Tufin Orchestration Suite Reviews

My company primarily uses this solution for reporting and enforcing policy. My role has to do with developing applications to allow integration with our other tools.

When I was using Tufin for analysis, there was a tool that would tell me which rules could be consolidated. It was amazing and helped me to clean up the firewall policies.

We use this solution to automatically check to see if change requests will violate any security policy rules, but I do not have any specific details or examples.

Tufin is the only multi-vendor firewall tool that is available, and it helps to bring everything together and report on what all of the rules are.

This solution helps to ensure that security policy is followed across the network because it is the main tool that non-technical security people use to keep track of firewall rules. Without it, they wouldn't even know where to begin. 

In my current role, the most valuable features are the API and the accessing. In my previous job, the analysis was my favorite.

I would like to see API access into every aspect of Tufin. For example, every feature and everything that's in the database, I would like to have programmatic access to. This would give me the ability to do anything that the product can do but from a script. This way, we are not beholden to the GUI in any way. If an operation requires that somebody click somewhere into the interface, manually, especially if it's just part of many other things that they have to do, then we want to fully automate that.

Some of the manual processes are taking longer because, without the proper API access, there are a lot of tickets coming in. These are from people who need to perform a task, but only a handful of them have access to it. This is because we're too afraid to give access to all of the people who actually need it.

In every instance that I've ever worked with it, it was stable.

I have not dealt with technical support.

In my previous company, I handled the deployment of this solution myself.

Turning on certain options in the solution comes at an additional cost.

My advice for anybody who is researching this solution is that if they are a larger company with a lot of money to spend, and they have a heterogeneous network with more than three different firewall vendors, then they absolutely need it. There is no competitor or really anybody who is even close.

For what this product does, it does well. There are, however, things that are missing.

Overall, I would rate this solution a seven out of ten.

We make use of the SecureChange and SecureTrack modules. In SecureChange, we use the Workflow, and we use the USP to see if there are any rule violations.

Using the workflow has made it easier to get approval from the manager or the CISO. Whereas earlier we used to send an email, it is now a very easy process to get approval.

I have not used the Tufin workflow to clean the firewall rules, but I have used the reports to assist me. I have built reports based on six months worth of data, then selected the rules that were not needed and performed the firewall cleanup accordingly. Now that we have SecureChange and the workflow, I think that I should use the workflow to clean the firewall rules. However, to this point, I have been using the Tufin report.

The rule cleanup and checking for rule violations are not any easier for a technical person, as they are firewall operators. At the same time, it is very much easier for the management team, such as the CISO or company managers, to perform these tasks.

With respect to visibility, many vendors claim that they are number one on the market. What I can say is that Tufin works with the Check Point firewall and the Fortinet firewalls, and this is helping us.

This solution has helped us with meeting our compliance mandates. Based on the company standards and guidelines, we configure the USP. When somethings violates it, we can make a decision whether to approve it or not, based on whether it is complying with company policies.

The most valuable feature is the workflow.

Using this solution makes it easier to manage the firewall policy.

The reports that this solution provides are very useful. The report includes information about duplicate objects, duplicate services, shadowed firewall rules, and the firewall rules that have not been needed for a specified number of days or months. It sets my Check Point database.

My team does not have a good relationship with Tufin because the provisioning team, and even our Tufin account manager, are not friendly or helpful to us. The product, itself, is fine.

I would like to see Tufin as a standalone product that does not strictly manage other firewalls, such as Check Point, but works independently. Ideally, it should not have to rely on other products.

This solution increases the time it takes to make changes. It is easy to manage the firewall policy with the Check Point management server, so the time spent with Tufin is extra.

The fact that all of the firewall policies are pushed to the CMA is a major drawback of the schedule window.

Tufin is very stable, and I would say that there are no major outages. Sometimes the connection between Tufin and the management servers gets broken, and I don't know the reason, but apart from that, it is very stable.

