Tufin Orchestration Suite Reviews

We're using SecureTrack, and the most valuable feature for us is the accurate reporting it provides. Every time I run a report, I know it's going to return just the exact information I'm looking for. 

I like the ability to drill down in the reports. That's very handy. It allows you to drill down, but it doesn't show you all the information at once, because some of it can be very overwhelming. It simplifies the information and then you can drill into the details.

At first, it presents it all in one format in the report. That's the simple format. Some of the things I'm looking for, I want an answer back quickly. I can see in just a one-page review that all of the information I was looking for is there.

On an enterprise-wide scale, I would like to see improvements to the auto generation feature. We don't use it very much, if at all, because it didn't work well.
It’s the feature where Tufin can review a certain rule and recommend more granular rules based on the logs that it sees for the rule. We've had a lot of difficulty getting that to work smoothly. Our Tufin engineers have had to play with the software behind the scenes to get that feature to work. It'd be nice to be able to just turn it on and have it work, no matter where we're looking at these rules in the enterprise. That's actually been a need. We are an organization with over 15 years of firewall rule history. We need to remediate rules. We need to clean them up. That's something I think Tufin needs some improvement on. I like the ability to review Cisco configurations right there on the spot. I've found that very handy.

I think for the most part it's been stable now that we have our new hardware. Our organization's very taxing on it. We have dozens of engineers running reports at the same time, but it's usually just a workload issue. It does give you the ability to schedule reports. If it's not something you need right away, then you can just schedule the report to run as soon as possible and then continue to work somewhere else. That saves me a lot of time.

At a previous job, I used FireMon. It was similar at the time. I think Tufin has a lot more offerings with the Orchestration Suite now.

Work with the sales teams directly, because they seem very willing to be flexible with the development side. Every organization has different needs. Tufin’s willingness to be flexible impressed me.

In my group, we use Tufin to prove recourse. With firewalls, in terms of searching for existing rules, if we are looking for a particular rule, it shows whether an object exists, the network objects that exist. And if it does, it shows what is already in place and if we need to add something here and there. It's basically research analysis.

We use it for pulling your own reports, and checking the existing rule database from different firewalls from different managers.

I think they can improve the speed, although our speed issues might not be related to Tufin. Sometimes it is slow generating the reports, but I guess it depends on your infrastructure, if you have a good enough server. If you have more servers, the better.

If your infrastructure is big, and you're pulling a lot of metrics from many devices, it can be slow. But, if you add more servers, like a database service that reports are being pulled from, that speeds up the report generation a lot.

I know Tufin is great tool and can offer a lot more. I'm sure other groups or other people use it for what my group needs.

We are big, but I don't really know about scalability issues. I don't work on Tufin. I just utilize it. We just added a few more servers. In the last few weeks, the reports were coming pretty fast from busy firewalls.

I didn’t really use customer support. It's pretty self-explanatory when it comes to running reports and pulling metrics.

I was not part of the decision to use it.

We have not thought of using any other solutions. We have had Tufin since I joined the company.

It would be beneficial to get some kind of training from someone who knows the product, maybe from Tufin or someone else familiar with the product and the features. I know it can offer a lot, and you want to use its full potential.

Policy management.

It understands my need to make sure that there are specific metrics that we are looking at and with those seeing across our technologies, as opposed to just a vendor technology building reports. It's easier for us.

So far, with the asks that have been requested, we have been able to find the metrics we need. 

My suggestion would be to be able to correlate it with other toolsets, and not just have it contained in their own toolsets. I’d like to be able to extract it so it can be consumed by other tools, like a governance tool such as GRC2, Archer, and by algorithms. It should not be contained in their environment. Let them perform their functions, but allow me to absorb others and use other governing tool sets to take a look at your metrics.

I’m rating it a seven just because I don't think I'm using the tool at its full functionality yet. It's meeting my current needs, but I don't know what the future use cases would be. So I can't say it's a ten, yet, but I'm moving towards ten. So, I start with a five as I use its functionality as meeting my needs. It will grow, I have confidence.

The speed is good. As we continue to upgrade the software, I've been keeping up to date. Every version that I install, I see some improvement on the speed actually. So far so good.

I haven't had any issues. Even though my interaction has not yet provided me with a full understanding of whether it's stable or not, I have been interacting with the tool enough to determine whether there are any stability issues.

If the tool meets your needs, evaluation process wise, then you should make sure that you reap the benefits. It has a lot of functions, and a lot of benefits and features. Start using them all.

The biggest value for me is the ease of implementation. I'm newer to the company, only been there a year, but the fact that I could could win and recommend this product within six hours of getting the license installed shows that there's immediate ROI to my CSO.

