report every Monday that has a full listing of volumes and changes on all the rules. It means I don't have to log into the firewall to see how we're doing as far as progress and what we're doing.

We also use the on-demand stuff every time they make a change, I get a report of the change that's happening. We don't necessarily do the operational side but we have a sort of governance and policy oversight, and consulting oversight. We can determine whether this is the right thing to do for what they're doing. I don’t even have to log in and I don't have to go look for the information. I don’t have to go in to the Check Point console, log in, and do a lot of stuff. I get these reports in my email and I can analyze them and look at them when I want to. That's very helpful for me.
We also use it in the field for the people that have oversight over their zones. They get a change report and a risk analysis report out of Tufin. They don't have to log in every time something happens. It gets pushed to their email. To me that's a big value.

The other thing that brings a lot of value is the ability to get visibility without giving someone admin rights in the Check Point consoles. We are able to specify for these roles. While we're doing policy and strategy in consulting, we don't need admin rights to be able to make changes. That's a big help also. We can get to the info without having to log into the consoles and get those type of permissions that we really don't need in our role.

View full review »
it_user488112 - PeerSpot reviewer
Senior Security Engineer at a hospitality company with 1,001-5,000 employees

We can identify rules that are not used. We can identify rules that are open.

When importing the devices, they made it nice where you can script it and import all the devices into Tufin. That was a nice little feature.

I like the SecureApp feature. That looks like it's pretty handy. The compliance portion of it, where you build your security database. It runs against that security database and figures out whether the correct ports are opened up or if there are vulnerabilities.

View full review »
it_user483819 - PeerSpot reviewer
Security Manager at a financial services firm with 10,001+ employees
  • The comparison of what changed.
  • I also like being able to use the historical data - did this access exist on this date a week ago, two weeks ago, etc. Because I'll have a customer who's like, "Hey, our traffic isn't working anymore. It used to work, and now it doesn't. Why not?" I would go, and I'd check the policies, see what existed, if it did exist, and then I know that somebody removed it, and I can find out who. It's a great tool.
View full review »
it_user483795 - PeerSpot reviewer
Senior Security Network Engineer at a financial services firm with 10,001+ employees

There are a few things. One is that from the portal people are able to request access. It is going to be able to stage the policy, add the rules or objects or whatever is needed for us so that all we need to do is push the policy at the time. It almost doesn't need a human being to be involved in the rule staging of provision process.

View full review »
it_user437166 - PeerSpot reviewer
Network Engineer with 1,001-5,000 employees

We purchased Tufin for the rule based analysis, so that when we did a Check Point migration from the earlier versions everything was OK. We now have rule based analysis, and we can move in, see unused rules, and try to optimize the rule base.

Tufin enabled us to clean out the rule base pre-migration. There's no point in migrating old and unused rules and objects to a new solution, so we were trying to be a bit proactive. That's why we purchased this solution and we had someone from Interel come over and help us configure it.

View full review »
it_user437160 - PeerSpot reviewer
Unified Messaging Technical Architect at a financial services firm with 10,001+ employees

It’s the fact that before Tufin it wasn’t possible to manage firewall changes. We used emails.

Different departments can actually intervene at the same time on the same workflow and actually accelerate the job. Previously, we didn’t have that, so that’s a big thing.

View full review »
reviewer1181328 - PeerSpot reviewer
IT Coordinator at a financial services firm with 10,001+ employees

It is an important application for controlling and monitoring firewall rules. It is useful for making and monitoring the changes.

View full review »
reviewer1069503 - PeerSpot reviewer
CyberSecurity Architecture Manager at a computer software company with 10,001+ employees

The compliance aspect of the solution is its most valuable aspect.

The stability is very good.

You can easily scale the solution if you need to.

The number of features is very robust - and there are a large number of features. That's a huge selling point, which is why its popularity is where it is.

View full review »
TeamLeadc1d6 - PeerSpot reviewer
Team Lead of Border Protection at a manufacturing company with 1,001-5,000 employees

The most valuable feature is automation.

The visibility of the policies are very good. It sees different things. The recordings are very good.

We use a lot of workflows and have a lot of custom things developed by Professional Services. It is very customizable.

View full review »
ET
Business Director at a tech services company with 201-500 employees

The policy overview is valuable.

View full review »
SB
Cyber Security Engineer at a healthcare company with 10,001+ employees

The most valuable feature is the consolidation of firewall products.

The change impact analysis capabilities of this solution are pretty good. We like the product a lot.

View full review »
NetworkS6585 - PeerSpot reviewer
Network Security at a transportation company with 10,001+ employees
  • The Orchestration
  • The way that users can access it directly.
  • The change impact analysis capabilities of this solution are good.
View full review »
it_user489219 - PeerSpot reviewer
Senior Security Engineer at a hospitality company with 1,001-5,000 employees

We use SecureTrack for tracking unused rules, tracking risky rules for compliance, and policy optimization, which I think is the best because you get duplicate objects and you get covered rules. I would say that trying to tune your policy and get rid of unused rules is the most valuable for us.