We can add as many firewalls as we need to, as long as we purchase the licenses, so it has good scalability.

Technical support for this solution is the worst. I would give it a zero ranking. Compared to Check Point and Fortinet, Tufin technical support is the worst.

Even the provision service team does not like to respond to email, which is poor service.

Prior to this solution, we used email to request approval, and it is now handled by the Tufin workflow.

The initial setup of this solution was straightforward.

Our licensing fees are more than $100,000 USD per year.

We did not evaluate other products before choosing this solution.

I do find that the change workflow process is flexible and customizable, but not fully. I would say that it is seventy percent customizable, as there are pros and cons in the workflow. You cannot fully customize the workflow by yourself. There are certain limitations in the workflow, such as the inability to create a Firewall object or an IP object. You can only create or modify the Firewall object group. The other problem is the schedule window, as it pushes all of the firewalls on the CMA.

For us, this solution is a supplement. Tufin is partners with Check Point and Fortinet firewalls, but I can manage firewalls without using it. At the same time, while it is not mandatory, it is helping us.

For anybody who is considering this solution, I would say that Tufin helps you to get approval and it will help you to push your firewall policies. In the long run, when you have to manage hundreds of firewalls, it is a good thing to have.

I would rate this solution a six out of ten.

We use SecureChange for change management, and the SecureTrack component for reporting and the summary.

We use this solution to clean up firewall policy, although I do not personally do it very often.

The change workflow process is flexible and customizable. We have a couple of custom components, and my colleague was able to put them together in five minutes, so it seems pretty flexible to me.

The solution automatically checks to see if our change request will violate any of our security policy rules. This helps with general risk assessments, and when we transfer data between security zones over certain ports. It really benefits us, as well as the users who submit the rules, because they're not all familiar with all of the rules that are in place.

Implementing this solution has made everything faster. With the introduction of SecureChange, I think it has been easier for the average person to become a firewall rule setter.

Using this solution helps us to meet our compliance mandate. It does this by making everything quicker, which makes it easier to meet our SLAs.

This solution helps to ensure that the security policy is followed across our entire network. It leaves less wiggle room for people to venture out and make exceptions because it does the thinking for us. We follow it's recommendations, so there is less compromise.

The most valuable feature of this solution is reporting.

This solution has helped to reduce the time it takes to make changes. I don't think that we were ever slow, but we can now say that changes are completed within twenty-four hours.

I think that the interface could be cleaner, and easier to use. There are some things that I think are varied. Some of the reports, when you try pulling them out, I think that you've got to jump through too many hoops to get the results that you want to find.

I would like to have the ability to view multiple "handled by" names. Right now, it's either one, or we and the customer see nothing. I would like to clean that up because I am part of those phone calls.

I think that with respect to end-user operation, the whole-space users, the communication is lacking.

For the most part, stability is alright. It works well until we do an update and it breaks everything. But, it gets fixed, and it's good again until the next update. 

We have not tested scalability because we're set at where we are right now, although that is not to say that we won't be expanding in the future.

Technical support for this solution is really good. They are pretty quick at responding to our tickets. When the update breaks everything, they're pretty quick at sending someone to fix it and bring us back up within a couple of days.

Prior to implementing this solution, we used a home-grown, internal request process. It was very frustrating, across the board.

We used a consultant to assist with our deployment, and we had no problems.

My advice to anybody who is implementing this solution is to take the time to learn the product, in and out, right away.

I would rate this solution an eight out of ten.

Our primary use case for this solution is firewall automation for rule requests.

We use Tufin to clean up our firewall policies, and it has benefited us by reducing our policy set. It has sped up the change request process as an overall whole.

This solution helps to ensure that our security policy is followed across the entire hybrid network. We are able to see both on-prem and cloud, and whether there are things preventing on one side or the other.

The time that we require to makes changes has been reduced from weeks to days.

Our engineers are spending less time on manual processes, with the majority of our tickets being same-day.

