Tufin Orchestration Suite Reviews

Our primary use case is for change audit.

My team uses it heavily to audit the changes made by junior engineers, going back and figuring out what they messed up, and correcting their mistakes. We generate reports for customer compliance and audits, as well as for regulatory audits.

We use it to generate reports that we are in compliance, but don't necessarily use it to mitigate any compliancy requirements then only to report on them.

The historical reporting is the most useful feature that I use the most often. 

For what we use it for (change auditing), the visibility works great.

We don't have any issues with it, but the reports could be easier to read and more customizable. Also, capturing some of the different versions, and being able to dig through them could be a bit better.

The stability works, for what we've been using it for. The system has been up and running for at least a year and a half without any issues. The only time we do anything with it is when we upgrade it or patch it, but we have never had any performance issues or it falling over.

The way we deployed it is sufficient for what we're using it for. We haven't really had to scale it.

We tend to not have any issues with it, so we don't need to use support very often. For what we are using it for, it does exactly what it is supposed to, and we don't have any issues with it. 

We did contact technical support when we had an appliance, then we migrated it over to a VM and it was moving some of the data from the old code format to the new one. We have also had upgrade problems with it randomly breaking on us. 

My team has had a pretty good response from the technical support.

We had a bunch of issues with junior engineers causing problems and people not knowing what was changed or what happened. We needed a solution that produced very easy to understand and quantifiable change reports. 

We had a home-built solution before Tufin had maintenance issues because it was our own,  and we had support issues with it. It sometimes worked, and sometimes didn't work. Tufin was a very easy shoe-in replacement for that solution.

The setup was pretty straightforward. The documentation was pretty clear in terms of what you had to do. It was just the case of executing it.

We deployed it ourselves. 

For our numerous cases where outages had been caused by engineering errors, our ROI is in the ability to quickly go and see what the person did and fix it. Tufin reduced the time it takes to solve a problem, which reduces the time of the outage. It does have a cascading effect, but I can't quantify it to dollar amounts.

It has been a few years since I've looked at anything else.

I would rate it a seven out of ten mainly because it does everything really well. In general, it still does what it's supposed to do, and we don't have any issues with it. 

I would advise someone considering this solution to know exactly what you need before you start the process. Be very thorough, because the devil is in the details and you need to know exactly what you want and need. Then you'll be able to tell which solution is better, and which one gives you the better return on investment. 

We use Tufin for two purposes: 

1. To track all changes on our network equipment, our Cisco gear, F5s, and Check Point. 
2. We use SecureChange. So, we submit any firewall change through SecureChange, then we use that for the approval process. We are trying to have it end-to-end, where it provisions the device, but we're not there yet. 

Tufin is our audit trail for all changes. We have to be PCI compliant, and it is the tool that we go to for enforcing PCI on the network side.

The change workflow process has customizable and functional for us.

It has helped us meet our compliance mandates.

The revision reports are phenomenal. They really help us out to see what changed, when, and who, most importantly. Some of the other reporting that we audit and clean up have been really valuable for us. 

The visibility is great. We have found the policy browser to be very useful. It is a fairly new feature. 

I would like to see more expansion into the cloud and documentation needs improvement. When I try to do something new in the product, the documentation is no help. Something's written there, but it's not enough to help you do what you want to do. We would like more examples and use cases.

The cloud is fairly new to Tufin. We have AWS. Their first steps into providing audits on the cloud have been really helpful, but we ourselves don't know how we're going to manage the cloud. One of the features that we didn't like is the controlling of the security groups. We can read them but there's no way to change them or to really control them through Tufin. That would be a nice addition.

We are currently working on a bunch of automation to include Tufin. We need security group management (security group modification for Cisco devices). That is what we need from Tufin going forward. We can't go live with the total automation because there are pieces missing, e.g., you cannot update the service group.

It has been very stable. Though, the policy browser has had trouble working. We have experienced bugs.

We have a lot of devices on it now.

The technical support is hit or miss. More miss than hit. It takes them awhile to understand what the issue is. They don't know where to go in the product right away. A lot of stuff gets escalated to R&D, and even that is a very slow process. When it goes to R&D, it's really slow. We've had the same issue for months. They say it'll be fixed in the next release, then we'll get the next release, and it's even worse.

We deployed it ourselves.

We are really interested in the Tufin Orca product.

• For visibility in the network, I would rate the product as a nine out of ten. 
• For usability, I would rate the product as a seven out of ten. 
• For liability, I would rate the product as a nine out of ten. 
  

Our primary use case is configuration management and change management.

Tufin has improved my organization with its configuration management. It has tremendously improved operation's success and has made life easier. 

It has also increased the amount of gateways there, which has really helped us. Information is readily visible.

