Tufin Orchestration Suite Reviews

Our primary use case for this solution is firewall remediation.

I didn't get very far with it because I didn't used Tufin in production, only during the evaluation phase.

I tested it for the change orchestration. That is what my evaluation recently was specifically for. While the product was a little slow, it did look full-featured. 

The firewall remediation and compliance pieces are the most valuable features. 

I couldn't get it to work in the lab, even with help, on multiple occasions, from one of Tufin's engineers. It was set up in my private lab per all their instructions, and I gave them control of the system. However, they were unable to make it install the policies to Check Point in an automated fashion. So, I unfortunately gave up on the proof of concept at that point.

In terms of stability, the version I tested in the lab was okay.

I don't know about the scalability, as I never got it out a very small VM.

Their technical support was okay. I needed more help getting the product to work in the lab. 

We did not have an automated provisioning solution. At that time, all firewall changes were being implemented manually by administrators.

The initial setup was straightforward. 

I was working directly with Tufin's sales team and SEs.

We looked at AlgoSec and Tufin. However, we did not chose Tufin because of the issues.

Check the product out for yourself.

I wasn't using it for visibility into my firewall infrastructure, because I have other avenues.

I wasn't using the compliance portion when I was testing it, only the orchestration.

I want to look at Tufin for remediation and compliance in the future.

It is customizable.

It does not natively support all of the Check Point functions, which is a big deal. The solution doesn't recognize traffic and impede it.

We have had a ton of issues with stability. The database is weirdly designed. Things just go wrong with it where we have to call the tech guys. They come in and clean the database fairly regularly.

We've scaled it to hundreds of firewalls. We haven't had a scalability issue. 

If you don't buy their premium support, their technical support is not great and you can only call during daytime hours. So, we ended up purchasing their premium support.

The reason that we purchased the solution is because of the visibility that it provides.

The SecureChange implementation was straightforward. 

The SecureApp implementation was very complicated. The topology was so complicated that we threw it away after months of having Tufin people come out to try and make it work. 

We bought deployment services from Tufin. 

We are seeing ROI in terms of having SecureApp. However, we made a significant investment to get there.

The topology doesn't work and SecureApp doesn't seem to be a strategic product for Tufin anymore. Proceed cautiously with that in mind.

I would rate their SecureChange an eight out of ten. I would give their vision an eight, but for their execution I would give a three out of ten. 

We have a better view of our compliance status. Most of our network is on-premise, so we don't have a cloud. We don't have a hybrid network, but it provides visibility for what we do have right now.

The USB is its most valuable feature. Inside of Tufin, we plan to leverage the USB in solutions.

The change workflow process is flexible and customizable.

It is very easy to use. We can get results back quickly.

I would like an improved reporting module which can be flexible (custom reports) and allow us to generate our own reports, because the data is already there.

It has been very stable since 2017. We haven't had any power problems. As far as hardware goes, it's been very stable. As for software, we found some bugs, but we're working with tech support to fix them, which is normal.

The scalability is very good. Hopefully, this year we are planning to add more entities with our custom platform. The more controller options would be something which will provide more flexibility.

The initial setup was very straightforward.

We used a boutique software with services at the time. For most of our onboarding, we did everything ourselves.

We also looked at AlgoSec and FireMon.

We did look at less expensive solutions than Tufin, but being a corporation, this solution made sense.

We do firewall reviews on a quarterly basis.

It provides me great insight into my firewalls across my organization.

We are able to stay compliant with many of the regulations. 

The rules, as they change over time, are the most valuable feature.

Its capabilities help me grow trust back and have less in-depth experience to go faster.

It is very stable.

It is very scalable.

The technical support has been on point.

The previous solution was all manual.

There was some complexity during the initial setup, but otherwise, it was fairly straightforward.

I used a partner for the integration, who was very good to work with.

Our engineers are spending less time on manual processes: 20 to 30 hour plus.

The solution helps us meet our compliance needs.

The visibility is fantastic.

The product is flexible.

The scalability is the best.

We previously used a different solution. We switched because of the value the solution could provide us in conjunction with Check Point.

The initial setup was complex. We have a big environment which contributed to the setup's complexity.

Tufin is the product which we do our compliance under. That's one of the requirements. We also do change control tracking: who does what and the impact. 

The users have reports for best practices and clean up.

The primary use case going forward will be automation, changing the internal process by trying to eliminate human errors.

Change management tracking is important: Who does what when. We know if something happens by checking the reports and comparing. We know exactly what mistakes were made and corrections. 

In a financial organization, there are so many approval processes. At the designing levels, you can add any number of layers (for approval/decline), add qualifications, and traffic flow analysis.

