Tufin Orchestration Suite Reviews

We use Tufin for firewall management, firewall compliance monitoring, and unified policy implementation.

Tufin assists us in maintaining a robust view of our internal network topology. This topology may be built with a certain period, but it saves lots of operational and audit time in the long run.

The most valuable feature of this solution is the Interactive Map. The interactive map would show our network topology, which would benefit in terms of understanding our environment (especially for new staff) and first-level investigation (including end-to-end firewall path analysis).

The product should integrate with the UTM features. It may benefit the firewall implementation and migration.

Our goal is to move towards a completely automated system within our organization. We also want to integrate different business units, see what our vision is from an automation standpoint. In addition, we want to get complete visibility across all the different platforms that we have.

We use Tufin to clean up our firewall policies. It makes our firewalls and our security-stack devices a little bit more bulletproof. We are in constant compliance and it's nice for us to know what's out there and what's actually being used, from a business standpoint and also from an operational standpoint.

Also, what used to take us a few days to implement from inception to final, is now accomplished within a day. But our goal is to move it to a matter of a few minutes. Overall, holistically, it gives everybody a chance to focus on the more important tasks at hand and to be cognizant of automation as it comes along.

It has also helped reduce the time it takes to make changes. The process used to take a few days to a week. In some cases, given the complexity of our projects, it used to be a little bit more than a week. Now, it has come down to a day or two at the most. We want to shorten that as well, to bring it down even more. But it's far better than what we had many years ago.

Our engineers are spending a little less time on manual processes. There's always that constant time spent to keep the product and the platform up to date but, overall, they're spending a little bit less time.

It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us. It depends on which application we're talking about. ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser. The Topology Map, which feeds into our SecureChange - the latter being an automation platform - there's a lot of synergy between the two. All the features that we have used are critical and are good.

The change workflow process is flexible and customizable. It's not 100 percent but it's definitely in the high 90s. It is very customizable, it's easy to set it up. There are certain fields that we feel might require some enhancements but, overall, it is customizable. It's very easy to use and super-efficient.

Tufin has come a long way when it comes to visibility. What we would like to see is a little bit more on the discovery level, network discovery, which Tufin does not have today. It does a pretty good job when you statically define the endpoints; it goes and discovers them. But an auto-discovery feature on the network would be awesome.

More API integration with third-party platforms is something that we would definitely like to see in upcoming releases.

Enhanced reporting and enhancements to some of the dashboard features would be good too.

The solution is very stable so far. Within our environment it doesn't cause major outages. There have been a few instances where we did run into issues but they were things that we could fix relatively easily, with less of an impact to the business.

The scalability is pretty good. Right now, our solution is a little bit more contained, given our business requirements. But we don't see scalability as a roadblock if we do have to expand it out or scale out. No complaints there.

Tech support has been phenomenal. It's very easy to get someone on the call and resolve an issue. They've been really good.

We knew we needed to switch based on past lessons we learned. The overall goal was to have a better and efficient system going forward. With automation on the grid, this was a win-win solution for us. It was able to provide us everything that we were looking for and also help us meet our roadmap goals as well.

Very straightforward. There was nothing complex about the initial setup. It's easy to get it up and going in a matter of a few hours.

We pretty much did everything on our own with a little bit of help from Professional Services. When it came to customization we did leverage some of their expertise. But most of the solution was rolled out in-house.

We do see some return on investment but the financial toll, the prices, are always going to be up there. Tufin does a pretty job in working with us to reduce the cost or give better discounts so there definitely is an ROI.

The cost is pretty high. It's close to seven figures. That only goes to show our commitment to using the solution and the products to reach our goals.

We did look at one other solution but the other solution was not close to what Tufin was able to provide, given our enterprise requirements. That basically helped us move in the direction of Tufin.

Tufin provides a very comprehensive solution. Anyone looking to go down the path of automation should not look any further because Tufin will be able to meet their requirements and scale out really effectively.

We don't yet use the solution to automatically check if a change request will violate any security policy rules. We are in the process of building that. Similarly, we are still working on having the solution ensure that security policy is followed across our entire hybrid network.

We are in the cloud but we haven't yet started using the Tufin solution actively in the cloud. We are still in a trial phase as of now, but so far the results have been pretty good. We tend to test things out a little bit more but the results have been positive and favorable for us to move forward.

Primarily, it is being used as a type of security auditing control on our firewalls. We are in the middle of a new project acquiring dedicated new hardware while building out SecureTrack and SecureChange. After this initial project, and building out all that infrastructure is done, then there will be a project to kick off some of the automation and orchestration type stuff to try and improve some of those processes for the IT group.

The goal is to use it to revalidate, clean up, and optimize firewall policies, but we are not there yet.

The company has had the product in place for a while. 

I am giving up the web proxy stuff, so I can become the SME on the Tufin.