The most valuable feature of this solution is the ability to develop it further than what's out of the box.

The visibility is not as good as it should be. There are certain things that it doesn't have visibility to yet, but I'm hoping that it's coming. Once it has greater, fuller visibility, we can do more.

The change workflow process is flexible and customizable to a certain extent. The GUI is limited with respect to how much you can develop and visualize the process. However, there is good flexibility in the number of fields and text that you can add.

SecureTrack needs improvement, and access to SecureChange needs improvement.

Some of the features that I would like to see in the next release of this solution are:

• I would like Tufin to be supported on a container that is based in the cloud.
  
• I would like the database to be separated from the backend.
• I would like better automation support for Palo Alto.

This is a pretty stable solution. I won't say that there are no issues, but it does what they say it's going to do.

I think that the way it is architected, currently, is limited in its scalability. In the future, it should be more scalable.

Technical support for this solution is good. For a lot of the issues we have, we go directly to R&D.

We did not use another solution prior to this one.

The initial setup of this solution seemed to be straightforward until we got into the details. At that point, we found it to be complex. Once you start thinking about the things you want to do and how you want to do them, because it's so customizable, it can become complex quickly. However, not in a bad way.

We used G2 to assist us with our deployment, and they are great to work with. They're easy.

We have seen ROI, but I do not have any data points that I can share.

Our licensing fees are approximately $100,000 USD yearly.

We considered other products, but Tufin came with the best out-of-the-box solution, and with the greatest flexibility to change in the future.

We do not yet use this solution to automatically check if a change request will violate any security policy rules. We have not yet utilized this solution to help with compliance.

With respect to the cloud-native security features, we are not leveraging the cloud as much as we should with Tufin.

There could be better things out-of-the-box; However, I know that it is a solution that has to cover a wide range of industry and supportability, so therefore it's a challenge to get everyone's wants and needs.

My advice to anybody who is implementing this solution is to spend more time than you think you need on SecureTrack because it sets the standard for using SecureChange in all of the other products.

I would rate this solution a seven out of ten.

We are using the SecureChange and SecureTrack components of this solution for rule re-certification and change automation. We are still in the implementation phase, but we expect to have this solution in our production environment by October 1st.

With respect to visibility, my impression is that it will do what we need it to do, but it will take some work.

We have tested the system to see if it will automatically check to see if a change request will violate any security policy rules, and it will do what we need. We intend to use this feature in production.

We expect that this solution will help us to meet our compliance mandates.

The most valuable features are the GUI interface and the API. 

We’ve found the change workflow process to be flexible and customizable. If it could not be customized then it would be very hard for us to make it work for our company.

The integration with different products needs to be improved.

For the most part, this solution will ensure that security policy is followed across the entire network. There are certain policies that are not baked into the product yet, like our proxy solution.

The options for certain things are pretty rigid, so they need to be more customizable.

So far, the stability of the solution has been good.

We have some work to do with scaling the product, so I don't yet know about the scalability.

Technical support for this solution has been great. They've been very responsive.

We will be using Tufin to clean up our firewall rules, but we currently use AlgoSec.

Our previous solution was an end-of-life product, so we had to evaluate the options that were out there.

The initial setup of this solution is straightforward, although we haven't done full-on production yet, so I don't know what we're going to run into.

Nexum assisted us with the deployment of this solution. They are good, and we use them for everything we can.

At this stage, we have not yet seen ROI.

We evaluated other solutions, but Tufin had a better workflow.

I am unfamiliar with the cloud-native security controls that are provided. They may be worth further investigating.

Reducing the time it takes us to make changes is the goal of our implementation. We expect that our engineers will spend less time on manual processes.

We expect that this solution will do what we need it to do, but there are some quirks with the integrations for the software.

My advice to anybody who is researching this solution is to pick what's right for you and do your homework.

I would rate this solution an eight out of ten.

We primarily use SecureTrack for viewing and tracking changes to policies.