View full review »
it_user479352 - PeerSpot reviewer
Network Consultant at a healthcare company with 1,001-5,000 employees

Tufin provides insights through various reporting capabilities. It provides a level of insight into change that didn't exist before and gives us the ability to validate changes against business needs. It has also allowed us to automate certain functions. We are still very new at it, but we have been able to leverage some of the automation capabilities to begin to clean up our environment. We haven't gotten into the SecureApp module yet.

There are some report capabilities that we weren't aware of when we purchased the product. They're kind of in a hidden area. One of the reports is called the permissiveness report and it uses some type of algorithm to measure risk of rules, rule bases and firewalls. We're still exploring a lot of the reporting capabilities. There's a lot of depth to the product.

View full review »
it_user466632 - PeerSpot reviewer
Manager, Security Engineering and Operations at a retailer with 1,001-5,000 employees

With the firewall policy management with Check Point, we found great value in the tracking, specifically given that we use rules and we use objects within those rules. It's very helpful to provide evidence of PCI (Payment Card Industry) compliance during our yearly PCI audits. PCI is a set of data security standards that's published by the card holders: VISA, MasterCard, Discover, and American Express.

We can provide evidence the nothing's getting into that environment that isn't already approved to go in.

View full review »
it_user437130 - PeerSpot reviewer
Head of I.T. Security at a insurance company with 1,001-5,000 employees

I find that he most valuable feature is actually optimizing my real firewalls. It shows me any issues. I track the change and it will tell me when it is actually going to affect any other rules or any other applications. That is the biggest feature.

Then the reporting functionality that comes along with it - for one change, this change what, when, etc. This is the main function that I will always be using, as well as positioning of the rules on the rule base and to optimize the firewall for me. Those are the best features and that is what sold me initially.

The thing I like about it is that it's real time, that's the biggest benefit. It helps me with everything that I need to do. Every time we want to make a change we put it in the system and it tells us, OK all good, or it tells you, these, this and this you have to fix. Have a look at it, send it to the service, they have a look at it, mediate, put it through again, and if it is clean it will go.

View full review »
it_user437181 - PeerSpot reviewer
Senior Network Engineer at a financial services firm with 1,001-5,000 employees

The most valuable function of Tufin is that it provides compliance tests on security devices. It gives us a great idea of what is going wrong and what we have to do to improve. Then, when we try to apply the solution to our policies, it provides us help in doing so. It tells us where to put our policy on both the front and back ends, as well as in the configuration files.

View full review »
it_user400740 - PeerSpot reviewer
Sr. Security Architect at a tech services company with 1,001-5,000 employees

The most valuable feature is that we can see what changes are happening on all our security devices at the very moment that they're done, so if any mistakes happen, then we can catch them very quickly before there is a big disaster and outage.

Mistakes like firewall policies where people put in wrong IPs instead of allowing permits and traffic stops. That is why it is very, very important.

View full review »
ITManage3885 - PeerSpot reviewer
IT Manager at a financial services firm with 10,001+ employees

The USB is the most valuable feature for us. Inside of Tufin, we are planning to leverage the USB solution.

The visibility is excellent. We have a better view of our compliance status. 

View full review »
Managerfac3 - PeerSpot reviewer
Manager at a manufacturing company with 10,001+ employees

The ease of use is the most valuable feature. 

The change workflow process is flexible and customizable. We have one guy who has never logged into Tufin ever in his life. He sits down and in 30 minutes had written an automation routine, then went back and changed it. He did that with no training. For me, that is a major benefit.

The two reasons that we wanted Tufin

  1. The single pane of glass, so our Tier 1 and Tier 2 could make changes.
  2. The network mapping which is something that we have never had before.
View full review »
Securitye949 - PeerSpot reviewer
Security Engineer at Allegiant Air

The revision reports are phenomenal. They really help us out to see what changed, when, and who, most importantly. Some of the other reporting that we audit and clean up have been really valuable for us. 

The visibility is great. We have found the policy browser to be very useful. It is a fairly new feature. 

View full review »
ST
Network Security at a tech services company with 5,001-10,000 employees

We can get reports with Tufin at anytime. We can have automated reports, even with security and compliance.

The visibility is very good, as it incorporates graphics with some charts and comparisons. So, we have very good visibility for the entire tool.

View full review »
TL
Information Technology Graduate at a computer software company with 10,001+ employees

Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc. 

If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers.

View full review »
CG
Security Engineer at BCBSMA

The most valuable features are the Security Risks and Best Practices reporting/Rule base cleanup.

View full review »
SrInfoseb35c - PeerSpot reviewer
Senior Information Security Architect at First Citizens Bank

The capability to manage: We have different domains, so we want to have a single pane of glass to see what all the different policies are doing.

