Tufin Orchestration Suite Reviews

Neutral

My primary use case involves applying firewall policies faster from a central point. Additionally, I would like to use it to generate reports, but this hasn't occurred yet.

Tufin Orchestration Suite is a good tool that makes firewall policies faster to implement from a central point, and its support is good. It offers automation capabilities that are very helpful, especially for network security orchestration and applying policies.

The design needs improvement, particularly in recognizing target devices and target files. Additionally, there's a need for an improved network map.

I have been using Orchestration Suite for almost three years.

I would rate the stability of Orchestration Suite nine out of ten.

I would also rate scalability nine out of ten, demonstrating its ability to scale and expand.

The technical support is good. The team is eager to help in fixing issues.

Positive

I was previously working with CDO from Cisco. Additionally, FireMon is another competitor with similar features.

The initial setup process was straightforward and not complex.

Tufin has a partner in my country, and they facilitated the installation process. I monitored it once they installed it the first time.

The Orchestration Suite saves time when implementing rules. However, saving money isn't apparent since it is very expensive.

The pricing of Orchestration Suite is high, which is a point for improvement.

I have experience with CDO from Cisco and FireMon, which are competitors of Tufin.

Overall, I recommend the product. I'd rate the solution nine out of ten.

Tufin is primarily used to orchestrate and manage network traffic and firewall devices. It is specifically useful for implementing firewall policies and handling requests from clients that require policy updates or changes.

Tufin simplifies understanding network topology. New employees can quickly grasp the various IPs, devices, and the network's logical and physical layout within a short period, often reducing what would normally take a week into just a day.

While Tufin is suitable for small businesses, issues can arise in larger enterprises, particularly concerning policy-based forwarding and NAT traffic.

I have about three years of experience using Tufin.

Tufin is quite stable and typically does not require much troubleshooting.

When dealing with a large number of devices, Tufin can sometimes face challenges, indicating potential scalability issues.

The support team is effective; they connect to the network quickly and help resolve any issues that arise, although issues are infrequent.

Neutral

The initial setup of Tufin is easy and can be done within a day, provided the environment is prepared.

Tufin and AlgoSec are at the same level in terms of pricing. They are suitable for small to medium businesses with significant investments.

I have worked with AlgoSec, which is used for similar purposes and provides strong support for network devices. Both Tufin and AlgoSec can connect via API and support major firewalls and networking devices.

I would definitely recommend Tufin, especially for critical industries like banking or ISPs. It is essential for organizations willing to invest and ensure robust network management.

I'd rate the solution eight out of ten.

I am responsible for the management of network devices, including firewalls. Security management is handled by our parent company.

It's a great tool for checking compliance of network device configurations against our company's rules and industry standards like NIST 2.0.

It made us look at security policies more holistically, from the perspective of the entire network across all our devices.

We used a version from a few years ago. So, I think my opinion would be a little outdated. Moreover, at the time, there were no huge complaints.

Customizing it can be a little tricky, but that depends on your use cases.

I have worked with Tufin Orchestration Suite, but we no longer use it.

Every case was solved by our partner. They were licensed partners. They were certified and licensed by Tufin.

I was satisfied with the support.

Positive

We didn't work with any system of compared functionality.

Moreover, opting for any solution is a corporate decision made at a much higher level than mine.

The deployment wasn't difficult. It's just connecting the system to network devices using some pre-deployed credentials and reading the device configurations. The difficult part is setting it up for the specific tasks you need from Tufin Orchestration Suite. 

Customizing it can be a little tricky, but that depends on your needs. So specific use cases could be challenging.

From my perspective as an engineering manager, it saved my team time.

And looking at it from a higher level, it saved the organization money. As an organization, that's paying for my people's time.

So, ROI is something each organization has to figure out based on its own usage patterns.

The pricing depends on the business case. For us, the pricing was six out of ten, with ten being the most expensive and one being the cheapest. 

We didn't use the entire suite. So, I would rate it a seven out of ten. 

Our company uses the solution to auto deploy and analyze locks for hundreds of Layer 2 firewalls which are more challenging than Layer 3. 

We write script for manual configurations, create policies, analyze all rules and locks, and then auto deploy.

We currently have 40 engineers and 100 staff who use the solution. 

Maintenance of the solution is easy because we copy the latest configurations. 

I am improving rules for hundreds of firewalls to increase security and rigidity with confidence that the solution is handling it well. 

The solution's most valuable features are its security policy and steps for deployment. 

The solution is flexible and easier to integrate in a Layer 2 environment. Other solutions such as AlgoSec and Skybox have Layer 2 speakers but are complicated to implement.

Integration for Layer 2 devices could be improved because it requires manual scripting. Other layers are very simple to integrate. It would be a benefit to have a form field for firewall names, user names, and passwords which then auto integrate. 

