Tufin Orchestration Suite Reviews

The primary use case of this solution is for monitoring, automation, policy orchestration, and security.

The most valuable feature is the monitoring. I quite enjoy the monitoring this solution provides. It allows administrators to visualize the traffic flow, and troubleshoot when necessary. It's a useful tool.

The interface is quite user-friendly and intuitive.

The cost of this solution should be improved.

They need to offer more support to vendors, such as Cisco, Checkpoint, Fortinet, and Forcepoint.

They have an API, but it needs more service on this.

While technical support is good, they could still improve.

I have been working with Tufin for one year.

It's a stable solution. There are some bugs that they are working on but that is common with any vendor.

They do mention that they don't support specific features from Nexus for some automation but it does actually work, although it is not listed as working.

Technical support is relatively good. They are not the best but they are good.

They could improve but they do respond with accurate responses.

The initial setup was straightforward. It was deployed in less than an hour.

The first time without training, it took an hour or so, but it was quite easy.

It's quite an expensive solution.

I would recommend this solution to others who are interested in using it.
I have not worked with any other vendors with this type of solution, for example, FireMon. I haven't worked with it. 

I would recommend it specifically to start with a secure track, which is a monitoring tool. Once the customer sees it, they want the solution. Afterward, for automation and secure change.

I would rate Tufin an eight out of ten.

Our primary use case is fo the security of our medical facility. We have a lot of holes in the firewall and we wanted to see the details. For example, we see a lot of traffic between the different zones that we needed to reduce. So we use the solution to eliminate this traffic. It also allows us to have a lot of optimization rules for a good switching policy in the firewall. 

It can quantify and reduce a lot of risks.

I like the deployment and management of this solution. I don't have much experience in that kind of security solution, but I have three years of experience in similar solutions, like AlgoSec. I do some scripts to optimize the solution, such as configuring the API.

Additionally, when we export the report, you can see a lot of logs of all the equipment in the company and we can identify some of the machines or some log station in the network. Also, the user can create some requests to implement the flow and push the rules in the firewall. You can analyze the log and the traffic, you can have a lot of API's, and do some reporting.

In the next release I would like to see better migration in the Cloud because that will allow more visibility in the network.

I have been working with Tufin Orca for one year.

This solution was already deployed and we just manage it.

It is a stable solution.

This solution is scalable.

I have tons of contact with support. If you have some problems or issues you can contact support and manage the problem together. I did that with a lot of competitors, like Palo Alto on our network. If we have an issue in production, my production team will try to solve it or you can contact support to manage the issue.

I am satisfied with the support.

The initial setup is not complex. It's easy for me because I have some experience and training on it. Now I can do a whole production on the application.

We used an integrator for implementation because I have a colleague who has a lot more experience than me and we worked together to manage that solution.

I would recommend this solution. I think it's a good solution to have. It is good to know what this solution does in the network. You can have a lot of training on it and see a lot of questions from different users in the company.

On a scale of one to ten, I would rate it an eight.

We use this solution for Firewall audit, compliance, and some automation.

Using Tufin makes it easy to visualize when investigating or auditing configs.

The most valuable feature is alerting, which lets me know when someone has made a change. When something stops working I can see what has been done and by whom.

This solution is easy to set up and use.

It is very easy to see what has changed when comparing two different revisions.

I would like to see visibility into the FW features like IPS/Content Filter policies, the same way it does for FW rules/policies.

We use this solution for recertifying connections, application-based automation, and compliance with regulations.

The workflows save time and speed up the authorization processes for applications. For network operators, it enhanced visibility. For application operators, it increased knowledge of dependencies and also provided them with impact awareness.

Before this solution, we used Excel sheets. This approach did not provide ways to filter the options for implementing changes. The filtering of lots of criteria is very valuable.

I would like to see more configuration options on next-generation firewalls, defining possible standards for devices.

The tool is highly reliable.

We have not run into limitations around scalability. Depending on the devices, it is better to have a sizing discussion with the sales engineer.

In the beginning, we did not have a dedicated support handler and it caused some issues because the service requests were interrelated. When we later obtained a central contact in support, it improved the handling.

Prior to this solution, we used Excel and firewall vendor consoles.

The initial setup was fairly complex because of the agreement with the network provider.

We implemented this solution in-house with the support of Tufin Professional Services.

I suggest talking with Tufin about the flexibility of the pricing structure.

We did not perform our own evaluation. However, one of the daughter companies evaluated multiple products (Tufin, FireMon, and AlgoSec) and selected Tufin. We relied on their research.

Implementing the tool is easy, but introducing the changes within the company can be challenging.

We use SecureTrack for troubleshooting, APG (Automatic Policy Generator), implementation of new requests, change monitoring, rule and object usage reports.

This solution provides an unified display of rules across vendors.

We use this solution e.g. for cleanup and processing of shadowed rules.

Using this solution saves us time and money. The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.

We are able to perform an inventory analysis for colleagues.

The most valuable feature of this solution is APG, the Automatic Policy Generator. Further there are very good capabilities for policy browsing and reporting implemented.

I would like to see better report integration in this solution.

I would rate the stability of this solution a nine out of ten.

The scalability of this solution is ok.

The technical support team for this solution is very polite.

There was some functionality in the integration with Check Point that was initially working not in the best matter, and it was only fixed after Check Point got involved.

We did not use another solution prior to this one.

The initial setup of this solution was not complex. It was simple.

