Cisco Defense Orchestrator vs Tufin Orchestration Suite comparison

You must select at least 2 products to compare!
Cisco Logo
1,093 views|325 comparisons
100% willing to recommend
Tufin Logo
12,176 views|7,128 comparisons
91% willing to recommend
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco Defense Orchestrator and Tufin Orchestration Suite based on real PeerSpot user reviews.

Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management.
To learn more, read our detailed Firewall Security Management Report (Updated: April 2024).
768,246 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"This product provides excellent centralized device controls and reporting.""The most valuable feature is the Intrusion prevention.""We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple.""If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing.""If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time.""Cisco Defense Orchestrator has useful guides for the steps that need to follow by users.""There are a lot of templates that are already built-in. They give you quick-to-create and quick-to-apply policies that are typically a little more complicated for people.""The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us."

More Cisco Defense Orchestrator Pros →

"The solution is good, and no clients complained about it.""There are a lot of benefits to using the reporting. It gives us duplicate objects, duplicate services, shadow firewall rules, and the firewall rules not needed for a given number of days or months.""Our engineers save quite a bit of time that was previously spent on manual processes.""This solution has helped us to meet our compliance mandates. We implemented the Unified Security Policy (USP). This helped enforce what compliance requirements that we had. We have mitigated and remediated issues that have been brought forth due to that USP showing us issues.""This solution has helped our clients because it allows them to leverage the tools so that they can actually reduce their overall expenses for the environment.""The visibility is huge. In order to figure out what was going on previously, we would have to pull stuff out of firewalls and put them in spreadsheets, then do sorts. Now, it's all right there in Tufin. We can write reports to look for what we need, ad hoc searches to find object groups, and know which firewalls are on. This was almost impossible to do previously.""Policy management and the cartography of the network have been the most valuable features.""It is very stable."

More Tufin Orchestration Suite Pros →

"There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change.""CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring.""It would be a better product if it incorporated device control for third-party products easily.""When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up.""Cisco Defense Orchestrator can improve by providing more support for third-party security components.""It should have more features to manage FirePOWER appliances.""I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus.""If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO."

More Cisco Defense Orchestrator Cons →

"The product should integrate with the UTM features.""The network part of the solution could be improved. It's too hard because of the Tufin licensing model for the routing devices.""We like the change impact analysis capabilities quite a bit. The only weakness is that the reporting is a bit clunky. We would like to have the reporting be better.""The pricing of the solution is rather expensive.""There are at least two things that need improvement. One is the business workflow and the second is the integration with logging solutions.""A big improvement would be on the USP policy. If we could use Palo Alto to take those zone names and auto import them into the policy, then just do the policy based on the zone names instead of having to put in every single subnet.""One feature that is missing is the ability to assign a step in the workflow to a specific user at a specific time, based on how the previous steps of the workflow have been handled.""More API integration with third-party platforms is something that we would definitely like to see in upcoming releases."

More Tufin Orchestration Suite Cons →

Pricing and Cost Advice
  • "It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year."
  • "It's around £500 per unit for a three-year license."
  • "After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte."
  • "It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours."
  • "If you compare to what is available on the market, they are in the same range with respect to pricing."
  • "I work with a lot of clients, and the price or value of the Cisco Defense Orchestrator can vary from one client to another. If you have a lot of Cisco solutions, the price of the Cisco Defense Orchestrator is justified. Whereas if you have some security components from other vendors, such as Check Point or Palo Alto. This solution would be a pretty expensive proposition considering that they don't integrate with them well."
  • More Cisco Defense Orchestrator Pricing and Cost Advice →