Licensing options are confusing and require additional fees for high availability. Competitors include high availability with their standard licenses. 

I have been using the solution for two years. 

We monitor stability all the time and find that the solution is quite stable. 

We have not yet scaled beyond our initial deployment that included hundreds of firewalls. The solution handles our complex environment with no issues. 

Technical support is great. Our company has a complex environment and we asked Tufin to make integration easier for us. They rose to the challenge and tailored the solution to our existing environment. 

The technical support team in Singapore is quite responsive when we ask for help. 

Our initial setup was more complex than others because we implemented Layer 2 firewalls. 

Setup would have been somewhat complex using any solution. Our entire deployment took one year but most of that time was spent integrating Layer 2 firewalls and building baseline security policies. The solution itself did not cause delays but rather it was our internal protocols that required a large investment of time. 

I rate the complexity of setup a six out of ten. 

The implementation was handled by a local Indonesian partner. 

The solution is more reasonably priced than its competitors. 

We subscribe to the yearly license and find it to be quite budget friendly. 

A high availability license was an additional cost so we opted to purchase the standard license but were later given high availability at no additional fee. 

We conducted a proof of concept exercise before making a vendor selection. 

We did not choose Skybox because security is bundled in the solution and we only needed one tool for a specific reason. 

AlgoSec is the best solution for file management but Tufin is very comparable and reasonably priced. 

I rate the solution an eight out of ten. 

I am using Tufin for audits and for deploying changes. I am working with this solution in the financial industry.

The solution has made our operation a lot simpler. We are able to track changes in our network

The most valuable feature of Tufin is we have better visibility and management of our file infrastructure.

We need to implement micro-segmentation in our infrastructure, and we are using Cisco ACI. However, we are facing an issue with Tufin, as it does not currently support integration with ACI for micro-segmentation, even though it is advertised as such.

There should be a feature in Tufin that would make it easier to back up configurations and schedule changes, as well as make it easier to roll back changes if something goes wrong. This would make it less time-consuming and more efficient.

I have been using Tufin for approximately one year. 

Tufin is stable. We did not have any large issues.

The solution is scalable. You can onboard a lot of devices from different vendors. It only depends on the hardware resourcing and licensing. You have to purchase enough licenses.

We use Tufin a lot. I'm an administrator of the application, and we have people who open requests in Tufin. We use an internal ticket system to record these requests. We don't have an integration with an ITSM system yet, but we plan to do so with ServiceNow in the future. Until then, users will have to use Tufin to open their own requests. I've had two experiences with technical support and I find them to be too slow. I can't really say if they are good or not, as it seems to depend on the individual company and the engineers they employ.

I've had two experiences with technical support and they are too slow. I can't say if they are good or not, as it seems to depend on the individual company and the engineers they employ.

I have used CDO previously. Tufin is better than CDO. If you only have Cisco devices, Tufin isn't the better option. However, if you have a multi-vendor environment, Tufin is better than CDO. The limitation of CDO is that it can only be used with Cisco. However, CDO has a better user experience when processing applications than Tufin. Additionally, the network map of CDO looks more accurate to me than Tufin.

The initial setup of Tufin was easy.

The partners we used from Tufin in Romania were not very experienced, which caused the deployment process to take an extended period of time - approximately one year. This was due to the implementor's lack of knowledge on how to deploy the product, despite knowing how to install and onboard. We had a lot of requests, and our network was very complex, so the implementor was unable to complete the requests in a timely manner. However, we are now in a good place. We believe this issue was specific to the Tufin partner that won the auction and not related to Tufin itself.

We used a partner of the vendor with seven of our team members for the implementation of the solution. They have to be skillful people.

We have received a return on investment using Tufin.  Tufin saves us time. Our network team can make changes more quickly. We have better visibility and management of our file infrastructure. Before we didn't have this and it was time-consuming. We use Tufin to generate reports for different security teams, and for firewall operations. We also use it to integrate Cisco ACI and segment traffic between different IT processes and destinations. Tufin has been very helpful in allowing us to detect traffic between sources and destinations, and integrate our firewalls.

I had a bad experience with the financial department, and the price is too high. The software does work and does the job. The solution is worth the money. If I had a different partner to implement the solution, it would have been worth the price.

The solution is paid monthly. We paid approximately €‎300,000.

We use two people for the maintenance of the solution.

I rate Tufin an eight out of ten.

We are using Tufin to be security compliant within our organization.

This solution was a need for our organization to stay compliant and it has helped us in this way.

The most valuable feature of Tufin is rule analysis.

I have been using Tufin for approximately three years.

Tufin is stable.

The scalability of Tufin is good.

We have approximately 20 people using Tufin in my company. We have many teams using the solution, such as security, operational network, and network architecture.

We do not have plans to increase the usage of this solution.