I've been trying to clean up the firewall policies that I inherited from different iterations across topology changes -- from Cisco to Juniper to where we are now -- that have never been cleaned up. We're not publicly traded, so there's not a mandate to do so. When I worked in the energy sector, though, there were such mandates, but we weren't properly staffed.

Our current firewall policies never had a full, comprehensive risk rating of every rule, but we have that now. I've implemented different zones for setup so that we're able to get reporting immediately for our PCI environment. We know whether or not we're in compliance. If not, we can fix it immediately without waiting for an outside auditor. We can be proactive.

I'd like to see more work done on the topology side. Although the tool has gotten progressively better, topology still needs work. If it could be improved, that would really make the tool much more powerful. You can then have non-firewall people using it for troubleshooting.

I've used it now with various companies for over 10 years.

We've had no issues with deployment.

It's never failed or completely gone down. It's one of those set-it-and-forget-it tools.

I'm very impressed with the scalability. Previously, we used appliances sitting on our network. This time, we went with a VM and our technical rep said we could put up to 80 licenses on it. That's way more scalability that I anticipated.

Customer service is very good. I haven't worked with than much other than for the license, but they're very responsive.

Technical support is excellent. They're good at answering questions, very helpful, and responsive.

I've also used FireMon. We liked the Tufin UI better.

The initial setup was very straightforward. Our VM team installed the image for me and then I installed the license. From start to finish, it took about 24 hours, and most of that was paperwork.

In-House

I was able to create initial tuning reports within an hour of populating the system with my firewalls. Within one week, I was able to create my PCI zones and configure automated reports for compliance

We looked at FireMon, which is an excellent product, but for me it came down to getting everything stood up and running within a minimum amount of time. I needed it to look really good because I was putting my name on it. Plus, my manager loves the web UI over the FireMon UI, which for him was the key.

You're going to be really shocked with the first couple of reports that show stuff about which you had no idea. Let it go and get buy-in from as many other groups as you can. If security and network are separate, get network involved to access devices that will provide a clear picture of everything, especially of topology. Build those bridges ahead of time and present it more as a collaborative tool and not a "I'm watching you" tool.

Policy analysis is the product’s most valuable feature. It can pull out various rules that we need to work on, edit, update, and so on. It can identify rules that need to be moved, or need to be optimized.

Tufin analyzes tens of thousands of rules for us. Not all one firewall, but there's thousands and thousands of rules that Tufin analyzes.

Reporting is great. The only issues that we ever run into are with usage reports. You can run into things where something will have been modified and it ends up changed or something like that. Other than that, reporting is great.

The capabilities Tufin has for Check Point products are excellent. It'd be nice to get the same level of features that it does for Check Point up to par with Cisco, Palo Alto, and so on. There's a couple of things that are lacking. For example, on the Palo Alto side, if you're using a lot of layer 7 rules, there's very little visibility into that. When you run policy analysis, you're still only getting back source IP, dest IP, ports. It's not showing the URLs, all that kind of stuff. That's the main thing.

The only other thing I could see being improved would be regarding one bug. Once in a while when you save a policy analysis query and you click save, it goes back to the screen where it lists them all. Someone else's will be there, and it's somehow swapped them with another engineer who was saving something at the same time. It doesn't happen often, but when it does, it's annoying. Especially if you've just entered a whole lot of info into it.

I’m rating it an 8 because of a couple of those little nagging features, the little bugs. But by and large, it does the job that we need it to do at the moment. We're going into the new world of SecureChange. We'll see how that goes, too.

In our previous configuration, it would take a beating. It would take days to get certain reports out of the system. We've just purchased a whole bunch of new hardware, and Tufin’s been a lot more stable. I'm getting reports again very fast.

Based on looking at some of the other products out there, Tufin is definitely the leader of the pack. It's a good choice. Make sure you buy enough hardware, and make sure you know how you're going to use it. A lot of the features get very processor- and database-intensive, and you should have the proper gear to use it.

We can identify rules that are not used. We can identify rules that are open.

When importing the devices, they made it nice where you can script it and import all the devices into Tufin. That was a nice little feature.

I like the SecureApp feature. That looks like it's pretty handy. The compliance portion of it, where you build your security database. It runs against that security database and figures out whether the correct ports are opened up or if there are vulnerabilities.

I know that in importing some devices, I think routers and switches showed up the same. Router would be layer 3 but they would only show up in Tufin as a layer 2 device. On the Cisco portion of it, there wasn't separation between that.

At this point, there aren’t any other configurations I’d like to see.

I’m using SecureTrack basically to evaluate rule bases.

I have not really found any other side benefits. I don't really use it that much and it's relatively new. I don’t use any of the recording features.

I wouldn't say we had stability issues.