This has helped us to better clean up and audit changes to the firewall policy. Also, giving access to the other teams without giving them direct access to the firewalls, themselves, is very helpful.

This solution has also saved our architects time. They are unable to view the firewall policy directly, so they use this product to find the rules that they need. If something is being moved then they can easily create a document that has all of the existing rules.

The most valuable feature is to give people outside of the firewall group access to view the policy. Tracking is the most useful feature for us, right now. It saves time but I cannot give an estimate as to how much.

The visibility is good. We can see the policies and what changes need to be made, based on the report.

When viewing the policy there are a lot of Check Point user's inline rules, and you don't see those in our policies. It just labels them from top-down. We use a lot of inline rules, and it would be beneficial to see those from within Tufin. 

Overall the system is stable, and we have had no issues configuring it with our firewalls, or otherwise.

It is scalable in the sense that we use a lot of policies and we haven't run into any limits yet.

The solution has been pretty straightforward and I haven't had to contact tech support. Again, we're not using all of the features so perhaps that is why. I do know that there are plans to use the SecureApp and SecureChange in the future, but the trust isn't there yet for us to push down those changes.

We did not use a solution prior to this one, but we needed Tufin to give access to other teams to view the policies. We did not want to give them direct access to the firewall management system.

I would say that the initial setup was of medium difficulty. I and one other engineer completed it, and it wasn't too difficult.

The deployment, in total, took more than a year. This included bringing in every single firewall policy and making sure that it was updating and tracking.

We handled the deployment in-house.

We did not evaluate other options before choosing this solution, and I don't know who else is competing in this space with exactly the same features as Tufin.

We don't use SecureChange at the moment, although hopefully, we can get to it in the future.

With respect to having this solution automatically clean up our firewall policies, we run the report but we don’t always push those changes on. We consider the recommendations but review it manually ourselves. This does point out what we can get rid of, and where we can optimize it. Once we have the trust of our team to push these changes automatically it will be implemented, but we're not ready for that yet.

Part of the reason is that we want to be in control of the firewall policy changes. We don't want developers or anybody recommending what we should be doing.

If somebody is looking to integrate a ticketing system, and not push changes directly through their firewall management system, and they would like a third-party verifier and checker then I don't know any other products that can do that. This is especially true for Check Point firewalls, and Palo Alto.

I would rate this solution an eight out of ten.

We are a reseller and solution provider. We have this product running in our lab, and what differentiates us is that we are able to take our client's use cases and execute them in our environment. 

This solution has helped our clients because it allows them to leverage the tools so that they can actually reduce their overall expenses for the environment. The push is operational, and they've been able to eliminate a number of contractors, thus saving quite a bit of money by using the automation capabilities of Orchestration.

The full Orchestration Suite is what we've been primarily driving because many of our customers want to move into automation, or at least some aspects of it.

The audit portion of this solution has made a really big difference for us. Also, the flexibility of change has allowed us to really drive the product into the marketplace for a large clientele.

This solution provides great visibility, for both our customers from a primary firewall perspective, as well as for the other solutions that they tie into. For example, it gives us an ability to view what’s going on with full plant environments in various parts of the world.

The change workflow process is extremely customizable. We really like it from the standpoint that we can push it from department to department for approvals. It’s not contained within a single solution set, but rather, it moves across the silos of an organization for the approval process.

This solution has helped our clients to meet compliance mandates across the globe, including, for example, GDPR and SOX requirements.

We would like to see more in terms of integration with other application types within the context, such as next-generation firewalls or next-generation threat devices that are out there. It's not just about firewalls anymore. A lot of convergence is happening at that enforcement point, so we'd like to see a little bit more attention on that. Examples would be integration with IPS, Application Control, Anti-Bot, and Anti-Malware.

We have found that this solution is quite stable. We do have some RFPs in to increase performance capabilities, but from our perspective, it's quite stable. If this were not true then our largest companies would not be buying the product.