Tufin has ensured that the security policy is followed across our entire hybrid network in the way that it has given us what is in place now. We're trying to impose the security policies of the organization. There is still time to get in there.

• Configuration management
• Change management

I don't get the full visibility. There are a lot of improvements which can be done in terms of visibility.

We have had challenges implementing the change workflow process. We were trying to do and end-to-end automation part and standard services, like Active Directory, through a couple of customers and internal applications. We had challenges that we couldn't overcome, even with help. We are still trying to achieve this.

Change management is something which is currently difficult. It should work seamlessly, not have too many integration points. It should be simple.

Stability is good, so far it hasn't given us any trouble.

We've never really had the opportunity to check the scalability. Our company's growth at the moment is stagnant and normal.

Their customer service is better than it used to be.

We implemented through a consultant from Tufin, who was helpful.

We have seen ROI in operational aspects, in terms of how long it takes to resolve incidences which arise. 

I would rate it seven out of ten. I would recommend Tufin if someone is considering it.

We are still in the process of phasing it in to help us with our compliance mandates.

Firewall automation and orchestration.

It has allowed us to be more efficient in our processing of firewall requests.

We use this solution to automatically check if a change request will violate any security policy rules. Every change request has to go through a security approval step, but we also leverage the Unified Security Policy to automate some of that decision-making.

Workflows that help continue automation.

The change workflow process is flexible and customizable. Just about every step has some flexibility to it. While there is room for it to improve, it is very flexible to our needs.

The change impact analysis doesn't even get close to actually solving our problems. I am not impressed with it.

The solution's cloud-native security features are lackluster. They need to catch up to where the industry is at.

Our engineers still require quite a bit of manual digging to find the data that they need. It would be nice if the product would allow more flexibility around that and the workflow to present more data to correct this.

There are tons of things that the solution needs. They just need to prioritize them and get some of their customers satisfied.

It's not a very stable product. It doesn't stay up as often as I would like. It crashes at very inopportune times that we just can't afford.

It is not very good. It scales but not eloquently. It is complex and not easy for our organization to stay on top of managing it.

The technical support is okay. It's not the best, but it's not the worst.

Tufin is our first solution of this type.

It was pretty straightforward. It was not too challenging to get it going. This issue is just maintaining it.

We worked with Tufin Professional Services to do some deployment. Most of it was internal, in-house customization and put together.

I have seen ROI with this product.

We've seen a decrease of about 50 percent in the overall time it takes to complete a firewall change.

We chose Tufin because its flexibility at the time was much greater than their competition.

We did not evaluate less costly solutions.

While it has its highlights, it has deep issues that need to be addressed.

This solution help us ensure that security policy is followed across our hybrid network.

Our company doesn't really have federal or regulatory compliance requirements.

Spend a lot of time testing and doing a PoC for it, before you make the final decision to go for it.

We use it to manage our policies, consolidate them, and if we see anything missing, we can use it to track that, as well.

Right now, we're mainly on-premise. S,o the cloud piece is not being used right now. However, in the future, we will use it. I think it will help tremendously to get a good picture across the board.

One of the main things is to look at what policies haven't been hit, so we can remove those remnant policies when people come in, use it, and it's still left on the Check Point. So when a couple of users say, "This is not needed anymore." We'll remove it.

The capability to manage: We have different domains, so we want to have a single pane of glass to see what all the different policies are doing.

We like the change impact analysis capabilities quite a bit. The only weakness is that the reporting is a bit clunky. We would like to have the reporting be better.

Right now, it is being used retroactively. There was talk with the rep this morning that they can do this proactively. In other words, we see the policy, and if it's not needed, then it can be removed, or add new policies, as needed.

We feel that it is a very good solution. So, we'll probably use it going forward.

This is one of the things that we do like about the solution, which is why we went with it.

The technical support has been very good. I would like it to be a little faster, but it's good.

There were some hiccups in the initial setup. In using the new features, there was a learning curve. However, for the most part, it was fairly straightforward.

We hired people that have done the deployment in the past. So, we did it all ourselves.

Manually looking at the policies is very time-consuming. With this product, I think we've streamlined the process tremendously.

We like the visibility. That's why we went with this solution over other competitors.

It does what it needs to do for our needs.

We are in the process of doing a PoC for the new changes.

Currently, it's all reactive. We do the changes, then we review it at a later time.

The primary use case is firewall management, consolidation, and optimization.

Our company has a grid, and there are different blocks of public domains and internal domains. It checks all that on our security grid. That has been customized by our administrator.

Tufin allows our say junior guys to learn how to view policies. It gives them a tool that will help them consolidate and optimize.

We use SecureChange. SecureChange is most valuable to me because I have customers out there that know the process now. 

