We performed a comparison between Tufin Orchestration Suite and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is extremely scalable. It really addresses the scale of a company's firewall footprint."
"We are able to stay compliant with many of the regulations."
"They have very good responses regarding integration and internalization with open tickets."
"The solution's most valuable features are its security policy and steps for deployment."
"We can get reports with Tufin at anytime. We can have automated reports, even with security and compliance."
"We've scaled it to hundreds of firewalls."
"Tufin has made handling firewall rule request tickets more centralized and easier to manage."
"We use Tufin to clean up our firewall policies. It benefits us, because you can run a query for whatever your cleanup criteria is, e.g., "Has it been hit in 90 days?" It displays the list, then you can see the rules right there. If you want to get rid of it (or highlight it), then it creates a ticket that goes ahead and flags them all as disabled. While you can delete them, we always disable first. Then, we have a strip that comes back, and if it's been disabled for 90 days, then the system will remove them."
"Veracode creates a list of issues. You can go through them one by one and click through to a new window with all the information about the issue discovered."
"Stable and scalable, with good reporting features. Helps in detecting and managing vulnerabilities and risks."
"It helps me to detect vulnerabilities."
"It provides security of different Shadow IT activities in our environment, especially around application development and website hosting."
"It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report."
"Veracode is a valuable tool in our secure SDLC process."
"Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester."
"What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."
"I would like to see AI elements included with this solution."
"I would like to see the setup of the Unified Security Policy simplified."
"The biggest area where I see a need for improvement is some of the documentation and training stuff. It does a really good job of hitting the big concepts, but it needs like another layer deeper of actually getting into some of the details of how to do some of the things. Conceptually, I understand how the product works, but now how do I start building stuff and integrating it into my environment."
"We would like to see automation metrics, from a reporting standpoint. We would also like to see automation of site-to-site VPN tunnels. We would like to see automation of Check Point application-based firewall rules."
"The key area for improvement is the integration to F5. One of the things that we encountered with another customer is that there were some limitations when we tried to migrate policies from F5 into Tufin."
"It needs better reporting with more graphics and more pie charts, so management can understand details. The reports that are done now are full of data and management would like to have an image to help understand, right away, what the reports are saying."
"The initial setup of Tufin was complex. We had some issues with the architecture."
"We were just talking to them about usage for the F5 platform. They will not be going after specific environments, but a more OpenAPI. They will have other companies write it, etc. It's a little different than I had expected."
"If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"The number of false positives could be reduced a lot. For each good result, we are getting somewhere around 15 to 20 false positives."
"It could have better integration with our pipeline. If we could have better integration with our application pipeline, e.g., Jira, Bamboo, or Azure DevOps, then that will be very helpful. Right now, it is quite hard to integrate the solution into our existing pipeline."
"All areas of the solution could use some improvement."
"It will be beneficial for developers if Veracode Greenlight includes Python."
"We would like the consolidation of all the different modules. This would help, so then we would be able to see analytics and results on one screen, like a single pane of glass."
"There are few languages that take time for scanning. It covers the majority of languages from C to Scala, but it doesn't support certain languages and the newer versions of certain languages. For example, it doesn't support SAP and new JavaScript frameworks such as Node.js and React JS. They can include support for these. If you go to their website, you can see the list of languages that are currently supported. The false-positive rates are also something they can work on."
Tufin Orchestration Suite is ranked 23rd in Container Security with 180 reviews while Veracode is ranked 4th in Container Security with 194 reviews. Tufin Orchestration Suite is rated 8.0, while Veracode is rated 8.2. The top reviewer of Tufin Orchestration Suite writes "A flexible, very secure solution that works well in Layer 2 environments". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Tufin Orchestration Suite is most compared with AlgoSec, FireMon Security Manager, Skybox Security Suite, Palo Alto Networks Panorama and ManageEngine Firewall Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Tufin Orchestration Suite vs. Veracode report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.