View full review »
it_user489246 - PeerSpot reviewer
Network Engineer at a financial services firm with 10,001+ employees

The governance feature is handy in the process flow. Tufin is easy for an average user to be able to put in their request and have it automatically assigned to other firewalls.

We are able to review changes from the previous day to be able to compare if there's a change that goes in from one day to the next, if there's an issue, we can see what change has occurred. You can see that through the reporting. It's quick to go and pull up what changed between the two days. It works great for the users to be able to put it in. And then troubleshooting afterward if something happened to find out what had changed.

View full review »
it_user489336 - PeerSpot reviewer
Network Security Engineer at a hospitality company with 1,001-5,000 employees

The most valuable feature that I've found is rule optimization. If the rule has massive hits and if I want to remove that rule, I can put that rule into the SecureTrack change. After a few weeks, it will tell me that these are all the IP addresses that it is hitting, and this is all the traffic that it is hitting. It provides all sorts of other information too. That's one of the features that I like in Tufin.

Having total compliance is a benefit. When our compliance department tells that there is a rule that says IP such-and-such, and that we have to remove that rule, it’s never easy for us to directly remove a rule until and unless we have some traffic analysis and so on.

Another benefit is the complete set of all rules. If I have to find a particular object, Tufin provides a search feature. That's one of the good features in Tufin. If you have more than 100 or 200 firewalls and 100 or 200 policies, and each and every policy has a humungous amount of rule numbers, it can give you detailed reports, as well as the search feature.

View full review »
it_user489243 - PeerSpot reviewer
Security Engineer at a financial services firm with 10,001+ employees

We're using SecureTrack, and the most valuable feature for us is the accurate reporting it provides. Every time I run a report, I know it's going to return just the exact information I'm looking for. 

I like the ability to drill down in the reports. That's very handy. It allows you to drill down, but it doesn't show you all the information at once, because some of it can be very overwhelming. It simplifies the information and then you can drill into the details.

At first, it presents it all in one format in the report. That's the simple format. Some of the things I'm looking for, I want an answer back quickly. I can see in just a one-page review that all of the information I was looking for is there.

View full review »
it_user483810 - PeerSpot reviewer
VP of Engineering at Netanium

The biggest thing is regarding the automation that it allows our customers to do at the end of the day so that they can go and scale their environment a lot more than they could in the past. I think that's really where it comes in. It's the process behind it which can be very painful and tedious. They help make it easier and it's pretty simple from that perspective. You can review compared to past policies.

It's a multi-stage process. When you first start using it, you can go based on rules and find a lot of things that you didn't know before automatically. Then over time, you can go and see points along time. See what's happened, what's changed and also make sure they're applying the appropriate policy.

Without Tufin it's a lot of manual reviews, and you'll miss things. Humans miss lots of things especially as rule bases get big.

View full review »
it_user483786 - PeerSpot reviewer
Network Security Engineer at a transportation company with 1,001-5,000 employees

The most valuable feature is the ease of use. Creating workflows for users is very easy. It's also pretty straightforward to look at audits and compare policies.

View full review »
it_user401487 - PeerSpot reviewer
Security Architect at a wholesaler/distributor with 5,001-10,000 employees

The ability for it to identify unused rules, and overlapping/redundant rules. If you had a more open rule at the top, but you put a more granular rule at the bottom, it would tell you that that granular rule wasn't needed because it was already covered by another rule. A lot of times you get multiple firewall admins who just go in and start adding stuff, and they're not always looking for what's already in place. It's redundant and they don't realize it. 

So somebody could have added a rule but they couldn't find it, so they just went ahead and added access, and in the end, Tufin will identify it and say - you have rules that you don't need. When you're dealing with very large policies (hundreds - thousands of rules) it's a big advantage. Such as if you're dealing with firewalls that host 2000+ rules.

I used to use the reporting. It was able to at a glance tell me every rule that that particular IP address was given access.

View full review »
MB
Manager at Italtel

They have very good responses regarding integration and internalization with open tickets.

View full review »
HS
Security Analyst at Equifax Inc.

The most valuable feature is that it extends security entries in the firewall policies. Given the number of entries in the access control, this would take a lot of time, so this feature is very valuable for us.

The visibility this solution provides us is great. At the moment, we are in the process of continuous improvement, and we need to include these new features.

The change workflow process is okay.

View full review »
SrAdvisof832 - PeerSpot reviewer
Senior Adviser Cyber Security at a comms service provider with 10,001+ employees

The analysis is the most valuable feature. People see it first and that is why they want in their enterprises, then they start explore the other features.

It provides a great visibility around the roots: Root implementing which can be done, roots that have changed, and what has been done. So, it's pretty useful when you have an audit going on. 

View full review »
it_user489210 - PeerSpot reviewer
Security Engineer at a healthcare company with 1,001-5,000 employees

Policy management.