We have, I think, over a thousand devices right now, and we haven’t had any scalability issues.

I’ve never used technical support.

I was part of the initial setup. I imported devices but that's about it. It was pretty easy. You can put it in an Excel spreadsheet and import it that way or as a CSV file.

It's a pretty useful tool if you have a large environment with a lot of devices and you're trying to make it easier for the technicians to basically pawn the work off and make the application team more accountable.

With the limited knowledge I have of it and the limited use, I would probably give them an 8. I never give anyone 10's or 9's.

We use Tufin for oversight and revision control to avoid implementing rules that are against security policy documentation, and also to correct any kind of issues or mistakes in policy changes.

It can be useful for comparing rule changes to create rules that are more efficient and more consistent.

We primarily use Tufin to alert us whenever a firewall policy change has occurred. We immediately get an email with a summary of what changed, the objects, any kinds of rules that were created, and so on. We can review that from our email client to see what the other admin changed and visually see if they did something that was against our standards, if it was just a poorly written rule or something like that.

It's asking a lot, but anytime they add stuff to the rule usage analysis or the policy generator - those things are amazing already as they are - we'd really like to leverage that for cleanup and so on. One of the biggest issues for an encroached application silo firewall is that the policies get super-complicated and cleanup is not only a hassle but can impact business.

I’d like to see the cleanup process be more efficient. That's my biggest headache and the biggest elephant in the room. When you have a policy that's got hundreds of rules, help me clean it up please: tell me what rules aren't used, tell me what rules are redundant, and tell me how I can simplify the rule base. I mean it does a lot of that today, but feel free to innovate there. Make it better.

It has been stable. We pretty much just set it and forget it. It reaches out to us or, when we want to go consult it, we don't typically have any problems pulling it up.

It has scaled well for us. We probably have about a couple hundred firewalls feeding it information including rule usage and so on.

We haven't really had to use technical support. I think the only time we had to was during implementation. We have kind of a weird setup where we needed to split out syslog for rule usage analysis because we consolidated our syslog in one place. We said, "Hey, can you just have Tufin pull from that?" Support helped us with that.

Implementation was easy. The previous solution we had didn't really work. We brought Tufin in, got it working, and rolled it right out.

I was involved in the implementation, not so much in the vendor selection. Of course, I knew about Tufin, its reputation and so on, so I was not opposed to it at all.

I’m rating the product a nine just because I’m stingy with my tens.
Tufin delivers on everything that we've asked them. For a similar use case, they're solid and you're not going to have any kind of surprises or issues that are going to crop up from what I've seen. As an administrator rolling something out and having it work the first time, that's pretty much all you can ask for.

It allows us to use the compliance portion of it to do our compliance reports. It also allows us to do peer review on our changes when we do firewall pushes. Before we do our firewall pushes, we compare what changes we made during the staging process in the week. We go over them to make sure that nothing is going in that should not be going in. Also, we check each other's work to make sure nobody fat-fingered anything and gave somebody some crazy access to somewhere that shouldn't have been.

There should be a heck of a lot more benefits for us. The problem being we don't have the time or the training to do that. We just upgraded to 16.1. Now that we're on a supported version, we hope to get some training so that we can utilize the product a lot more than we currently are. It does exactly what we need it to do. I think with some tweaking and some more knowledge of the product, I think we'll get to where we need to be.

When we do our change reports, some of those reports come out at a thousand pages. We have to submit those to management. When they look at the report, they say, "Why is this report a thousand pages?" We found out that, when we do a global rule, it removes all the global rules and then re-adds all the global rules.

We're in a Provider-1 environment, we have four CMA's, we have 78 firewalls. That generates a huge report. Management looks at it and says, "This is useless. You should filter through x amount of pages to get to the meat."

From what we found out, they have an idea about how to fix it, but I don't think they really know what to fix.

We also have had challenges with the way it does certain functions. For example, the exceptions. I think a lot of it could be we're just not trained and don't have the knowledge of the system. And I think once we start getting in there and start using it more, that's when we’ll find little things that happen like the global policy injection and removal. Our biggest challenge now is we have new management. When we send them the reports, they're not really happy with the reporting structure of it.
Otherwise it does what we ask it to do. It's never been down, it's always reported everything that we needed to report. We never have challenges in that regards. But again, it's a lot of the reporting structure that is challenging for us right now.

We don't have a problem with it crashing at all. We've never had a problem with it crashing at all. It's always been functional.

I think it's been solid. It's always been there for us.

We have used support in the past. We use it mainly for compliance, for when we want something not to show up on a report.

They're constantly upgrading, they're constantly adding new things to it. That's a good sign. As the technology changes, they're on the forefront of it to get you those reports and use that technology in their new functionality. They just need to keep doing what they're doing.