Try our new research platform with insights from 80,000+ expert users

Cisco Security Cloud Control vs Tufin Orchestration Suite comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 22, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Security Cloud Control
Ranking in Firewall Security Management
14th
Average Rating
8.2
Number of Reviews
15
Ranking in other categories
No ranking in other categories
Tufin Orchestration Suite
Ranking in Firewall Security Management
2nd
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
184
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Firewall Security Management category, the mindshare of Cisco Security Cloud Control is 1.2%, down from 1.4% compared to the previous year. The mindshare of Tufin Orchestration Suite is 22.5%, up from 20.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewall Security Management
 

Featured Reviews

Vivek Balaji - PeerSpot reviewer
Useful guides, excellent support, integration could improve
Cisco Defense Orchestrator has useful guides for the steps that need to follow by users Cisco Defense Orchestrator can improve by providing more support for third-party security components. I have been using Cisco Defense Orchestrator for approximately eight months. The Cisco Defense…
MithatBulut - PeerSpot reviewer
New employees can quickly grasp the various IPs, devices, and the network's logical and physical
Tufin is primarily used to orchestrate and manage network traffic and firewall devices. It is specifically useful for implementing firewall policies and handling requests from clients that require policy updates or changes Tufin simplifies understanding network topology. New employees can quickly…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is that you can push one policy or one rule out to several devices at a time."
"The most valuable feature is the Intrusion prevention."
"When we're looking to the policies, it identifies the shadow rules. It notifies us about anything that will supersede other rules."
"With Cisco Defense Orchestrator, we can manage the complete Cisco Security solution. It provides a simple and centralized way to manage all products."
"If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time."
"The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us."
"We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too."
"If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing."
"We built the policy comparison reporting into our processes that before we push any change to production, an engineer will stage actual date rule changes and policy changes. Another engineer will go in and do a comparison report of the last push policy to the last save, making sure what has been changed is what is expected to. From an operational excellence, it's huge for us. We have huge policies. All it takes is one accidental right click, delete, or backspace button, which could impact our business. So, this is something that we use almost day in and day out."
"Overall, I would rate Tufin Orchestration Suite eight on a scale of one to ten."
"Our engineers are spending less time on manual processes, specifically for the reporting functionality. For doing the rule cleanup and policy analysis, it would be a nightmare to do that manually. So, it is saving our engineering teams time from not having to do manual log reviews."
"We can get reports with Tufin at anytime. We can have automated reports, even with security and compliance."
"There are a lot of benefits to using the reporting. It gives us duplicate objects, duplicate services, shadow firewall rules, and the firewall rules not needed for a given number of days or months."
"The solution helps us meet our compliance needs."
"Comparing the rules and policy browser is valuable to me. It gives me the ability to pull running configs and be able to analyze them without having to go directly into the firewall."
"We are able to stay compliant with many of the regulations."
 

Cons

"Cisco Defense Orchestrator should be made more user-friendly overall. Currently, to use it effectively, one must be specific with the rule set that needs to be set up."
"When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."
"They need to work on the user interface. It needs to be improved to make it more user-friendly."
"The dashboard needs to be more customizable to provide better reporting for our network."
"They can centralize all products and provide a correlation about an incident and the response. They can also provide an on-premises solution. Currently, Cisco Defense Orchestrator is just for cloud deployments, not for on-premises deployments. Customers have to manage it on the cloud. We are based in Vietnam, and most of the customers here prefer to have on-premises deployments. Customers, especially from banking and government sectors, do not prefer to do anything on the cloud. Some of the small enterprises use the cloud."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"Cisco Defense Orchestrator can improve by providing more support for third-party security components."
"More API integration with third-party platforms is something that we would definitely like to see in upcoming releases."
"Their pricing can be better. It is not very transparent."
"The topology needs improvement. If I click on the network tab, I can go get a cup of coffee, come back, and my topology is still not painted. Maybe, it's just because we have so many devices, but looking at the topology, it is too slow. The problem is that when I click on the network tab, I do not want to see the topology. I want to click on the "Next" button, so I can put in the source and destination, so I can see the path. However, I still have to sit there and wait for the topology to load, and it's frustrating. I'll click on topology and try to click that "Next" button in time to where I can get around it. But, typically, you have to wait for that topology to paint. When it paints it, it's just a bunch of black smudges because there is just so much there. It can't paint it to where you see something. I can always zoom out, or something like that, but it's really worthless."
"We were just talking to them about usage for the F5 platform. They will not be going after specific environments, but a more OpenAPI. They will have other companies write it, etc. It's a little different than I had expected."
"The initial setup was time consuming."
"It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old."
"We will be using the appliance based product, which cannot be scaled as much. It is a limitation in the hardware."
"I would like to see AI elements included with this solution."
 