View full review »
it_user488118 - PeerSpot reviewer
Security Engineer at a financial services firm with 10,001+ employees

Policy analysis is the product’s most valuable feature. It can pull out various rules that we need to work on, edit, update, and so on. It can identify rules that need to be moved, or need to be optimized.

View full review »
it_user475923 - PeerSpot reviewer
Security Engineer at a retailer with 10,001+ employees

The best feature is being able to query all our Check Point devices and certain other vendors like Fortinet as well. It can query and find unused rules and unused objects to clean things up for us.

I use reporting and assistance as a tool for cleanup. I would love to be able to get the newest version into our company and have it be used as a manager of not only Check Point but also the other vendors that we use. It looks like it's all there. - Fortinet, Palo Alto, some Cisco and other devices.

The fact that that we won't have to log into a Fortimaneger to manage Fortinet and then log into another to do Check Point, being able to log in straight to Tufin, build a rule and have it push it to the correct devices. That's huge and that's something that I really like about the new version.

View full review »
JS
Network Infrastructure Engineer at Ropes & Gray

The most valuable feature is alerting, which lets me know when someone has made a change. When something stops working I can see what has been done and by whom.

This solution is easy to set up and use.

It is very easy to see what has changed when comparing two different revisions.

View full review »
Networki9624 - PeerSpot reviewer
Networking Engineer at a comms service provider with 1,001-5,000 employees

The workloads are the most valuable feature right now, as it stands.

We find that the change workflow process is flexible and customizable. We change our workflow several times a year.

View full review »
NetworkS3480 - PeerSpot reviewer
Network Security at a insurance company with 1,001-5,000 employees
  • The reporting is its most valuable feature.
  • The change impact analysis capabilities of this solution are good. 
  • It is able to detect our changes, email, and alert us.
View full review »
it_user363600 - PeerSpot reviewer
Founder at a tech services company

From my perspective, I think that it’s hard to break it down to a single feature. The visibility it gives and the customizability it provides is invaluable and the change automation is the most powerful capability, at least for now. The application awareness component is a close second. As more organizations adopt this revolutionary way of visualizing enterprise connectivity, SecureApp will fundamentally change the way connectivity is provisioned and decommissioned.

View full review »
it_user489207 - PeerSpot reviewer
Security Architect at a healthcare company with 1,001-5,000 employees

Policy management.

View full review »
it_user488103 - PeerSpot reviewer
Security Consultant at a tech services company with 1,001-5,000 employees

We use Tufin for oversight and revision control to avoid implementing rules that are against security policy documentation, and also to correct any kind of issues or mistakes in policy changes.

It can be useful for comparing rule changes to create rules that are more efficient and more consistent.

View full review »
it_user437136 - PeerSpot reviewer
Network System Architect / Technical Project Leader at a local government with 1,001-5,000 employees

The multi-vendor support is very important for us. This is the most important feature because our system has integrations of software and hardware from many vendors. Tufin has also integrated well, supporting our system of multiple vendors.

View full review »
it_user288696 - PeerSpot reviewer
Network & Security Operations Manager at a retailer with 1,001-5,000 employees

We use both modules, SecureTrack and SecureChange. With Securetrack, we follow rules implementation and compliance; with SecureChange we manage the workflow of firewalls openings.

View full review »
reviewer1188195 - PeerSpot reviewer
Works

Before this solution, we used Excel sheets. This approach did not provide ways to filter the options for implementing changes. The filtering of lots of criteria is very valuable.

View full review »
NetworkS2260 - PeerSpot reviewer
Network/Security Engineer at a leisure / travel company with 51-200 employees

The topology and the config backup that we see for devices are key features we get from Tufin.

The change workflow process is flexible and customizable. We went through a lot of difficulties while doing stuff, and it now provides a lot of flexibility while making changes. We can go back and implement the changes again and that is one of the things that is very flexible. If we have a firewall completed and we want to redo it, if we need to re-engineer a particular firewall and open a different destination, we can do that by creating a break-fix. A break-fix is one of the things that we can use to redo things on Tufin, itself. That is one of its useful tools.

Auditing is another good tool within Tufin. The automation stuff and searching of reports are good for auditing as well.

View full review »
it_user489222 - PeerSpot reviewer
Security Engineer at a retailer with 1,001-5,000 employees

It can compare policy revisions side by side to see when you've made a change, and what the change is. It also lists the detail of the objects and policies. In other words, it has the ability to list all the policies as well as having side by side revisions.

View full review »
it_user479343 - PeerSpot reviewer
Senior Advisor Security Architect at a comms service provider with 10,001+ employees

Tufin has helped us a lot. It lets us clean up the rule base in a short period of time and remove unused rules. Tufin provides you a report on rules for this that lets you delete objects that are obsolete and no longer needed in the rule base. If you don't use a tool like Tufin, this is done manually and may take days, because for every object, before you delete it, you have to make sure that it is not being used by someone else.