This solution is extremely scalable, globally across thousands of firewalls, switches, and proxy devices. We look for scalability in a product. We have a small portfolio of solution providers, Tufin being one of them, and we choose them based on their scalability. There are other factors, but scalability is critical for us.

Technical support for this solution is good. We don't really use it too much because of our strong engineering team, but it's always been very responsive. We are sending two more engineers to the Cleveland area office next month.

We chose this solution a long time ago. We've been a partner for almost nine years. Because they spun off and many of the individuals who were part of the envelopment of products within the security space, like Ruby, came out of the Check Point environment. We're a very, very strong Check Point enterprise player, so we feel that anybody who understands product development and product distribution across large environments has to be a key for us.

We really weren't interested in products from other resellers, or we weren't interested in products from auditors. We were interested in products from people who knew how to develop products for the marketplace. So that's been a key for us. The other piece is the ability to scale, and then finally, the ability to automate with that scalability. We just don't find others as scalable as Tufin is.

The initial setup of this solution is straightforward. Obviously, with its flexibility, you really have to know what you're doing. In order to be able to leverage the product, it requires some expertise.

ROI is a little bit hard to measure in the security space, so our focus is on reducing TCO. For example, one of our clients was able to eliminate fifteen contractors that they had on an annual basis. This was a cost savings of $1,200,000 USD for the first year. Ultimately, we want to reduce TCO as much as possible.

Licensing is available in both perpetual and subscription models, and it appears to be good for our scalable environments. We have also needed to work with what we call small enforcement point pricing, which we'll probably get more into as people expand.

We do not yet have a great deal of experience with the cloud side of this solution. However, we're actually moving into our first contract around that and we'll be digging in deep. We find it, at least from our lab environment, highly successful, whether it's AWS or Azure, and we're looking at the Kubernetes side of things as well. So far, so good, from a lab perspective, but we will be rolling out our first, into a full Cloud environment for one of our global clientele.

For our clientele, this solution has, without question, saved them time when it comes to making changes. The whole idea is to be able to initiate a change and have it proliferate across thousands of devices. It's critical. So, just in that alone, we can save six months' worth of man-hours just in making a single change for some of the environments that we work with.

Tufin is really a leader in the space for taking manual processes and eliminating them as much as possible.

My advice to anybody researching this or a similar solution is to look for longevity in the field. Also, look for product development expertise and a legacy of that. Finally, look for scalability, stability, and growth within the marketplace across device sets.

I would rate this solution a nine out of ten.

We use this solution for auditing our security and system access entries, then alerting us to problems.

The auditing reports generated by this solution help us to find issues.

This solution has helped us to meet our compliance mandates. We have very strict standards and security policies that we must follow. This tool is very flexible for the management team. It also helps us to ensure that our security policy is followed across our entire hybrid network, but we have a lack of security in some points.

The most valuable feature is that it extends security entries in the firewall policies. Given the number of entries in the access control, this would take a lot of time, so this feature is very valuable for us.

The visibility this solution provides us is great. At the moment, we are in the process of continuous improvement, and we need to include these new features.

The change workflow process is okay.

I would like the ability to export information in other formats including PDF, HTML, or Excel.

The stability is very good. It's better than the other tools that we have in the company.

To this point, we have only used the basic functionality. We have several teams working with the tools.

Technical support for this solution is excellent. At the moment, we have very good communication with support.

The initial setup was good and we had no trouble with it.

We handled the deployment of this solution internally.

We did not evaluate other solutions before choosing this one.

This tool is excellent in the specific areas where it is applied. We are spending less time on manual processes and at some point, we will be stopping them.

This solution definitely helps to reduce the time it takes to make changes. With other tools, I have spent five or six hours or even days, but with this solution, it takes me thirty minutes. It can take even less, depending on the complexity of the firewall.

My only complaint is that I would like to be able to export data to different formats.

I would rate this solution a nine out of ten.