Tufin Orchestration Suite Reviews

Our primary use case is firewall monitoring, rule changes, and logging.

The change work flow process is flexible and customizable. We found it pretty easy, particularly when we were implementing new rules and with our cleanup. We found that the rule change was fairly easy to implement.

It has allowed us to monitor rule changes. This way we know exactly what would happen behind the scenes in the event of an after-hours change.

Its ability to detect changes within our firewall.

We had some issues initially with the initial reporting and alerting system.

While the visibility was pretty good initially, we have had issues with configuring and reporting.

I would like a better reporting feature and automatic alerting based upon rule changes.

Our engineers still have plenty of manual processes to work with.

The product seems stable from when we implemented it at the time.

We're pretty small scale, so I don't know how much larger it would go. We're about a 4,000 device network.

I haven't interacted with the technical support.

The initial setup was straightforward, but then it became complex due to our rule set.

We used a reseller, who was fine to work with.

The solution has helped reduce the time it takes us to make changes. It helps make overall integrated changes immediately. It allows us to cut down at least a few hours in the week in regards to changes and monitoring.

Really dig deep and understand your use cases, then what exactly you're looking for out of the solution.

It has allowed us to maintain particular rules in regards to CJIS and HIPAA compliance.

We have multiple networks connected to this solution. So, we are able to design and monitor different rule sets in the three different domains that we control.

The primary case is to get more compliance and security with good performance. We use Tufin to use some Check Point products. The product is for the way we manage our security, performance, and boxes.

The change impact analysis has been very good. We continue to improve. 

The change workflow process is flexible and customizable. Right now, we are using SecureChange, which is improving the rules that get applied to Check Point.

We use the solution to automatically check if a change request will violate any security policy rules by generating a Sunday email report in these type of situations.

Using the Tufin reports, for internal and external audits, is a way we can demonstrate how we made compliance. After any of the observation that we get from the audits, we just run the reports one more time to see if our changes are being successfully applied and everything is working according to the requirements.

Tufin has been very helpful to get a lot of groups changed and getting all the information inputted on a tool, then later to applied on the device. 

We can get reports with Tufin at anytime. We can have automated reports, even with security and compliance.

The visibility is very good, as it incorporates graphics with some charts and comparisons. So, we have very good visibility for the entire tool.

I would like to simplify the reports, and maybe have another view besides the charts. Possibly they could be more graphical.

I would like to see them continue improving the versions.

The stability has been improved, even person by person. It is even stronger in a way.

The scalability is according to performance that we are experience. Therefore, we are getting more devices on this tool, so it has been very helpful for us.

I haven't used their technical support.

The initial setup was very simple. We could obtain deep knowledge information from Tufin's knowledge base (KB).

The solution has helped us to reduce the time it takes to make changes. With Tufin, it takes ten to 15 minutes. Before, it was 30 minutes or more.

I would recommend Tufin. They are very helpful for IT organizations, as they continue improving SecureChange.

With our security plan, we can see how Tufin meets the basic requirements. Then, we can go and customize if there is any risk, which might be interfering with ports or external networks.

The primary use case is for firewall auditing. We use it for audit monitoring, login changes, and firewall changes. We are looking at automation, but not yet.

The product is good at auditing the changes that we make in our environment.

We use this solution to automatically check if a change request will violate any security policy rules. For example, if the engineer is making a change that hasn't been authorized, we will know about it.

The product streamlines our change management process. It assists us in reporting on some of the compliance for our auditing department. It helps us in managing the process and having some auditing capabilities.

• The reporting is its most valuable feature.
• The change impact analysis capabilities of this solution are good. 
• It is able to detect our changes, email, and alert us.

There are features that we haven't used, and we need to understand them first.

Product seems to be stable. We haven't had any outages yet.

I personally haven't called into support yet, but some of my peers have. They seem to get their questions resolved.

We previously had FireMon, but FireMon kept giving us inaccurate information and not up-to-date information. Therefore, we thought we would try out Tufin, which has provided us with the information that we needed.

There were some hiccups here and there with the initial setup, but we used Tufin's support to assist us with that.

We deployed it in-house.

On the shortlist was AlgoSec, which was the only one that we actually tested.

Tufin and AlgoSec were pretty much in the competitive price range, but this one provided us better integration into the Check Point environment.

Seriously Tufin for your final decision.

Our primary use case is firewall management and policy management.