It provides good visibility because we have a lot of gateways globally, so it consolidates them nicely.

It could be a little more intuitive. I haven't used it a lot, but it gives me the info I need, I just have to find it.

The stability is fine.

I have not had to use the technical support. Maybe I should.

I was not involved in the initial setup.

This solution helps us reduce the time it takes us to make changes. We're probably saving time by 25%.

It is a really good product. It does exactly what you want it to do.

Get the training. I didn't get the training. I assume they provide training.

We use Tufin to do the review of rules, best practices, changes, and usage. So, it's an outside entity looking in to see what's happening on the rules sides. Then, we can do recertification for our rules, so they can be used again. Tufin puts it together really well, saying what's needed or not, then cleaning things up. We've been a customer for a very long time with them, and we're pretty pleased.

The solution's visibility is excellent for Check Point.

There's a new feature that validates standards. It allows the checks and balances against it, so it doesn't even go forward. It just says, "You're not right. Do it again."

We just got done with major audits. Tufin was able to provide information to give back to people, and say, "Hey, this is what I need to do, and what we're doing."

It's working on helping us meet our compliance mandates. We're a bank, so we're always chasing it, but it is helping us a lot. Rule recertifications are our biggest thing. However, what happens in the world of firewalls is people will put in rules to get what they need but don't ever clean them up when they stop using them.

The reporting is very good and provides in-depth knowledge for Check Point. We can write the rules as we see them. We can review rules and do searches. It has its own database which pulls all the information in regularly. This is very nice, and it is a good product for us.

I like the change impact analysis. It tells you what is going on,so you can review what has changed. In case you have to go backwards, and say, “Oops, that wasn't supposed to happen. How do I go get it?”

We were just talking to them about usage for the F5 platform. They will not be going after specific environments, but a more OpenAPI. They will have other companies write it, etc. It's a little different than I had expected.

It is a very stable product. 

It has very good growth. The scalability is very nice. We're doing a distributed environment right now. So, it has met our needs, which is nice.

The technical support has been excellent.

We were the first North American company to do this product, a long time ago. So, I don't know how the initial setup went. It's been a while. However, every time we go back and do stuff, it has been a pretty straightforward installation.

We used an integrator and professional services.

The overall experience was very good. I liked it.

We have seen ROI.

Buy Tufin because it works! I love the product. It's been a great product to work with. The people are great, and the support is awesome. I have had no downside out of it.

We're just getting started on the change workflow. So, we're learning it, and it's working well.

It helps with our review process. We do a peer review, saying "Hi, here's all the changes," then you can look at it and go, "Oops I forgot something," or, "I don't think that was in any drop," and we can go back and review that. This is where it helps us minimizes errors. Before Tufin, we would not end up not catching these errors.

We are automating, so we are getting to a place where our engineers are spending less time on manual processes.

It's mainly for the automation of policies.

The visibility is pretty good because it's a cross-vendor platform, so it provides visibility across different vendors.

We use this solution to automatically check if a change request will violate any security policy rules. We have a huge policy base, and we have certain compliancy requirements which we have to meet for the rules that we have. If we are planning to have a change in the policy base which could possibly violate the compliancy requirements, then we'd get the help of the tool to alert us in a way, which would make us aware of that.

It makes us aware when there will be any compliance violations possibly, and we can pro-actively prevent those violations from happening.

The automation because it is saving a lot of work, time, and effort required to do all of our manual work. The change impact analysis is pretty good, and with the automation, it takes care of a lot of things which we would be doing manually.

The change workflow process is flexible and customizable to some extent, but there is room for improvement. In some cases, we've found it difficult to get the exact thing which we were looking for. Then, we end up having to go and do the thing manually.

I would like them to have more focus on the whole compliance across the globe, like PCI DSS. These things keep on updating very frequently. If they can be on top of it and keep updating more frequently, getting more updates, that would be something good.

It's very stable. We haven't encountered any major issues, so it's pretty good.

It's pretty scalable. That's a good thing. 

Sometimes the technical support is able to help us quickly, and sometimes it just goes on for quite some time. Something complex or a new functionality requirement takes time, but if it's something simple, then they're pretty quick to resolve it. 

We didn't really do the deployment ourselves. So, it was someone else.

Tufin makes things a little easier. It lessens the amount of manual work which we have to do. It has a lot of benefits in terms of revenues, profits, employee costs, and operational costs. We have already seen return on investment.

The solution has helped us reduce the time it takes to make changes.

I also know that we evaluated AlgoSec.

I would suggest looking at not just the features and functionality which are specific to the environment which you are working in, but to be aware of the other features which the product has to offer. Because companies grow and things change, so it's always good to have at least a complete idea of what the product does and how it does it.