  • "This solution helped us to reduce the time it takes to make changes. We used to spend up to an hour to do a change, and now, it's around five minutes."
  • "Tufin and AlgoSec were pretty much in the competitive price range, but this one provided us better integration into the Check Point environment."
  • "The solution has helped us to reduce the time it takes to make changes. With Tufin, it takes ten to 15 minutes. Before, it was 30 minutes or more."
  • "The solution has helped reduce the time it takes us to make changes. It helps make overall integrated changes immediately. It allows us to cut down at least a few hours in the week in regards to changes and monitoring."
  • "We've seen a decrease of about 50 percent in the overall time it takes to complete a firewall change."
  • "Tufin makes things a little easier. It lessens the amount of manual work which we have to do. It has a lot of benefits in terms of revenues, profits, employee costs, and operational costs. We have already seen return on investment."
  • "This solution helps us reduce the time it takes us to make changes. We're probably saving time by 25%."
  • "Tufin reduced the time it takes to solve a problem, which reduces the time of the outage."
  • More Tufin Orchestration Suite Pricing and Cost Advice →

    Use our free recommendation engine to learn which Firewall Security Management solutions are best for your needs.
    768,246 professionals have used our research since 2012.
    Questions from the Community
    Ask a question

    Earn 20 points

    Top Answer:The most valuable feature of Tufin is security auditing. We are able to check the rules and compliance of the company, for example, what is allowed or not. We are able to check the rules over… more »
    Top Answer:Tuffin is expensive, and we have to explain to our customers the benefit for them to purchase. If we explain the benefits in the correct way they do not mind the price. We typically do costing for the… more »
    Top Answer:The reporting function could improve in Tufin. For our clients with companies that have strong compliance, reporting privacy data is mostly a problem. In the IT department, private data needs a… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    Tufin SecureCloud
    Learn More
    Video Not Available
    Interactive Demo
    Demo Not Available

    Cisco Defense Orchestrator (CDO) is a cloud-based management solution designed to ensure streamlined and consistent security policies across the Cisco security portfolio. Specifically tailored to manage all Cisco Secure Firewall form factors (running either ASA or Firepower Threat Defense (FTD) software), CDO offers real-time visibility and troubleshooting capabilities, effectively enhancing overall network security.

    CDO addresses the challenges of migration, supporting transitions from on-premises to cloud environments and facilitating the shift from ASA to FTD configurations. As organizations embark on their cloud adoption journey, CDO simplifies provisioning workflows for remote branches, reduces operational expenditures related to inventory management, and offers scalability for multi-cloud deployments.

    Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment. Customers gain visibility and control across their network, ensure continuous compliance with security standards and embed security enforcement into workflows and development pipelines. 

    Sample Customers
    Insurance Company of British Columbia, Shawmut
    3M, AT&T, Blue Cross Blue Shield, BNP Parabas, ConocoPhillips, Deutsche Bank, GE, IBM, Pfizer, United States Postal Service 
    Top Industries
    Manufacturing Company43%
    Consumer Goods Company14%
    Healthcare Company14%
    Computer Software Company44%
    Manufacturing Company7%
    Financial Services Firm5%
    Financial Services Firm26%
    Comms Service Provider11%
    Healthcare Company7%
    Insurance Company7%
    Financial Services Firm18%
    Computer Software Company17%
    Manufacturing Company7%
    Company Size
    Small Business43%
    Midsize Enterprise21%
    Large Enterprise36%
    Small Business11%
    Midsize Enterprise5%
    Large Enterprise83%
    Small Business14%
    Midsize Enterprise7%
    Large Enterprise79%
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    Buyer's Guide
    Firewall Security Management
    April 2024
    Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management. Updated: April 2024.
    768,246 professionals have used our research since 2012.

    Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while Tufin Orchestration Suite is ranked 2nd in Firewall Security Management with 180 reviews. Cisco Defense Orchestrator is rated 8.2, while Tufin Orchestration Suite is rated 8.0. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of Tufin Orchestration Suite writes "A flexible, very secure solution that works well in Layer 2 environments". Cisco Defense Orchestrator is most compared with AlgoSec, Palo Alto Networks Panorama and Azure Firewall Manager, whereas Tufin Orchestration Suite is most compared with AlgoSec, FireMon Security Manager, Skybox Security Suite, Palo Alto Networks Panorama and Illumio.

    See our list of best Firewall Security Management vendors.

    We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.