The plan is to integrate it into things, like ServiceNow, then use the automation. That was one of the strengths in the decision to stay with Tufin and invest more resources into it. 

My hope is to use this solution to automatically check if a change request will violate any security policy rules. It is not doing any of that right now.

Right now, our compliance mandates are all over the place, but previously, what they were doing is they were just taking screenshots of something, and I don't know how we passed our audits.

I was shocked and appalled that the current network team isn't even using it right now. In previous roles in previous companies, this product (or one of the competing products) was like the lifeblood of how we worked. It was like step two, after picking up a ticket. We went to use this tool to see where we needed to make changes. That they're not doing that explains why they're probably having to do rework 60 percent or higher limitation tickets, because they're missing devices or it is not being implemented properly.

In our current environment, the most valuable feature from Tufin is their Network Map because our network team can't give us a network map. Tufin has given me more than what the network team have ever given me, as far as documenting the network infrastructure. So, I'm thrilled.

The visibility is good.

The biggest area where I see a need for improvement is some of the documentation and training stuff. It does a really good job of hitting the big concepts, but it needs like another layer deeper of actually getting into some of the details of how to do some of the things. Conceptually, I understand how the product works, but now how do I start building stuff and integrating it into my environment. 

Just being a bit more upfront and honest about issues, as far as like HA, distributed stuff, and the need for load balancers, if you want to do HA. Nobody ever likes talking about the fact that their solution really isn't truly HA, you got buy an F5 to sit in front of it if you want to do HA, or something like that. Everybody shies away from talking about that, but if you get that out upfront, then the engineers can be prepared for it, then they can try and figure it out and make it work. This is not unique to Tufin. Everybody is like, "Oh yeah, we do HA." Then, three months later, after you have bought some stuff, now you're just like, "Oh no, we got to have an F5 in front of this. That didn't even come up in our discussions. So, how do I get resources away for that? Because I don't have an F5 in this environment, and I need one." 

I just found out some of the things that I need to use right now, like the reports from the report package are only available on 17-3 and above, and I need that as soon as possible. Hopefully, we will upgrade to 19-1 or 19-2 even before I go to bed tonight.

It is sort of an uphill battle right now to ensure that it has all the visibility that it needs, so we can be assured that it is doing what it will do.

The stability is solid.

The scalability is good.

I have not used the technical support yet.

I've used Tufin, Firemon, AlgoSec, and all the other solutions at other companies before, and seen what we've been able to do with them. So, when I came to this company, it was just like, "Okay what's our tool? Oh, it's Tufin. What do you mean nobody's using it?"

The initial setup is not even complete yet. We bought some stuff, then had it shipped. There are some additional discussions which are going on next week after this, where there will be some design tweaks which will occur. At first, we were thinking of using VMs for the distributed stuff and collectors, but we can't get those level of resources from the server team. So, we will be better off just buying smaller hardware boxes and having them completely managed by us that way it will be easier. Also, we'll be able to complete it much faster in our environment.

We are using a reseller, but I'm not exactly sure how that relationship even works right now. It is really early. Our stuff has been bought and shipped. We are still trying to complete internal documentation, so we can start doing stuff.

I wasn't part of the bake-off. I think the company went in the right direction, and I am glad that they didn't even look at FireMon.

While our UK side has Skybox, which I have never even seen, the orchestration piece was really the key to solidifying us on the Tufin solution.

I was talking to somebody earlier today who said that Skybox has a more powerful Network Map than what Tufin has, but I haven't even seen Skybox,

If someone was looking for this type of solution, I would tell them, "Here are the top four solutions that I know of and the places that I worked on each of them. Here are the benefits, gossip, and downsides that I've seen for each one." Tufin has the best solution as far as it being self-contained, reliable, and integrating with the other things that you want it to integrate with. The customer service is also not arrogant like some of the other solutions.

We need to utilize it to its capacity and capabilities, and we're not doing that yet.

It will eventually reduce the time it takes to make changes. I don't know how much time it will save, since a lot of the manual processes are done by another team. I am still building my team underneath me.

The cloud stuff is great, but I am sort of scared to look at it because we still trying to work out our traditional stuff being compliant and under control, then doing what it's supposed to be doing. I can't even imagine what the developers are doing in the cloud stuff.

We implement Tufin for other customers and help set it up. 

I'm not the end user. I just set it up for the end user.

We are using the latest version from 2018.

We use Tufin to clean up our firewall policies. They already have the compliance policies sort of prepopulated in there to point out violations.

Most customers will go through and check the USP to see if it violated with the designer tool.

We are in the process of working with a customer right now to set up the Unified Security Policy (USP). We got all the violations from the first phase and will go through to do the mediations, then run the scan again to show the progression of the clients.

The preconfigured PCI compliance USPs are the best part for me. These make things a lot easier.

