Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment. Customers gain visibility and control across their network, ensure continuous compliance with security standards and embed security enforcement into workflows and development pipelines.
| Type | Title | Date | |
|---|---|---|---|
| Category | Firewall Security Management | May 31, 2025 | Download |
| Product | Reviews, tips, and advice from real users | May 31, 2025 | Download |
| Comparison | Tufin Orchestration Suite vs AlgoSec | May 31, 2025 | Download |
| Comparison | Tufin Orchestration Suite vs FireMon Security Manager | May 31, 2025 | Download |
| Comparison | Tufin Orchestration Suite vs Palo Alto Networks Panorama | May 31, 2025 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| AlgoSec | 4.5 | 22.8% | 96% | 183 interviewsAdd to research |
| FireMon Security Manager | 4.1 | 16.6% | 87% | 56 interviewsAdd to research |
Tufin Orchestration Suite was previously known as Tufin SecureCloud.
3M, AT&T, Blue Cross Blue Shield, BNP Parabas, ConocoPhillips, Deutsche Bank, GE, IBM, Pfizer, United States Postal Service
Automate the firewall change via SecureChange Workflow
1. Policy Optimization by using Tufin APG under SecureTrack. If you have a wide open policy, and you want to restrict it into fewer lines of policy based on last 30 or 90 days hits, you can use APG tool to build restrictive policy.
2. Firewall Cleanup: Deletering unused Rules, unsed objects, duplicate objects from firewall database, by using the report created by Tufin under SecureTrack. You can run this report on Tufin SecureChange to delete all the unwanted space. This will save tons of space on your Firewall database.
3. SecureChange Workflow: You can link Tufin to ticketing system to upload the firewall change ticket, and use the workflow to fully automate the firewall change process, from start to finish
4. Topology: If you a good topology, you don't need to see routing table on Firewall, or going through any visio network design to find the L3 networks in your enterprise. Topology under SecureTrack helped me a lot
6. Enterprise Unified Security Policy: Once I do have an Approved Unified Security Policy from the CISO, I don't need to ask approval for each low risk firewall change. USP not only saved CISO busy time, but also increased the efficiency of firewall team. The firewall change request doesn't have to stay in Approver Pending steps
SecureChange Workflow: It is Firewall Admin Robot, which handles the ticket right from receiving until the implementing process with documenting all the approvals.
1. Tufin workflow doesn't support IPS module, Identity Awareness Module, Policy Inline layer (Checkpoint)
2. Limitation on edit/create Group object: You can't create group Service object
3. You have to run Designer to Assign Firewall Rule Name, and Rule Number. By default, Tufin uses topology
3
Tufin is very stable. There have been no major outages.
Sometimes there is an SSL correction between Tufin and the management server. Sometimes it gets broken but I don't why. Apart from that, it is very stable.
We can add as many firewalls as we need. It's just a matter of purchasing the licenses. It has good scalability.
Tech support is very bad. I would give a zero rating to tech support. Compared to Check Point and Fortinet, Tufin tech support is worse. Even the Professional Services team doesn't like to respond to email. It is poor.
My team doesn't have a good relationship with Tufin. The Professional Services and even our Tufin account manager are not friendly. They're not helpful to us. But the Tufin product is fine.
The initial setup was straightforward.
I believe our cost is more than $100,000 per year.
We haven't evaluate any competitors or consider other products.
Tufin is not mandatory to manage firewalls or to manage any products. But it supplements. It will help you to get approvals and to push firewall policies. In the long run, when you have to manage hundreds of firewalls, obviously Tufin will help.
We are working on the USP, but so far we only rely on Tufin between about ten and 20 percent to see USP violations.