View full review »
it_user477891 - PeerSpot reviewer
IT Security Engineer at a energy/utilities company with 1,001-5,000 employees

Tufin gives you the ability see what changes have been made and who made them, as well as pinpoint what has changed so if there is an issue you can easily review it. I also like that if there is a new request that's coming in, you have the ability to compare the request with what is already in the system so you don't have to go into the firewall rules to try to figure it out. You can just do a comparison between different policies.

View full review »
it_user437133 - PeerSpot reviewer
Network & Security Service Delivery Manager in Spain at a transportation company with 10,001+ employees

The most valuable feature for us is Tufin's versatility. Depending on the kind of device, we can correlate information from both the device and from the client. This is highly useful for us.

View full review »
VM
CTO at Uridium Technologies

So far, the solution has been fantastic. The customer has been very happy with its capabilities overall. 

It works very well in an enterprise environment.

There aren't any gaps in its offering at this time. It's a very complete solution.

The reporting on offer is very good. Tufin makes nice reports.

Technical support has always been very helpful and responsive. 

View full review »
Securitya49e - PeerSpot reviewer
Security Engineer at a government with 10,001+ employees

The most valuable feature is to give people outside of the firewall group access to view the policy. Tracking is the most useful feature for us, right now. It saves time but I cannot give an estimate as to how much.

The visibility is good. We can see the policies and what changes need to be made, based on the report.

View full review »
Securitye57f - PeerSpot reviewer
Security Architect at a manufacturing company with 10,001+ employees

It is customizable.

View full review »
Consulta38b6 - PeerSpot reviewer
Consultant at Sirius Computer Solutions

The automation because it is saving a lot of work, time, and effort required to do all of our manual work. The change impact analysis is pretty good, and with the automation, it takes care of a lot of things which we would be doing manually.

View full review »
it_user489216 - PeerSpot reviewer
WAN Border Engineer at a pharma/biotech company with 10,001+ employees
  • The ability to compare the old policy and the new policies is real handy.
  • The topology view is really good. 
  • You can kind of see where the flows are coming and how they're working.
View full review »
it_user489228 - PeerSpot reviewer
Security Architect at HCA

What I’ve found very useful in a short period of time is the visibility it provides. It looks at the tools that don't meet our compliance requirements. We’re part of a program where we’re going back and remediating a lot of the rules that are falling out on compliance. Having a central location for that is very nice.

View full review »
it_user476727 - PeerSpot reviewer
Security Engineer at a financial services firm with 1,001-5,000 employees

We use it as an auditing tool, since it’s a risk-based approach, which fits a lot of the needs of our auditors. We're able to clean up our firewall rules and use the security score in our monthly reports to executive management, showing them that we are making improvements within the security of our firewall policy. We can generate different inventory reports when rules are not in use. It allows us to print policy out for our auditors as well.

You can print off reports, either in Excel format or PDF format and deliver them to whoever needs those reports. It can also send you any report on a regular basis. For example, if you want to see your security scores, you can have that sent to you weekly.

View full review »
it_user437142 - PeerSpot reviewer
Senior Security Consultant at a comms service provider with 10,001+ employees

Audit compliance. We need the PCI audit compliance and that's what Tufin delivers for us.

View full review »
it_user437187 - PeerSpot reviewer
General Manager at a tech services company with 51-200 employees

The most valuable feature for us is SecureTrack. With it, we have rule documentation, change documentation, and the ability to create various reports. We can also enforce compliance with our security policy, as well as to define exceptions.

Another valuable feature is SecureChange, which enables us to have individual workflows. Individual workflows have to be followed step-by-step without skipping a step. That's the great thing that we can do with automation so that firewall administrators don't have to do so much manual, routine work.

View full review »
it_user437145 - PeerSpot reviewer
Head of Network and Security at a financial services firm with 1,001-5,000 employees

We use SecureTrack to walk us through the implementations of our firewalls and for all our policy checks, complaint checks, and reporting and overview of our monitoring policies.

View full review »
it_user400692 - PeerSpot reviewer
Security Advisor at a financial services firm with 10,001+ employees

We're able to generate reports to know what's going on with our rules, specifically expiration dates and PCI's, for our firewalls. It lets us know exactly what's happening.

View full review »
Firewallcf07 - PeerSpot reviewer
Firewall Administrator Security Engineer at a comms service provider with 1,001-5,000 employees

The most valuable feature is troubleshooting.

View full review »
MM
Technical Team Lead at Paragon

The USB is its most valuable feature. Inside of Tufin, we plan to leverage the USB in solutions.

The change workflow process is flexible and customizable.

It is very easy to use. We can get results back quickly.

