Veracode focuses on application security, while Tufin Orchestration Suite specializes in network security policy management. User reviews suggest that Tufin Orchestration Suite has an edge due to its versatility in managing complex network security policies despite Veracode's strong vulnerability detection capabilities.
Features: Veracode is valued for its comprehensive vulnerability assessment, continuous monitoring, and integration with DevOps pipelines. Tufin Orchestration Suite is valued for its network policy management, automated compliance reporting, and broader policy management capabilities.
Room for Improvement: Veracode could benefit from enhanced integration capabilities, more intuitive navigation, and increased customization options. Tufin Orchestration Suite needs better customization options, improved scalability, and enhanced user interface design.
Ease of Deployment and Customer Service: Veracode is recognized for its straightforward deployment process and responsive customer support. Tufin Orchestration Suite, while slightly more complex to deploy, offers robust support and extensive documentation. Users find Veracode easier to deploy.
Pricing and ROI: Veracode is considered cost-effective, providing good ROI with its subscription-based pricing model. Tufin Orchestration Suite, though more expensive, offers significant ROI due to its extensive network policy management capabilities. Users indicate Veracode offers better upfront value, while Tufin's ROI justifies the higher cost over time.
The Orchestration Suite saves time when implementing rules.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
The support team is effective; they connect to the network quickly and help resolve any issues that arise.
The team is eager to help in fixing issues.
In recent years, they have stopped providing specialized engineering support.
Access to the engineering team is crucial for faster feedback on the product fix process.
I have communicated with the technical support of Veracode a couple of times, and this was a really great experience because these professionals know their material.
They are very responsive and quick to help with queries within our scope.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
Implementing these features into our normal CI/CD was good, so I can say that scalability is really good.
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
Issues can arise in larger enterprises, particularly concerning policy-based forwarding and NAT traffic.
The analytics features of Tufin Orchestration Suite are challenging to use and require technical expertise, which is a concern as there is not much knowledge in this field in Thailand.
The design needs improvement, particularly in recognizing target devices and target files.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
The pricing of Orchestration Suite is high, which is a point for improvement.
FireMon and Skybox are considered more cost-effective.
Tufin and AlgoSec are at the same level in terms of pricing.
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
AlgoSec adds more value with its vulnerability control, which benefits organizations by reducing expenses associated with audits.
New employees can quickly grasp the various IPs, devices, and the network's logical and physical layout within a short period.
It offers automation capabilities that are very helpful, especially for network security orchestration and applying policies.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
| Product | Market Share (%) |
|---|---|
| Tufin Orchestration Suite | 22.8% |
| AlgoSec | 22.6% |
| FireMon Security Manager | 17.9% |
| Other | 36.699999999999996% |
| Product | Market Share (%) |
|---|---|
| Veracode | 8.8% |
| SonarQube Server (formerly SonarQube) | 22.4% |
| Checkmarx One | 10.3% |
| Other | 58.5% |
| Company Size | Count |
|---|---|
| Small Business | 29 |
| Midsize Enterprise | 13 |
| Large Enterprise | 152 |
| Company Size | Count |
|---|---|
| Small Business | 68 |
| Midsize Enterprise | 43 |
| Large Enterprise | 112 |
Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment. Customers gain visibility and control across their network, ensure continuous compliance with security standards and embed security enforcement into workflows and development pipelines.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
