Tufin Orchestration Suite Reviews

Our primary use case is fo the security of our medical facility. We have a lot of holes in the firewall and we wanted to see the details. For example, we see a lot of traffic between the different zones that we needed to reduce. So we use the solution to eliminate this traffic. It also allows us to have a lot of optimization rules for a good switching policy in the firewall. 

It can quantify and reduce a lot of risks.

I like the deployment and management of this solution. I don't have much experience in that kind of security solution, but I have three years of experience in similar solutions, like AlgoSec. I do some scripts to optimize the solution, such as configuring the API.

Additionally, when we export the report, you can see a lot of logs of all the equipment in the company and we can identify some of the machines or some log station in the network. Also, the user can create some requests to implement the flow and push the rules in the firewall. You can analyze the log and the traffic, you can have a lot of API's, and do some reporting.

In the next release I would like to see better migration in the Cloud because that will allow more visibility in the network.

I have been working with Tufin Orca for one year.

This solution was already deployed and we just manage it.

It is a stable solution.

This solution is scalable.

I have tons of contact with support. If you have some problems or issues you can contact support and manage the problem together. I did that with a lot of competitors, like Palo Alto on our network. If we have an issue in production, my production team will try to solve it or you can contact support to manage the issue.

I am satisfied with the support.

The initial setup is not complex. It's easy for me because I have some experience and training on it. Now I can do a whole production on the application.

We used an integrator for implementation because I have a colleague who has a lot more experience than me and we worked together to manage that solution.

I would recommend this solution. I think it's a good solution to have. It is good to know what this solution does in the network. You can have a lot of training on it and see a lot of questions from different users in the company.

On a scale of one to ten, I would rate it an eight.

I'm using the Fortinet firewalls, so I need the firewall manager tool to manage those files, together with the FortiManager. The Tufin guys provided a solution for our data center where we have a box server, which was specifically developed for Tufin. It would run the scan on the network, get to the firewall, or go to the router, run the scan and give me the compliance, and then send it to me. Then I get a report from there.

The features I have found most valuable are its capability to check on the firewall and the routers. Afterward, it checks out all the configs, checks the vulnerabilities, checks the risks - it checks everything that may end up causing our router to be compromised. In the end, it recommendations what we should do.

Then, if we apply the recommendations, it will scan again and give us a percentage. Sometimes we find out that at first that we didn't meet the compliance, getting a 46% maybe. Then, when after I apply the recommendations, after discussing with my team, and approving the recommendations, it is all remedied. After that, it goes to 80-something percent. And that is what we are looking for.

One area in which I need it to improve is that I need it to accommodate all the files and all the tools. For example, when I buy the firewall management tool, I want it to manage the firewall of every firewall I use across my organization. If I'm going to depend on only one vendor, and it looks likes a vendor or a catered tool, it can't help on any vendor to scan the technology and give the auditing compliance. This is something they can improve from their side.

The second thing I need is that if Tufin comes and deploys their solutions on my premises, I would like to have full support from them. Unfortunately, I didn't have their full support. So what worried me is that whenever the box is no longer working, then I'm no longer going to be able to see my compliance. I know I'm not going to charge whoever is not complying on my premises.

To sum up, the two main negative points with Tufin Orca are the absence of full support and that accommodation of files and tools is not provided in a good way.

Additionally, what Tufin should include in the next release is the ability to see the logical bullets points. In my case, I wanted to see the physical report because when things tripped and went wrong we needed to start fixing it on the physical side. So I would like to have the physical tool policy before we can have the looks side.

But on the looks side it was very good. We need to filter up to it regarding the beneficiaries in the policies. So it was very good on that side of the data, but when I'm using it as a firewall manager, and then find the firewall is down, I need to see it on the Tufin. Also, I need the capability for Tufin to start alerting me whenever there is a change on the firewall.

I can say that we didn't know about that function on Tufin and when we try to communicate with the Tufin guys, they are not able to assist us on that. So we end up having someone go to our firewall and start to make a change, and we end up not having the right thing and not being able to manage our firewall accordingly. The main point of using the same tool as a firewall manager is to have the daily health check of the box.

I have used Tufin for the last two years and then I left it when Skybox was introduced to me. Unfortunately, I didn't have the capacity to use Skybox because I didn't have the skills on my team, so I decided to leave it. But I am looking forward to getting the new tool which will help me to do what I need.

The initial setup was very complex. What worried us at first was that we didn't know how to integrate it with the network. We had to call the Tufin guys to help with that and they physically brought it to us for the integration to the network. So that was challenging.

When you ship the product to our country, to my organization, it is quite expensive. It's not cost-effective. It's quite expensive because we end up paying extra for accommodation, the transport, everything for that person to come and assist us on the integration to the network. 

Generally, you need to pay for everything -  for the support and the implementation with the integrator.

We can also add this to the areas for the improvement, that implementation is difficult and it would be great if they could simplify the way the person can implement the products.

On a scale of one to ten, I would give Tufin Orca a five. I would recommend it only if the organization has the skills and enough requirements so that they are able to run it. It is a very good tool when you use it because it basically gives you what you want. It is just hard in terms of support, patching, and upgrading. Overall, it's challenging if you don't have the skills or resources.

This product will work for those organizations that have the knowledge of how to install the solution.

We are a solution provider and this is one of the products that we implement for our clients. We also use it ourselves.

We have this solution installed in our data center, where we have a box specifically for Tufin. It scans our network, looks at the firewalls and the routers, assesses compliance and sends me a report.

