Tufin Orchestration Suite Reviews

The primary case is to get more compliance and security with good performance. We use Tufin to use some Check Point products. The product is for the way we manage our security, performance, and boxes.

The change impact analysis has been very good. We continue to improve. 

The change workflow process is flexible and customizable. Right now, we are using SecureChange, which is improving the rules that get applied to Check Point.

We use the solution to automatically check if a change request will violate any security policy rules by generating a Sunday email report in these type of situations.

Using the Tufin reports, for internal and external audits, is a way we can demonstrate how we made compliance. After any of the observation that we get from the audits, we just run the reports one more time to see if our changes are being successfully applied and everything is working according to the requirements.

Tufin has been very helpful to get a lot of groups changed and getting all the information inputted on a tool, then later to applied on the device. 

We can get reports with Tufin at anytime. We can have automated reports, even with security and compliance.

The visibility is very good, as it incorporates graphics with some charts and comparisons. So, we have very good visibility for the entire tool.

I would like to simplify the reports, and maybe have another view besides the charts. Possibly they could be more graphical.

I would like to see them continue improving the versions.

The stability has been improved, even person by person. It is even stronger in a way.

The scalability is according to performance that we are experience. Therefore, we are getting more devices on this tool, so it has been very helpful for us.

I haven't used their technical support.

The initial setup was very simple. We could obtain deep knowledge information from Tufin's knowledge base (KB).

The solution has helped us to reduce the time it takes to make changes. With Tufin, it takes ten to 15 minutes. Before, it was 30 minutes or more.

I would recommend Tufin. They are very helpful for IT organizations, as they continue improving SecureChange.

With our security plan, we can see how Tufin meets the basic requirements. Then, we can go and customize if there is any risk, which might be interfering with ports or external networks.

The primary use case is for firewall auditing. We use it for audit monitoring, login changes, and firewall changes. We are looking at automation, but not yet.

The product is good at auditing the changes that we make in our environment.

We use this solution to automatically check if a change request will violate any security policy rules. For example, if the engineer is making a change that hasn't been authorized, we will know about it.

The product streamlines our change management process. It assists us in reporting on some of the compliance for our auditing department. It helps us in managing the process and having some auditing capabilities.

• The reporting is its most valuable feature.
• The change impact analysis capabilities of this solution are good. 
• It is able to detect our changes, email, and alert us.

There are features that we haven't used, and we need to understand them first.

Product seems to be stable. We haven't had any outages yet.

I personally haven't called into support yet, but some of my peers have. They seem to get their questions resolved.

We previously had FireMon, but FireMon kept giving us inaccurate information and not up-to-date information. Therefore, we thought we would try out Tufin, which has provided us with the information that we needed.

There were some hiccups here and there with the initial setup, but we used Tufin's support to assist us with that.

We deployed it in-house.

On the shortlist was AlgoSec, which was the only one that we actually tested.

Tufin and AlgoSec were pretty much in the competitive price range, but this one provided us better integration into the Check Point environment.

Seriously Tufin for your final decision.

Our primary use case is firewall management and policy management.

It has very good visibility with all our devices. We can see how they interact with each other, and if we're doing the right things or not.

We find it to be flexible. If we have a change that needs to be done, it will go ahead and do it for all our devices, regardless of the manufacturer that we have associated with it.

We are still in the beginning phases of it, but we're hoping that it can change how all of our policies are determined and implemented.

The most valuable feature is the consolidation of firewall products.

The change impact analysis capabilities of this solution are pretty good. We like the product a lot.

I would like the following additional features:

• Easier integration with more automation.
• Ability to get better results from rule-based requests.
• Ability to do some policy browsing and find out where they're hitting, specifically.
• Ability to pull hit count reports more easily. 

It's pretty stable. I haven't had any issues with it.

The scalability is pretty good. All we have to do is just add another device and buy another license. It seems pretty straightforward.

I personally haven't worked with them, but I've heard good things about how responsive they are. They've always been able to find the answer that we needed.

We had no solution previously. So, we needed something that would help make our decisions on better securing our network.

The initial setup was straightforward. It was very easy to setup and integrate. We had no issues.

Most of the work was done by us. However, we worked closely with Tufin support, and we have good things to say about that.

We also evaluated FireMon. We did not go with them because the solution was not as easy to install or incorporate in our organization. To us, Tufin just seemed to be the better product.

It's very solid product. There are definitely a few things that I wish I could do with it, but I'm so new to the product that maybe I'm just not looking at the right spots.

Try it out. It's pretty cool. I was very impressed with the initial presentation and how it could automate everything. It's just that getting to the point where you want it to do what you need it to do is definitely time-consuming and a lot of work. However, I think it will be worth it in the end.

We are working to use this solution to automatically check if a change request will violate any security policy rules. We are not there yet.

We are still in the process of getting it developed. Some of the portions that I have used have helped me, as I can just go to one place and find out if a rule exists, or if there's any type of traffic.

We are using SecureChange to start orchestrating a lot of our changes. Our users can then request changes instead of having to go directly to us. We are trying to automate some of those pieces.

The visibility is very good. We have managers who are overseeing it, and they are approving things through it.