Our in-house team handled the implementation and deployment of this solution.

Tufin is expensive but it is very good.

We did evaluate other options. However, Tufin was the best one that we tried.

We are using Tufin to manage our multi-vendor firewall environment.

We are using the Secure Change workflow to request, asses, and implement Firewall requests. Secure Track is used from our Security and Audit department for regular policy reviews.

Due to the usage of Tufin, we reduced the manual effort during audits to a minimum. The central place to request Firewall Rule Changes supports our Operation teams in a multi-supplier environment on a daily basis.

The automated reporting on a regular basis is helping us to be compliant with legal requirements.

We would like to see granular user permissions on SecureTrack.

The topology should be made easier to configure.

I would like to see the setup of the Unified Security Policy simplified.

We have had no outages over the last six years, so this solution is very stable.

This solution is highly scalable.

Customer support reacts very fast. Due to the complexity, sometimes additional support levels need to get involved.

We did not use another solution prior to this one.

The initial setup was complex.

A mix of Tufin Professional Services and in-house.

We evaluated other options before choosing this solution.

I recommend getting Tufin Professional Services involved when implementing automation.

We use Tufin for firewall management, firewall compliance monitoring, and unified policy implementation.

Tufin assists us in maintaining a robust view of our internal network topology. This topology may be built with a certain period, but it saves lots of operational and audit time in the long run.

The most valuable feature of this solution is the Interactive Map. The interactive map would show our network topology, which would benefit in terms of understanding our environment (especially for new staff) and first-level investigation (including end-to-end firewall path analysis).

The product should integrate with the UTM features. It may benefit the firewall implementation and migration.

Our goal is to move towards a completely automated system within our organization. We also want to integrate different business units, see what our vision is from an automation standpoint. In addition, we want to get complete visibility across all the different platforms that we have.

We use Tufin to clean up our firewall policies. It makes our firewalls and our security-stack devices a little bit more bulletproof. We are in constant compliance and it's nice for us to know what's out there and what's actually being used, from a business standpoint and also from an operational standpoint.

Also, what used to take us a few days to implement from inception to final, is now accomplished within a day. But our goal is to move it to a matter of a few minutes. Overall, holistically, it gives everybody a chance to focus on the more important tasks at hand and to be cognizant of automation as it comes along.

It has also helped reduce the time it takes to make changes. The process used to take a few days to a week. In some cases, given the complexity of our projects, it used to be a little bit more than a week. Now, it has come down to a day or two at the most. We want to shorten that as well, to bring it down even more. But it's far better than what we had many years ago.

Our engineers are spending a little less time on manual processes. There's always that constant time spent to keep the product and the platform up to date but, overall, they're spending a little bit less time.

It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us. It depends on which application we're talking about. ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser. The Topology Map, which feeds into our SecureChange - the latter being an automation platform - there's a lot of synergy between the two. All the features that we have used are critical and are good.

The change workflow process is flexible and customizable. It's not 100 percent but it's definitely in the high 90s. It is very customizable, it's easy to set it up. There are certain fields that we feel might require some enhancements but, overall, it is customizable. It's very easy to use and super-efficient.

Tufin has come a long way when it comes to visibility. What we would like to see is a little bit more on the discovery level, network discovery, which Tufin does not have today. It does a pretty good job when you statically define the endpoints; it goes and discovers them. But an auto-discovery feature on the network would be awesome.

More API integration with third-party platforms is something that we would definitely like to see in upcoming releases.

Enhanced reporting and enhancements to some of the dashboard features would be good too.

The solution is very stable so far. Within our environment it doesn't cause major outages. There have been a few instances where we did run into issues but they were things that we could fix relatively easily, with less of an impact to the business.

The scalability is pretty good. Right now, our solution is a little bit more contained, given our business requirements. But we don't see scalability as a roadblock if we do have to expand it out or scale out. No complaints there.

Tech support has been phenomenal. It's very easy to get someone on the call and resolve an issue. They've been really good.

We knew we needed to switch based on past lessons we learned. The overall goal was to have a better and efficient system going forward. With automation on the grid, this was a win-win solution for us. It was able to provide us everything that we were looking for and also help us meet our roadmap goals as well.

Very straightforward. There was nothing complex about the initial setup. It's easy to get it up and going in a matter of a few hours.

We pretty much did everything on our own with a little bit of help from Professional Services. When it came to customization we did leverage some of their expertise. But most of the solution was rolled out in-house.

We do see some return on investment but the financial toll, the prices, are always going to be up there. Tufin does a pretty job in working with us to reduce the cost or give better discounts so there definitely is an ROI.

The cost is pretty high. It's close to seven figures. That only goes to show our commitment to using the solution and the products to reach our goals.

We did look at one other solution but the other solution was not close to what Tufin was able to provide, given our enterprise requirements. That basically helped us move in the direction of Tufin.

Tufin provides a very comprehensive solution. Anyone looking to go down the path of automation should not look any further because Tufin will be able to meet their requirements and scale out really effectively.

We don't yet use the solution to automatically check if a change request will violate any security policy rules. We are in the process of building that. Similarly, we are still working on having the solution ensure that security policy is followed across our entire hybrid network.

We are in the cloud but we haven't yet started using the Tufin solution actively in the cloud. We are still in a trial phase as of now, but so far the results have been pretty good. We tend to test things out a little bit more but the results have been positive and favorable for us to move forward.