The visualizer for the Network Topology is really good. You can see all the routes throughout your entire environment.

The change workflow process is very easy to customize. You can do a workflow however you want, so you can have an approval every single step. Or, you can remove approvals on certain steps, automating some steps.

It capabilities are very good.

Sometimes, the user interface is a little cumbersome, trying to navigate between them. In the new version, it looks like they resolved those issues. 

We have had a couple issues with the VMs, but I think it was just because they were starving for resources. A recommendation on what the virtual appliances should have for resources would be appreciated.

We have done PR strategies and added Tufin appliances. It is super easy to just back up and restore to a new one. You can get a new appliance up and running in 20 minutes.

We worked with their professional support before, but we have not worked with their Professional services.

The initial setup is straightforward.

We are a reseller.

We've install it to make money.

Tufin does make the process faster for customers, depending on if they use SecureChange to automate their process. Everything is all in one then.

Licensing is on a customer by customer basis.

Try Tufin out. Make a PoC of it. That is how we sell most of our products because it works well.

Our customers do not have a hybrid network.

The primary use case is for compliance with PCI regulation for local and country regulations.

We are using the latest version of the product.

We use Tufin to clean up our firewall policies because it is so fast. A report about compliance and the clean-up process used to take about one month up before. With Tufin, it takes only one day.

Implementing roles in the firewall used to take two days, but now, it takes two hours.

The audit and policy relation reports have helped me show compliance to managers.

The product helps my cybersecurity team. Now, my cybersecurity team spends their time creating new controls for new technologies.

The workflow is the most valuable feature.

The visibility that the solution provides is amazing.

The change workflow process is flexible and customizable. I can send one request to an IT Manager and another one to a Development Manager, making them customized.

I would like to see more about the cloud in the next release. They need a large plan to deploy the cloud into the solution and a way to implement it.

The web service for integration with other solutions needs improvement.

The stability is okay.

At this moment, it is not necessary to expand the solution.

I don't really use the technical support.

We did not have a previous solution. I was looking for a solution to optimize time in security policy management. Then, I found the Tufin and contacted a reseller.

The initial setup was super easy. It was fast to implement the firewall. The Check Point was very fast.

We used a reseller for the implementation. It was the first time for the reseller to do this implementation.

It saves us a lot of time. People can devote their time to other more important tasks. 

The seller of Tufin, when I wanted the solution, was very flexible because the cost on the lease was very high in Latin America. So, he was able to reduce the cost.

We considered Algosec and Firemon, but Tufin was the best.

A powerful tool for a security team to optimize time.

The primary use case is firewall analysis.

We use SecureTrack, which is great.

The solution has helped us to meet our compliance mandates. We have to be PCI and SOX compliant. Some of these rules and systems might meet those requirements. Knowing which system can talk with which system is definitely helpful in that sense.

This solution has helped us reduce the time it takes to make changes.

Comparing the rules and policy browser is valuable to me. It gives me the ability to pull running configs and be able to analyze them without having to go directly into the firewall.

The visibility is great.

When you make changes, you have to enter the password each time for each firewall. This is sort of annoying.

They are sort of at the pilot stage on some of their products. I saw the Orca and Iris products yesterday. My initial impression of these products were that they were good products, but I felt like some of their features overlapped with SecureTrack and SecureChange, which they are already doing. So, I just wondered what direction they're going in? I understand that they are cloud products, but are these security products going to overlap each other's features at some point? This is my initial concern.

It is very stable.

It seems pretty scalable. From what I have seen in the training, you can use it on multiple firewalls. It seems like a solution which was built for very large enterprise level networks.

I haven't dealt with the technical support yet.

If you want to be able to manage your firewalls efficiently and securely, then use Tufin.

It is a pretty solid solution. As with any security solution, I think is it is growing. It seems like it is at a good point. It could still use some work, but it's growing, and that's good.

We saw in the training yesterday the changes for part of SecureTrack 2.0, which isn't out yet. Those changes, that they will be implementing, look very good from what I can see.

The primary use case is locking down the firewalls to Zero Trust and automating the risk assessments.

We use Tufin to clean up our firewall policies. It very easily shows us what is not used, so we can take it out. It shows us head counts as well, so if something is used once or twice a year, that might not be something we want to keep. Thus, we can have the conversation. We also like how it has a business owner of the firewall policy, so we'll be filling that in. So, those people will be involved ongoing with the approvals.

This solution has helped us meet our compliance mandates by providing visibility into firewall rules.

Today, we can check to see how our lockdowns have gone and what unusuals are still there. We have a long way to go, but we've done a lot already.

We were hit by the NotPetya attack. Therefore, our whole company and all its sites were down for several months. So, you don't have an attack like that and not need something like Tufin. Other companies can prevent these attacks, or at least slow them down, by having this type of a tool. We will never go back.

