Try our new research platform with insights from 80,000+ expert users

Cisco Security Cloud Control vs Tufin Orchestration Suite comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Security Cloud Control
Ranking in Firewall Security Management
13th
Average Rating
8.2
Number of Reviews
15
Ranking in other categories
No ranking in other categories
Tufin Orchestration Suite
Ranking in Firewall Security Management
2nd
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
182
Ranking in other categories
AI Observability (78th)
 

Mindshare comparison

As of February 2026, in the Firewall Security Management category, the mindshare of Cisco Security Cloud Control is 2.7%, up from 1.1% compared to the previous year. The mindshare of Tufin Orchestration Suite is 20.2%, down from 21.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewall Security Management Market Share Distribution
ProductMarket Share (%)
Tufin Orchestration Suite20.2%
Cisco Security Cloud Control2.7%
Other77.1%
Firewall Security Management
 

Featured Reviews

FS
Security Engineer at Metrobank
Automation reduces intervention and speeds up threat prevention
Our primary use case for Cisco Defense Orchestrator is the automation of playbooks. We primarily use it for this purpose to streamline processes The most valuable feature is the automation, as it reduces user intervention and allows us to focus on other tasks. Since the system is automated,…
Vulnerability control saves audit costs and reduces expenses for organizations
Tufin Orchestration Suite is not commonly used in Thailand due to a lack of local support, and many customers are switching to AlgoSec or other vendors. The analytics features of Tufin Orchestration Suite are challenging to use and require technical expertise, which is a concern as there is not much knowledge in this field in Thailand. The issue of technical knowledge, especially regarding English language proficiency, is significant for government and some companies, making Tufin Orchestration Suite harder to use.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ability to see the uptimes on the different VPNs that we have configured for site-to-site."
"The most valuable feature is the automation, as it reduces user intervention and allows us to focus on other tasks."
"We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple."
"The bulk changes feature is definitely the most valuable."
"For this product, they are very uncharacteristically interested in resolving whatever issue the customer reports. They're really attentive, and they address whatever we bring up as quickly as they can. That's been a very positive aspect of the product."
"The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy."
"Cisco Defense Orchestrator has useful guides for the steps that need to follow by users."
"The most valuable feature is the Intrusion prevention."
"The most valuable feature is alerting, which lets me know when someone has made a change."
"The visibility is huge. In order to figure out what was going on previously, we would have to pull stuff out of firewalls and put them in spreadsheets, then do sorts. Now, it's all right there in Tufin. We can write reports to look for what we need, ad hoc searches to find object groups, and know which firewalls are on. This was almost impossible to do previously."
"The best feature for me is being able to look up objects within all of our policies, because we have a little over 12,000 rules and over 30,000 objects. When one person says, 'Hey, where's my server?' I can just go to Tufin and say, 'Hey, where is that server?' and very quickly it tells you where it is, what policy it's on. That is a life saver."
"This solution has helped us with compliance because we're able to map out certain firewall rules against compliance requirements, and we're able to write reports to show us exactly what our firewalls look like in those areas."
"The reports that this solution provides are very useful."
"There are a lot of benefits to using the reporting. It gives us duplicate objects, duplicate services, shadow firewall rules, and the firewall rules not needed for a given number of days or months."
"Being able to customize your own clarity to that aspect of change management."
"The most valuable feature of Tufin is rule analysis."
 

Cons

"They can centralize all products and provide a correlation about an incident and the response. They can also provide an on-premises solution. Currently, Cisco Defense Orchestrator is just for cloud deployments, not for on-premises deployments. Customers have to manage it on the cloud. We are based in Vietnam, and most of the customers here prefer to have on-premises deployments. Customers, especially from banking and government sectors, do not prefer to do anything on the cloud. Some of the small enterprises use the cloud."
"If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"Cisco Defense Orchestrator can improve by providing more support for third-party security components."
"CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring."
"They need to work on the user interface. It needs to be improved to make it more user-friendly."
"It would be a better product if it incorporated device control for third-party products easily."
"The biggest area where I see a need for improvement is some of the documentation and training stuff. It does a really good job of hitting the big concepts, but it needs like another layer deeper of actually getting into some of the details of how to do some of the things. Conceptually, I understand how the product works, but now how do I start building stuff and integrating it into my environment."
"I would really like to see a new UI for SecureChange. SecureTrack 2.0 has quite an improvement in the UI and it flows more smoothly. The current SecureTrack and SecureChange are a little blocky, and sometimes loading a tab or a page is required to refresh information. Whereas in SecureTrack 2.0, they're starting to improve on that."
"We would like to see more in terms of integration with other application types within the context, such as next-generation firewalls or next-generation threat devices that are out there."
"Currently, we are able to monitor access rules and the operating system of a firewall. It would be great if we can also monitor the configuration of the firewall through Tufin."
"One feature that is missing is the ability to assign a step in the workflow to a specific user at a specific time, based on how the previous steps of the workflow have been handled."
"We would like better communication on tickets, a better way to do metrics, and better communication to the customer. The biggest change that my team would like right now is communication on the process of the ticket, so the customer knows where their ticket is while their waiting."
"The older version that we have doesn't support some newer firewall vendors."
"Integration for Layer 2 devices could be improved because it requires manual scripting."
 