View full review »
SeniorCofe32 - PeerSpot reviewer
Senior Consulting Manager at a tech services company with 10,001+ employees
  • Configuration management
  • Change management
View full review »
VK
Owner at Concepts Solutions Informatiques
  • The policy browser gives the ability to browse all firewalls from a single point. It's possible to see where an IP is inserted in rules. 
  • The designer gives the ability to know where to add a rule, or if the rule is already in place. 
  • The reports are personalized now and the cleanup is helpful for administrators.
View full review »
it_user489258 - PeerSpot reviewer
Senior Network Security Engineer at a government with 1,001-5,000 employees

The last account I was working for had just implemented Tufin. It was good for retrieval and for policy remediation, as far as cleaning up policies and so on. When I got there, they had a lot of old policies. Everything was all over the place. Tufin was good for policy cleanup.

Once you install Tufin, it performs a query and it searches all active policies. Once it does that, it places all the policies that you know in priority order, as far as which policies are being most used and which ones aren’t being used. Then it gives you something like a survey of things that were being used or any things that weren't being used. You can decide whether you want to take out or if you have some machines which are totally dead. That was really the big benefit of using Tufin.

View full review »
it_user489264 - PeerSpot reviewer
Sr Network Security Engineer with 1,001-5,000 employees

I permanently use it for their Automatic Policy Generator, and for object lookup.

View full review »
it_user466629 - PeerSpot reviewer
Manager, Information Security at Neustar

Tufin is invaluable for helping us keep track of things, providing us a method for checks and balances. We're a Tufin SecureTrack customer at this point, and the product serves multiple purposes when tracking changes. We’ve also starting using it as a compliance tool, utilizing its capacity to help us analyze policies. Overall, SecureTrack is a very easy tool to use, and it’s relatively fast. We've recently virtualized it, and from a performance aspect, it works great.

I think we're on Version 15 right now – almost the latest one. Moving from the appliance to the virtual platform was really simple, and from a performance standpoint, it was pretty much seamless.

View full review »
it_user437169 - PeerSpot reviewer
IT Sec Operations at a tech company with 10,001+ employees

The most valuable feature is the ability it gives us to browse our entire infrastructure and easily find which rules match our policies. Tufin also helps us to clean up our firewall rules by suing the object browser throughout our entire infrastructure.

View full review »
VM
CTO at Uridium Technologies

The consolidation of other firewall vendors is very valuable because many customers have different firewalls and the management administration has to be done differently. However, with Tufin SecureCloud, you can do things together.

View full review »
reviewer1543566 - PeerSpot reviewer
Principal Consultant at a consultancy with 1-10 employees

The most valuable feature is being able to customize your own clarity to that aspect of change management.

Having better visibility of what is going on. If it gets out of control, you can keep it in your head no matter how smart your administrators are.

From what I have seen, it's user-friendly.

View full review »
it_user489234 - PeerSpot reviewer
Staff Specialist at a financial services firm with 10,001+ employees

The way we've set up our policies are pretty unique in what they do, so there's not a lot of compare between them. But, historic is really important. We look at them and we say what is and what isn't important. We run through the compliance and the best practices. We're just starting to look at real usage and integration. That way, we would be able to say, "Okay, if this hasn't been used in a long time, maybe it's time to get rid of it." And we would be able to do our own cleanup because the tool will then tell us the value on long-term usage so we can take more advantage of it in real time.

View full review »
it_user488088 - PeerSpot reviewer
Staff Specialist at a financial services firm with 10,001+ employees

It allows us to use the compliance portion of it to do our compliance reports. It also allows us to do peer review on our changes when we do firewall pushes. Before we do our firewall pushes, we compare what changes we made during the staging process in the week. We go over them to make sure that nothing is going in that should not be going in. Also, we check each other's work to make sure nobody fat-fingered anything and gave somebody some crazy access to somewhere that shouldn't have been.

View full review »
it_user437175 - PeerSpot reviewer
Telecommunication Engineer at Vodafone

What I like most is the end to end view which is quite important for supporting the design teams.

View full review »
it_user437121 - PeerSpot reviewer
Manager, Group Leader at a tech services company with 1,001-5,000 employees

The most valuable feature for us is the configuration control. This helps us to comply with company policy.

View full review »
it_user437178 - PeerSpot reviewer
Network Security Consultant at a tech company with 10,001+ employees

We use it mainly for rule base analysis. We do a lot of customs and they always have complex custom rule bases, so we need to be able to go through the rule base and also to optimize the rules.

View full review »
it_user308643 - PeerSpot reviewer
Information Security Analyst at a transportation company with 1,001-5,000 employees

The module we have used the most is SecureTrack. Our technicians use that for firewall audits and analysis. We use other drivers due to PCI regulations, so we have to have proper reporting compliance, change management, and network changes. Also in our road map is to implement secure change.

View full review »
Profferefb28 - PeerSpot reviewer
Professional Services Engineer at a tech services company

The firewall remediation and compliance pieces are the most valuable features. 

View full review »
ITSecuri46f3 - PeerSpot reviewer
IT Security Professional at a pharma/biotech company with 10,001+ employees

We use SecureChange. SecureChange is most valuable to me because I have customers out there that know the process now. 

It provides good visibility because we have a lot of gateways globally, so it consolidates them nicely.