Pricing and Cost Advice

"It's around £500 per unit for a three-year license."
"After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte."
"It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours."
"I work with a lot of clients, and the price or value of the Cisco Defense Orchestrator can vary from one client to another. If you have a lot of Cisco solutions, the price of the Cisco Defense Orchestrator is justified. Whereas if you have some security components from other vendors, such as Check Point or Palo Alto. This solution would be a pretty expensive proposition considering that they don't integrate with them well."
"If you compare to what is available on the market, they are in the same range with respect to pricing."
"It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year."
"I suggest talking with Tufin about the flexibility of the pricing structure."
"The solution has helped us to reduce the time it takes to make changes. With Tufin, it takes ten to 15 minutes. Before, it was 30 minutes or more."
"I'm saving 20 man-hours a week, so I am seeing some ROI."
"The solution is more reasonably priced than its competitors."
"Licensing is on a customer by customer basis."
"We've seen a decrease of about 50 percent in the overall time it takes to complete a firewall change."
"The seller of Tufin, when I wanted the solution, was very flexible because the cost on the lease was very high in Latin America. So, he was able to reduce the cost."
"Its price is reasonable, but it could be lower. It has been cost-effective for us. We have a contract for three years."
report
Use our free recommendation engine to learn which Firewall Security Management solutions are best for your needs.
861,803 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
48%
Manufacturing Company
12%
Financial Services Firm
8%
Transportation Company
3%
Financial Services Firm
17%
Computer Software Company
14%
Manufacturing Company
10%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What needs improvement with Cisco Defense Orchestrator?
Cisco Defense Orchestrator should be made more user-friendly overall. Currently, to use it effectively, one must be specific with the rule set that needs to be set up. Additionally, I suggest impro...
What is your primary use case for Cisco Defense Orchestrator?
Our primary use case for Cisco Defense Orchestrator is the automation of playbooks. We primarily use it for this purpose to streamline processes.
What advice do you have for others considering Cisco Defense Orchestrator?
Those who want to use Cisco Defense Orchestrator should build their own use case and see if it fits their environment. The most significant benefit for us is the response time because it automates ...
What needs improvement with Tufin SecureCloud?
Tufin Orchestration Suite ( /products/tufin-orchestration-suite-reviews ) is not commonly used in Thailand due to a lack of local support, and many customers are switching to AlgoSec or other vendo...
What is your primary use case for Tufin SecureCloud?
I have primarily used Skybox and AlgoSec ( /products/algosec-reviews ). I have also interacted with FireMon for compiling. However, I am not currently working with ACA, and I don't have any project...
What advice do you have for others considering Tufin SecureCloud?
There is potential for improvement in explaining the analytics in the dashboard for Tufin Orchestration Suite. Tufin Orchestration Suite does provide good monitoring; however, interpreting the grap...
 

Also Known As

Cisco Defense Orchestrator, CDO
Tufin SecureCloud
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Insurance Company of British Columbia, Shawmut
3M, AT&T, Blue Cross Blue Shield, BNP Parabas, ConocoPhillips, Deutsche Bank, GE, IBM, Pfizer, United States Postal Service 
Find out what your peers are saying about Cisco Security Cloud Control vs. Tufin Orchestration Suite and other solutions. Updated: July 2025.
861,803 professionals have used our research since 2012.