The most valuable feature is the compliance check and the recommendations that it makes. This solution will connect with the firewalls and routers to check out the vulnerabilities, risks, and anything that can lead the organization to be compromised. From there it will make recommendations about what is required in order to ensure compliance. My team discusses the recommendations and then we remedy the issues.

My worry with Tufin is that it cannot connect to Fortinet, which is what I want to do. In order for this solution to be useful, it needs to be able to manage every type of firewall that I come across in my organization. I do not want to be tied to one vendor. Integration with all types of firewalls and related tools is necessary.

When Tufin deploys solutions on-premises then they should provide full support, but this was not the case in my organization.

The implementation, including integration with other solutions, is complex and should be simplified.

I want to see the physical topology of the network in order to help with troubleshooting.

I would like Tufin to alert me whenever there is a change in the firewall.

I have used Tufin Orca for the past two years.

We do not have full support for Tufin and it was expensive to have support visit us during our deployment.

The initial setup was very complex because we needed help to integrate it with the network. Unfortunately, we needed to have an engineer come to assist us, which is why it was challenging. Getting an engineer to visit our country is quite expensive because you have to pay extra for accommodation, transport, and everything. It is not cost-effective.

This is a solution that I would recommend, but only in cases where the organization has the skills. I would rate this solution in the middle because it meets my requirements, it is a very good tool, and it immediately gives you what you want. At the same time, when it comes to the support, setting it up, and upgrading it, it is challenging if you don't have skilled resources.

I would rate this solution a five out of ten.

We use this solution for Firewall audit, compliance, and some automation.

Using Tufin makes it easy to visualize when investigating or auditing configs.

The most valuable feature is alerting, which lets me know when someone has made a change. When something stops working I can see what has been done and by whom.

This solution is easy to set up and use.

It is very easy to see what has changed when comparing two different revisions.

I would like to see visibility into the FW features like IPS/Content Filter policies, the same way it does for FW rules/policies.

We use this solution for recertifying connections, application-based automation, and compliance with regulations.

The workflows save time and speed up the authorization processes for applications. For network operators, it enhanced visibility. For application operators, it increased knowledge of dependencies and also provided them with impact awareness.

Before this solution, we used Excel sheets. This approach did not provide ways to filter the options for implementing changes. The filtering of lots of criteria is very valuable.

I would like to see more configuration options on next-generation firewalls, defining possible standards for devices.

The tool is highly reliable.

We have not run into limitations around scalability. Depending on the devices, it is better to have a sizing discussion with the sales engineer.

In the beginning, we did not have a dedicated support handler and it caused some issues because the service requests were interrelated. When we later obtained a central contact in support, it improved the handling.

Prior to this solution, we used Excel and firewall vendor consoles.

The initial setup was fairly complex because of the agreement with the network provider.

We implemented this solution in-house with the support of Tufin Professional Services.

I suggest talking with Tufin about the flexibility of the pricing structure.

We did not perform our own evaluation. However, one of the daughter companies evaluated multiple products (Tufin, FireMon, and AlgoSec) and selected Tufin. We relied on their research.

Implementing the tool is easy, but introducing the changes within the company can be challenging.

We use SecureTrack for troubleshooting, APG (Automatic Policy Generator), implementation of new requests, change monitoring, rule and object usage reports.

This solution provides an unified display of rules across vendors.

We use this solution e.g. for cleanup and processing of shadowed rules.

Using this solution saves us time and money. The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.

We are able to perform an inventory analysis for colleagues.

The most valuable feature of this solution is APG, the Automatic Policy Generator. Further there are very good capabilities for policy browsing and reporting implemented.

I would like to see better report integration in this solution.

I would rate the stability of this solution a nine out of ten.

The scalability of this solution is ok.

The technical support team for this solution is very polite.

There was some functionality in the integration with Check Point that was initially working not in the best matter, and it was only fixed after Check Point got involved.

We did not use another solution prior to this one.

The initial setup of this solution was not complex. It was simple.

Our in-house team handled the implementation and deployment of this solution.

Tufin is expensive but it is very good.

We did evaluate other options. However, Tufin was the best one that we tried.

We are using Tufin to manage our multi-vendor firewall environment.

We are using the Secure Change workflow to request, asses, and implement Firewall requests. Secure Track is used from our Security and Audit department for regular policy reviews.

Due to the usage of Tufin, we reduced the manual effort during audits to a minimum. The central place to request Firewall Rule Changes supports our Operation teams in a multi-supplier environment on a daily basis.

The automated reporting on a regular basis is helping us to be compliant with legal requirements.

We would like to see granular user permissions on SecureTrack.

The topology should be made easier to configure.

I would like to see the setup of the Unified Security Policy simplified.

We have had no outages over the last six years, so this solution is very stable.

This solution is highly scalable.

Customer support reacts very fast. Due to the complexity, sometimes additional support levels need to get involved.

We did not use another solution prior to this one.

The initial setup was complex.

A mix of Tufin Professional Services and in-house.

We evaluated other options before choosing this solution.

I recommend getting Tufin Professional Services involved when implementing automation.

We use Tufin for firewall management, firewall compliance monitoring, and unified policy implementation.

Tufin assists us in maintaining a robust view of our internal network topology. This topology may be built with a certain period, but it saves lots of operational and audit time in the long run.

The most valuable feature of this solution is the Interactive Map. The interactive map would show our network topology, which would benefit in terms of understanding our environment (especially for new staff) and first-level investigation (including end-to-end firewall path analysis).

The product should integrate with the UTM features. It may benefit the firewall implementation and migration.