In the future, we will be using this solution to automatically check if a change request will violate any security policy rules.

1. Being able to see all the firewall rules in one place. 
2. Being able to query them. 
3. SecureChange will automate and put the rules into Remedy.

The visibility is incredible. It has never been there before.

The UI was a little clunky at the first. It was confusing. They are working on that. The new one is better.

We haven't really overburdened it yet. What we have has been very stable. There have been no issues that I have seen.

It seems very scalable.

We have 40 consultants and too many people.

The regular technical people seem okay when you put in a help call, and they do get back to you. We actually had a key issue, which was a bug, that the development team didn't want to fix. We escalated it, then it got fixed. So, the management level seems very responsive at least, but at a support level, they are just regular support people and not outstanding.

I asked our firewall team if they had the tools that they needed to do their job, and they said, "No."

We did not have a previous solution.

The initial setup was pretty straightforward. The problem was getting people to pay attention to it.

It is a lot of work to implement.

We used Tufin for the deployment.

We have not seen ROI yet. What we are going to see is fewer cyberattacks. When you have a multimillion dollar cyberattack, you don't care about three million dollars in a one time cost.

Engineers are spending less time on manual processes by weeks. Huge amounts of time have been saved.

Our licensing costs are three million total and then we pay for maintenance, which is an additional cost for three years.

We did a comparison of three products and Tufin was recommended at the time. We got quotes from Tufin and another product, and Tufin came in under.

I just talked to two people who switched to Tufin from another product. It seems to be the leader of the pack.

Tufin seems like a high quality product from a company that cares. It focuses on exactly what we need.

We would like to get to having Tufin make changes on firewall rules, but we are going to need help convincing our management of that we should be using Tufin to do that. It looks very promising, but we can't use it for that yet.

We haven't implemented the change workflow process yet.

While we didn't buy it for the solution’s cloud-native security features. I'm interested in that, but it is not in my mandate right now.

The product has been fabulous.

We use it with SecureTrack, mainly for auditing purposes. We also use SecureChange for workflows on temporary firewalls.

We use Tufin to clean up our firewall policies. From an auditing perspective, it is centrally managed in one place for all of our firewall vendors.

One of the biggest quick wins that we had with Tufin was cleaning up our firewall policies and rules. We cleaned out a lot of rules which helped our devices, longevity-wise, as well as speed-wise.

• Easability
• Audit features
• SecureTrack
• Change of work allowance
• It is very open to changing it and making it do what we need it do. 
• We get a holistic view of the infrastructure, as well as automation workflows.

The visibility is great, so far. We are still building it out because we have a lot of firewalls from different vendors. Overall, it's a good product in the way it works.

The change workflow process is flexible and customizable. We use this process a lot. We have developers do custom integrations with different vendors, especially ones that are technically supported, as well as doing some custom integrations with our Juniper products, which are not officially supported.

The solution’s cloud-native security feature is definitely welcome. We are starting to embrace the cloud. We are a little more legacy and timid in our approach, considering the amount of data that we have and the way that we want it to be accessed. However, the cloud-native applications are going to be big, so I definitely think that's a welcome feature that they're working on.

We would like Tufin to have interoperability with Juniper products, along with official support.

They could maybe update the interface. However, I know there is an interface update coming, I just haven't seen it yet.

There is room for improvement, as far as making the product easy to use and having training available.

In my training with the workflow, it always kicks me back every time that I do a step backwards. I think that automatically it should take you to the next step in the workflow, that would be appreciated.

So far, the stability has been great. One of my colleagues just did an upgrade from the previous version to 19.1, which had a bit of database issues. Those have now been resolved.

The scalability seems good. We have a distributed system right now, and it seems like it can scale up or scale out, as needed.

So far, the technical support has been good. I haven't had to deal with support a lot yet. We have weekly check-ins with our account manager where we go through what we can do with it. Overall, I think it's adequate.

We didn't have a previous solution.

It is nice to see the capabilities that Tufin has, and we look forward to building it out.

I wasn't there for the initial setup, but from what I've seen, it was pretty straightforward for the engineers who set it up.

The solution has helped us reduce the time it takes us to make changes. From the auditing perspective, it definitely saves a lot of time. Once we get our USP built out with the automatic calculations, as well as having validation and seeing where the roles need to go in place, this solution will be very helpful. 

It is helping engineers spend less time on manual processes.

We did look at a few other vendors.

The power that Tufin has behind it is the reason they chose it. They saw that it had a lot of capability compared to its competition.

Check out this product and see what it can do for you. Talk with the marketing team and account reps and see what direct benefit the platform gives you. Then, see what strengths it has compared to the competition, as well as its value proposition.

We are not to the point of using the solution to automatically check if a change request will violate any security policy rules, but it is coming.

We are building the security policy part of it out across out hybrid network, especially with the USP.