Pricing and Cost Advice

"I work with a lot of clients, and the price or value of the Cisco Defense Orchestrator can vary from one client to another. If you have a lot of Cisco solutions, the price of the Cisco Defense Orchestrator is justified. Whereas if you have some security components from other vendors, such as Check Point or Palo Alto. This solution would be a pretty expensive proposition considering that they don't integrate with them well."
"After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte."
"It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours."
"It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year."
"It's around £500 per unit for a three-year license."
"If you compare to what is available on the market, they are in the same range with respect to pricing."
"We have seen ROI just in the time savings and knowledge. Knowledge is power. Having the solution do it automatically for you without you doing the work is huge. If you are spending $50,000 a year, it could have cost you a $100,000 in man-hours without it, especially if you are working with a team.."
"Tufin reduced the time it takes to solve a problem, which reduces the time of the outage."
"There are ways to deploy the license to different types of firewall. However, if we decide to change the physical brand of the firewall, we need to go back to Tufin and modify the licensing. This is a hassle."
"Our evaluation showed that Tufin's features were on par with AlgoSec, but Tufin was the better financial choice."
"Pricing played a big part here... The customer had evaluated other products but, due to price as well as support, they chose Tufin."
"It's quite an expensive solution."
"Tufin makes things a little easier. It lessens the amount of manual work which we have to do. It has a lot of benefits in terms of revenues, profits, employee costs, and operational costs. We have already seen return on investment."
"Our licensing fees are more than $100,000 USD per year."
report
Use our free recommendation engine to learn which Firewall Security Management solutions are best for your needs.
881,733 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
23%
Manufacturing Company
12%
Financial Services Firm
9%
Performing Arts
7%
Financial Services Firm
14%
Manufacturing Company
11%
Computer Software Company
11%
Comms Service Provider
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise3
Large Enterprise6
By reviewers
Company SizeCount
Small Business29
Midsize Enterprise13
Large Enterprise152
 

Questions from the Community

What needs improvement with Cisco Defense Orchestrator?
Cisco Defense Orchestrator should be made more user-friendly overall. Currently, to use it effectively, one must be specific with the rule set that needs to be set up. Additionally, I suggest impro...
What is your primary use case for Cisco Defense Orchestrator?
Our primary use case for Cisco Defense Orchestrator is the automation of playbooks. We primarily use it for this purpose to streamline processes.
What advice do you have for others considering Cisco Defense Orchestrator?
Those who want to use Cisco Defense Orchestrator should build their own use case and see if it fits their environment. The most significant benefit for us is the response time because it automates ...
What needs improvement with Tufin SecureCloud?
Tufin Orchestration Suite ( /products/tufin-orchestration-suite-reviews ) is not commonly used in Thailand due to a lack of local support, and many customers are switching to AlgoSec or other vendo...
What is your primary use case for Tufin SecureCloud?
I have primarily used Skybox and AlgoSec ( /products/algosec-reviews ). I have also interacted with FireMon for compiling. However, I am not currently working with ACA, and I don't have any project...
What advice do you have for others considering Tufin SecureCloud?
There is potential for improvement in explaining the analytics in the dashboard for Tufin Orchestration Suite. Tufin Orchestration Suite does provide good monitoring; however, interpreting the grap...
 

Also Known As

Cisco Defense Orchestrator, CDO
Tufin SecureCloud
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Insurance Company of British Columbia, Shawmut
3M, AT&T, Blue Cross Blue Shield, BNP Parabas, ConocoPhillips, Deutsche Bank, GE, IBM, Pfizer, United States Postal Service 
Find out what your peers are saying about Cisco Security Cloud Control vs. Tufin Orchestration Suite and other solutions. Updated: February 2026.
881,733 professionals have used our research since 2012.