The support I received from Tufin was responsive and helpful.

I rate the support from Tufin a four out of five.

Positive

I have previously used AlgoSec and we switched because the price was too high.

The initial setup of Tufin was complex. We had some issues with the architecture.

We did the implementation of the solution in-house.

The price of Tufin could be lower.

We have a team of three engineers that do the maintenance of the solution.

I would recommend this solution to others.

I rate Tufin a nine out of ten.

We are just using the solution as a tool for network migration management, primarily on the firewall side and inside, and to ensure we have some central view.

We discuss the solutions every year in terms of budgeting and the team has convinced me that it's necessary to spend this money on this solution. It provides value.

The initial setup is very straightforward. 

It is very stable. 

We haven't really had issues with the product.

There are some missing features we'd like to see them add in the future. 

We've been using the solution for four years. 

The solution is stable. It doesn't have bugs or glitches. It doesn't crash or freeze. It is reliable.

I can't speak to the scalability. I'm not sure if it will scale. 

We only have eight people using the product right now. They are just engineers. 

I've never been in touch with technical support. 

I've also used Cisco Defence Orchestrator.

The setup is straightforward. We have a very small and streamlined setup since we use it just for specific use cases. It isn't hard for us to get it up and running. 

The deployment only takes a few days. It can take anywhere from a few days to up to two weeks, however, never more than that.

The maintenance is very minimal. We need less than one person to handle it. 

We handled the setup in-house. We did not need to get any help from integrators or consultants. 

It's really difficult to really have KPIs which shows return on investment on such tools. While there is a return on investment, it's not quantified.

I can't speak to the exact cost of the licensing. The pricing is somewhere in the middle. It's quite normal and not overly costly. I'd rate it a three out of five in terms of affordability. There are no extra costs involved. 

We are customers and end-users. 

I'm not sure which version of the solution we're using. 

I do not work directly with the solution.

I'd rate the solution a six out of ten.

Tufin is used for the design proposals process.

The most valuable feature of Tufin is security auditing. We are able to check the rules and compliance of the company, for example, what is allowed or not. We are able to check the rules over different gateways and set over firewalls.

The reporting function could improve in Tufin. For our clients with companies that have strong compliance, reporting privacy data is mostly a problem. In the IT department, private data needs a function that one person can analyze it. It requires multiple people to analyze the data.

Tufin currently supports various firewall gateways, such as Checkpoint, Palo Alto, Fortinet, and Cisco. However, it would be beneficial if they expanded their support to include other security providers. For example, in Germany, government agencies often use specialized firewalling components from companies, such as Genua and Rohde & Schwarz. It would be a valuable addition for Tufin to include support for these solutions to better serve the German market.

I have been using Tufin for approximately five years.

I rate the stability of Tufin an eight out of ten.

Tufin is more suitable for enterprise companies. The benefits of the solution come when you have 10 to 50 gateways, and you have to control all the rule sets and do a revision over this installation. This is when you see the benefit of a central auditing tool, such as Tufin.

I rate the scalability of Tufin a seven out of ten.

Tufin's support is helpful. However, it can take some time to get a resolution to a problem. My colleagues have had some success with Tufin's support, but they often have to start at the first level of support and work their way up to the second or third level before they reach someone with a deeper knowledge of the issue. It would be more efficient if there was a way to reach higher-level support directly, as it can take a lot of time to get to the experts. The first two levels of support are not very helpful, as they often just ask a lot of questions without providing solutions.

I have previously used AlgoSec. However, Tufin suits my customer's use case better.

The initial setup of Tufin is simple. I receive feedback from my customers that they don't need much time to be familiar with the software.

The implementation typically can be done in one day. However, it depends on the number of gateways in the management system.

My team gives our customers an introduction to Tufin, helps with the initial configuration, and then the handover. If it is a large implementation we will use three people to assist.

Tuffin is expensive, and we have to explain to our customers the benefit for them to purchase. If we explain the benefits in the correct way they do not mind the price. We typically do costing for the customer for three to five years. We make the general total cost of ownership at the beginning of a project for our customers.

Tufin is the most useful when working with multiple gateways and different administrators who manage firewall rules. It can also be beneficial for security operations centers that are responsible for monitoring and maintaining the rule sets. This is the message we convey to our customers when recommending Tufin.

I rate Tufin an eight out of ten.

We primarily use this solution for integration, and we deploy the solution on-premises and on cloud.

They have very good responses regarding integration and internalization with open tickets.

The solution does not have automation with other Firewalls and it should be included.

We have been using this solution for approximately five years.

The solution is scalable. Currently, approximately 60% of our organization uses it.

We have had a good experience with customer service and support.

We have used AlgoSec.

Licensing costs are charged every year.

I rate this solution a six out of ten. The solution is good but can be improved by including additional automation in the next release.