Because it is a predefined customized, we can define whatever we want it to be and add the exceptions.

SecureChange makes our lives easier with automation. 

It provides a granular report, like what is there or not and what is required or not in the clean up. This makes our lives operationally easier. 

It is very easy to learn and is user friendly. The GUI is user-friendly.

I'm looking for the backup change. I want a predefined backup plan.

The stability is a pretty standard. It is working, and not like other products where it is breaking the system. It is pretty stable.

We will be using the appliance based product, which cannot be scaled as much. It is a limitation in the hardware.

The technical support is very good and helpful. We have not encountered that many issues in any one place. 

The initial setup was very straightforward because the documentation was straightforward.

We did it ourselves. Tufin support helped us with the configuration.

We are also evaluated Skybox and AlgoSec.

Tufin is meeting one of our requirments, which is why we are looking to the future with the product.

There is room for the product to grow.

Our primary use case if for risk compliance. 

The change workflow process is flexible and customizable. 

It has helped us to meet our compliance mandates. We have some requirements that we need to provide more visibility on the risk levels of our firewall base, and Tufin helped us with that requirement. 

The USB is the most valuable feature for us. Inside of Tufin, we are planning to leverage the USB solution.

The visibility is excellent. We have a better view of our compliance status. 

I would like to see an improved reporting model that can be flexible for us to generate our own reports. The data is already there. 

It has been very stable since 2017. We haven't had any power problems. As far as hardware goes, it's been very stable. In the software, we found some bugs, but we're working with support to fix them.

Scalability is very good. We are planning to add more entities this year. 

Technical support is satisfactory at the moment. 

The initial setup was very straightforward. 

We did most of the onboarding ourselves. 

We also looked at AlgoSec. 

I was part of the decision-making process.

I would rate it an eight out of ten. It's very easy to use and you can get good results very quickly. 

We don't use the cloud native security features yet.

Our primary use case is for automation and orchestration.

We use Tufin to automatically check if a change request will violate any security policy rules. One of the things we want to do is to have a blacklist/whitelist policy. A blacklist of things that can never be allowed and a whitelist of things which are always allowed. I want this tool to block or report ports that should not be used, putting somebody in a change. In addition to that, I want it to be able to block people from mapping IP addresses in North Korea, Iran, or whatever is on the blacklist.

Our corporate policy mandates that we can only make changes to our firewalls daily. Once we get ServiceNow integrated with our whitelist policy, Tufin should be able to initiate the change and get us to reduce time.

It should help us meet our compliance mandates going forward. It is replacing AlgoSec.

The ease of use is the most valuable feature. 

The change workflow process is flexible and customizable. We have one guy who has never logged into Tufin ever in his life. He sits down and in 30 minutes had written an automation routine, then went back and changed it. He did that with no training. For me, that is a major benefit.

The two reasons that we wanted Tufin

1. The single pane of glass, so our Tier 1 and Tier 2 could make changes.
2. The network mapping which is something that we have never had before.

• I would like to see them get rid of the REST APIs and use something more modern. 
• I would also like to see them do more cloud integration within the Tufin Orchestration Suite, not within a SaaS solution. 
• I would like them to move their community support off of Google and onto something more long-term.

So far, stability has been good. 

It has already pulled in all our Layer 3 switches and routers across the company.

I don't know if I can expand on the cloud yet.

We bought premium support. I have heard from my team that they are great. 

We switched from AlgoSec because they had horrible customer support, and difficult change management and processes. 

The initial setup was very straightforward. It was done in five days, which is pretty cool.  

We used Tufin for the deployment. We had a positive experience with them. 

We compared AlgoSec, Tufin, and Skybox side-by-side. Originally, the team chose Skybox. They threw in what a lot of other groups had wanted, like the network team, security team, and DevOps team. When I sat them down (because I voted Tufin), I asked them why and they gave me all of the explanations that were all somebody else's reasons, not ours. I told them that this tool is for us and we needed a true orchestration automation tool. Not one that supports everyone else's automation, and we need one for firewalls.

I would rate it a seven out of ten. 

I would advise someone considering this type of solution to not listen to the sales teams among the competitors. They all throw each other under the bus and a lot of it is not true. Tufin's competitors will tell you how bad of a company that Tufin is and how you can't trust them, and how their stuff doesn't work. Then, Tufin doesn't say anything bad about their competitors. So, don't trust everything that you hear. 

Do your own research. Do a proof of concept. Get all of the vendors in. Give it a month to test drive. Set it up and let them prove it out. In the end, the correct tool, not the better salesman, will win.