View full review »
it_user489249 - PeerSpot reviewer
Network Security Engineer at a pharma/biotech company with 10,001+ employees

I like how it's able to optimize your policy, look at the objects, and other similar functions. We only have Check Point integrated with Tufin SecureTrack, so that's a key benefit of using it. We can check policies against past policies. It does a kind of compliance check or risk analysis if there are unused policies or unused objects. It highlights them and it gives you a good view of what doesn't need to be there.

View full review »
it_user182367 - PeerSpot reviewer
Network Specialist with 51-200 employees

At the moment, it's that it takes the changes made during the day and runs a report during the night so that we can go back and if there was an issue, see if it had something to do with changes that we made in the firewall.

View full review »
it_user437127 - PeerSpot reviewer
Security Solution Architect at a tech services company with 1,001-5,000 employees

The SecureTrack and SecureChange features are the most valuable for us. SecureChange can work with different appliances. The integration between topology, security, and workflow is powerful, and the workforce capability to create a lot of different scenarios is great.

View full review »
it_user375474 - PeerSpot reviewer
Security Evangelist

Tufin provides Unified Security Management across heterogeneous environments. This is one of the great features of Tufin. We could easily compare the revisions of the devices, analyze the network and generate reports.

View full review »
Security7b20 - PeerSpot reviewer
Security Engineer at a insurance company with 201-500 employees

The auditing is a valuable feature. We can be audited, because it has the ability for approvals to be set up and to put in policies. It is all automated.

View full review »
Security1d40 - PeerSpot reviewer
Security Analyst at a government with 1,001-5,000 employees

Its ability to detect changes within our firewall.

View full review »
it_user489252 - PeerSpot reviewer
Security Engineer at a non-tech company with 1,001-5,000 employees

The Automatic Policy Generator is a valuable feature, because I've been converting from ASAs to Check Point. I used Tufin to analyze all the rule bases to get rid of what I don't need, and create less permissive rules.

I had only 300 rules, but I've been able to consolidate it down to 67. There was a lot of duplication, and they're all interface based.

I like the diff where I can actually compare configs: who changed it, when they changed it, the last time it was saved, what changes were made. I can also do that in SolarWinds, but Tufin just makes it a little easier for me. Some of the tools’ features that they have, they're a little bit more mature in the later versions. The version that I have uses the spider-like view, with just the branches everywhere. It actually shows the network connectivity and the traffic. The routes, basically. I actually like that, but what I don't like about it is that, on the ASAs, it didn't take into account the weighted security code: 100, 50, 90 and so on. On the ASAs, according to that security code, you can talk to less secure networks without actually hitting a firewall policy. But if you want to talk to more secure networks, you actually have to go through the policy. The policy is basically the ACLs are interface based.

View full review »
it_user479277 - PeerSpot reviewer
Security Specialist at a financial services firm with 501-1,000 employees

I use Tufin SecureTrack, which means I use it for looking at things and not for making changes. The value of it there is that, since I deal with Check Point policies a lot, I can use it to see what changes have been made to the policy since the last time I looked at it, because it may have been a couple of weeks since I last installed a policy or maybe somebody else has had their hand at it.

Tufin gives me a really easy way to graphically look at the policy, before and after changes are made, through two panes. As you drag around one pane, the other moves with it, and they resemble the Check Point dashboard view so it’s very familiar. You can easily spot all the differences and see what has changed in the policy to make sure there are not any mistakes and that nobody accidentally added a block edited any rule at the top of the policy—that’s probably happened to everybody, right?

I also use a feature where you can run a report on rule and object usage. This helps me spot rules or objects that aren’t really ever hit, so I can remove them from the database if they no longer exist.

View full review »
it_user437193 - PeerSpot reviewer
IT-Security - Consulting (Licensing, Maintenance) at a tech consulting company with 501-1,000 employees

It supports failure operational processes of the administrator, which sometimes in small companies is difficult to do. This helps me in my job to help others free up time to do other, more important tasks.

View full review »
it_user489255 - PeerSpot reviewer
Security Operations Engineer at a hospitality company with 1,001-5,000 employees

I have used Tufin for traffic analysis, to check the traffic hitting a specific rule, for rule consolidation and so on. It’s really helpful. For my usage, it's very good.

View full review »
ST
Information Security Engineer at a tech company with 1,001-5,000 employees

The historical reporting is the most useful feature that I use the most often. 

For what we use it for (change auditing), the visibility works great.

View full review »
it_user437163 - PeerSpot reviewer
Network, Telecom and Storage Manager at a financial services firm with 1,001-5,000 employees

The first one is the policy analyzer to help the network facility to remove objects and the server needs an object, an appliance object.

View full review »
it_user437139 - PeerSpot reviewer
Owner at a security firm with 51-200 employees

It's very easy to document every change that has been done to auditors or internal auditing, but also to troubleshoot when you have more than one person taking care of your policies. So we're able to very easily and very quickly find out what our colleagues did and to mitigate that if it has caused any problems.