The whole process is flexible and customizable. We are building the matrix, then we're putting in exceptions. We have to add manual exceptions into it, and they have to come to us first before they can get it approved, which is good.

We use this solution to automatically check if a change request will violate any security policy rules. Similar to what we are doing with Azure, where they request a change, and if it violates policies, it gets kicked back. Then, we have to review it and figure out what they're doing. We can then move forward with it, if it's approved.

• The Orchestration
• The way that users can access it directly.
• The change impact analysis capabilities of this solution are good.

• The hardest piece is getting the matrix built.
• Room for improvement includes how we are pulling the routing cables and getting SNMP enabled.
• Tufin could provide a train for running its reports and showing people how to use them.

The solution is very stable. We've upgraded several times and not had any issues. For stability, it's perfect.

We're in the process of scaling it. We started off small, and now, we're enlarging it to cover more of the enterprise. The scalability is good.

I haven't used technical support. My colleague has, and they are very good. They work through solutions.

The initial setup was pretty straightforward. It communicating with the firewalls and management server were the big pieces.

Well when we first started, it was through a reseller. Then, as we're bringing in SecureChange, we have been doing it all that ourselves.

The reseller was Structured Communications, who is in Portland. It was part of a package deal that we built with them. Our experience with them was good. We used them a lot.

We don't have to go through our firewall group, who actually does the rules. They don't have to create tickets to send to us, then take a couple of days to get all that stuff built and put in place. Now, it is usually the same day, or within a day.

This solution helped us to reduce the time it takes to make changes. We used to spend up to an hour to do a change, and now, it's around five minutes.

Engineers are spending less time on manual processes. They are now spending half their time on manually processes, 20 to 30 minutes, because we don't have to go out and touch things anymore.

We're still in the process of implementing things, so we haven't really seen a lot of return yet, but we're hoping.

It is a good solution, somewhat easy to implement, and gives you a lot of information. It takes time to learn all the little nuances of it.

I don't think we're using cloud native security quite yet.

Firewall policy management over all firewalls from one single point. We browse policies, objects, and their usage. The report gives us an image of where risks are.

We now spend less time auditing rules with reports: 

1. The designer helps us in creating rules
2. It tells us what rule is missing and where to put it. 
3. The predefined reports are then sent to administrators.
4. It provides an exact image of how to improve security.

• The policy browser gives the ability to browse all firewalls from a single point. It's possible to see where an IP is inserted in rules. 
• The designer gives the ability to know where to add a rule, or if the rule is already in place. 
• The reports are personalized now and the cleanup is helpful for administrators.

It would be great to add a link to Visio to create shapes directly from Tufin, as it has the configuration. 

We use it for compliance, and the performance is good.

Before, we had to manage each file individually. Now, they can all be managed as a single entity.

• Central management for all the firewalls.
• The ability to do queries on the rules and understand in which files the rules are configured.

It needs better reporting with more graphics and more pie charts, so management can understand details. The reports that are done now are full of data and management would like to have an image to help understand, right away, what the reports are saying.

Stability is good.

Scalability is good.

I have been in contact with technical support. Sometimes they are slow but they get to a solution.

Plan ahead because the implementation of Tufin is hard if you don't have an idea of what you want to do. Without a plan, it will be hard to get it working.

When I'm selecting a vendor, I read the opinion of other people who use the product. I want to learn if it is buggy and if it is doing what people need it to do.

I rate Tufin at about eight out of 10 because they really need to improve the reporting.

We were looking for a solution to provide firewall rule management that would enable us to choose which firewall rules to keep and which to eliminate.

Now we can confidently remove firewall rules that are not needed and make the configuration of firewalls more strict.

We are able to discover firewall rules that are too broad and widen the security footprint.

This solution would benefit from an improved reporting functionality with graphing so that reports can be presented to management.

From my perspective, I think that it’s hard to break it down to a single feature. The visibility it gives and the customizability it provides is invaluable and the change automation is the most powerful capability, at least for now. The application awareness component is a close second. As more organizations adopt this revolutionary way of visualizing enterprise connectivity, SecureApp will fundamentally change the way connectivity is provisioned and decommissioned.

The product suite itself brings together organizational units. So when you talk about operations, development, management and auditing, all of these organizations have their own interface and abilitie to understand what different parts of the company are doing.

I think Tufin is continuously moving towards broader support for other platforms. Including a significant focus on the cloud. This approach is critical to the model of normalizing policy management across the environment - regardless of platform.

We've used it for nearly eight years.

It's absolutely stable and this is why I always promote it. They have the finest set of coders and developers you can find.

The distributed architecture capabilities allows this solution to scale to anybody’s needs.

The support team is second to none. They have multiple offices in multiple countries. They're always available. I know the support teams and leaders personally and they are of great quality.

It’s very easy to get up and running. With anything that is so feature rich and customizable, the installations range from a couple of days to more complex with many days and script writing. It just depends.

Spend the time to evaluate all of the components of the Tufin suite. When you bundle different features together and you bundle components, you get a better price.

We often find customers that have purchased this product for a specific purpose and they limit its use to only that purpose. Do yourself a favor and really explore the entire product and maximize the features and functionality of what you have purchased.