View full review »
Akhilesh Mishra - PeerSpot reviewer
Technical Lead at M.Tech

It provides very good reports. It can easily integrate with multiple firewalls, such as Cisco, Juniper, Palo Alto, and Checkpoint. 

We can push a policy from Tufin to a firewall, which is a very good feature. We can monitor all access rules and the operating system of a firewall.

View full review »
reviewer1006845 - PeerSpot reviewer
Presales Network & Security Engineer at a tech services company with 51-200 employees

The most valuable feature is the monitoring. I quite enjoy the monitoring this solution provides. It allows administrators to visualize the traffic flow, and troubleshoot when necessary. It's a useful tool.

The interface is quite user-friendly and intuitive.

View full review »
it_user298422 - PeerSpot reviewer
Senior Information Security Engineer at a financial services firm with 501-1,000 employees

We use it to track changes and the policies that we've implemented into our system.

View full review »
reviewer1288842 - PeerSpot reviewer
Security Operations Engineer at a security firm with 201-500 employees

I like the deployment and management of this solution. I don't have much experience in that kind of security solution, but I have three years of experience in similar solutions, like AlgoSec. I do some scripts to optimize the solution, such as configuring the API.

Additionally, when we export the report, you can see a lot of logs of all the equipment in the company and we can identify some of the machines or some log station in the network. Also, the user can create some requests to implement the flow and push the rules in the firewall. You can analyze the log and the traffic, you can have a lot of API's, and do some reporting.

View full review »
it_user437157 - PeerSpot reviewer
Group IT Governance - IT Security Engineer at a financial services firm with 10,001+ employees

Being able to use tools and zero key rules, we are in a place to clean up. It is good for management because they can see exactly what is going on.

View full review »
it_user437124 - PeerSpot reviewer
Web Technology and Security Manager at LYRECO with 1,001-5,000 employees

There are a couple of valuable features for us.

The first is that it allows us to track every change to our infrastructure, such as when the administrator makes new rules. Not only are we able to track every change, we can roll them back very easily as well.

The second valuable feature is that when you have huge growth within your firewall, it predicts what the growth may be and makes adjustments accordingly.

View full review »
PC
Consultant at RIPEN

I like the policy topology map, which allows us to visualize the picture of the security policy of the whole organization.

View full review »
PC
Owner at SiS International Limited

The most valuable feature of this solution is the Interactive Map. The interactive map would show our network topology, which would benefit in terms of understanding our environment (especially for new staff) and first-level investigation (including end-to-end firewall path analysis).

View full review »
it_user437148 - PeerSpot reviewer
Security Consultant at a tech company with 501-1,000 employees

Implementing new rules and the ticket system as users are creating changes. We're using Tufin to implement these rules.

View full review »
it_user907089 - PeerSpot reviewer
Network Engineer at a tech services company with 11-50 employees
  • Central management for all the firewalls.
  • The ability to do queries on the rules and understand in which files the rules are configured.
View full review »
it_user907089 - PeerSpot reviewer
Network Engineer at a tech services company with 11-50 employees

We are able to discover firewall rules that are too broad and widen the security footprint.

View full review »
it_user479295 - PeerSpot reviewer
HoD IP MPLS Department at a comms service provider with 1,001-5,000 employees

Being able to run reports to see what rules are there and which rules are not needed is very useful to me. It allows me to optimize the policies. Also, every time someone pushes policy it sends an email to say that the change was made. I have it set up to run reports every two days to let me see the state of the firewall or the state of the policies.

View full review »
it_user437172 - PeerSpot reviewer
IT Architect at a tech company with 10,001+ employees

You can search through policies of different firewalls with one step. That's one of the main features, because I have a lot of firewalls and do lot of firewall installations.

View full review »
it_user437151 - PeerSpot reviewer
Network Security Architect at a tech company with 10,001+ employees

It gives me a unified policy across multiple vendors.

View full review »
ChiefInf4325 - PeerSpot reviewer
Chief Information Security Officer at a computer software company with 201-500 employees

The rules, as they change over time, are the most valuable feature.

Its capabilities help me grow trust back and have less in-depth experience to go faster.

View full review »
it_user437154 - PeerSpot reviewer
Network Admin at a media company with 51-200 employees

SecureChange is the most valuable feature as it shows the difference between policies and proxies that affect performance, such as the router or switches.

View full review »
it_user437190 - PeerSpot reviewer
IT Security Consultant at a tech consulting company with 51-200 employees

It's been, from the moment we implemented it, useful for both our security and operations personnel. On a daily basis, the most valuable feature is the integration of different products. We're able to perform and see reports and audits from a single console all in one place.

View full review »
it_user1010334 - PeerSpot reviewer
Regional Manager at a tech services company with 11-50 employees

The visibility is fantastic.

The product is flexible.

View full review »
Buyer's Guide
Tufin Orchestration Suite
November 2024
Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.