It has very good visibility with all our devices. We can see how they interact with each other, and if we're doing the right things or not.

We find it to be flexible. If we have a change that needs to be done, it will go ahead and do it for all our devices, regardless of the manufacturer that we have associated with it.

We are still in the beginning phases of it, but we're hoping that it can change how all of our policies are determined and implemented.

The most valuable feature is the consolidation of firewall products.

The change impact analysis capabilities of this solution are pretty good. We like the product a lot.

I would like the following additional features:

• Easier integration with more automation.
• Ability to get better results from rule-based requests.
• Ability to do some policy browsing and find out where they're hitting, specifically.
• Ability to pull hit count reports more easily. 

It's pretty stable. I haven't had any issues with it.

The scalability is pretty good. All we have to do is just add another device and buy another license. It seems pretty straightforward.

I personally haven't worked with them, but I've heard good things about how responsive they are. They've always been able to find the answer that we needed.

We had no solution previously. So, we needed something that would help make our decisions on better securing our network.

The initial setup was straightforward. It was very easy to setup and integrate. We had no issues.

Most of the work was done by us. However, we worked closely with Tufin support, and we have good things to say about that.

We also evaluated FireMon. We did not go with them because the solution was not as easy to install or incorporate in our organization. To us, Tufin just seemed to be the better product.

It's very solid product. There are definitely a few things that I wish I could do with it, but I'm so new to the product that maybe I'm just not looking at the right spots.

Try it out. It's pretty cool. I was very impressed with the initial presentation and how it could automate everything. It's just that getting to the point where you want it to do what you need it to do is definitely time-consuming and a lot of work. However, I think it will be worth it in the end.

We are working to use this solution to automatically check if a change request will violate any security policy rules. We are not there yet.

We are still in the process of getting it developed. Some of the portions that I have used have helped me, as I can just go to one place and find out if a rule exists, or if there's any type of traffic.

We are using SecureChange to start orchestrating a lot of our changes. Our users can then request changes instead of having to go directly to us. We are trying to automate some of those pieces.

The visibility is very good. We have managers who are overseeing it, and they are approving things through it.

The whole process is flexible and customizable. We are building the matrix, then we're putting in exceptions. We have to add manual exceptions into it, and they have to come to us first before they can get it approved, which is good.

We use this solution to automatically check if a change request will violate any security policy rules. Similar to what we are doing with Azure, where they request a change, and if it violates policies, it gets kicked back. Then, we have to review it and figure out what they're doing. We can then move forward with it, if it's approved.

• The Orchestration
• The way that users can access it directly.
• The change impact analysis capabilities of this solution are good.

• The hardest piece is getting the matrix built.
• Room for improvement includes how we are pulling the routing cables and getting SNMP enabled.
• Tufin could provide a train for running its reports and showing people how to use them.

The solution is very stable. We've upgraded several times and not had any issues. For stability, it's perfect.

We're in the process of scaling it. We started off small, and now, we're enlarging it to cover more of the enterprise. The scalability is good.

I haven't used technical support. My colleague has, and they are very good. They work through solutions.

The initial setup was pretty straightforward. It communicating with the firewalls and management server were the big pieces.

Well when we first started, it was through a reseller. Then, as we're bringing in SecureChange, we have been doing it all that ourselves.

The reseller was Structured Communications, who is in Portland. It was part of a package deal that we built with them. Our experience with them was good. We used them a lot.

We don't have to go through our firewall group, who actually does the rules. They don't have to create tickets to send to us, then take a couple of days to get all that stuff built and put in place. Now, it is usually the same day, or within a day.

This solution helped us to reduce the time it takes to make changes. We used to spend up to an hour to do a change, and now, it's around five minutes.

Engineers are spending less time on manual processes. They are now spending half their time on manually processes, 20 to 30 minutes, because we don't have to go out and touch things anymore.

We're still in the process of implementing things, so we haven't really seen a lot of return yet, but we're hoping.

It is a good solution, somewhat easy to implement, and gives you a lot of information. It takes time to learn all the little nuances of it.

I don't think we're using cloud native security quite yet.

Firewall policy management over all firewalls from one single point. We browse policies, objects, and their usage. The report gives us an image of where risks are.

We now spend less time auditing rules with reports: 

1. The designer helps us in creating rules
2. It tells us what rule is missing and where to put it. 
3. The predefined reports are then sent to administrators.
4. It provides an exact image of how to improve security.

• The policy browser gives the ability to browse all firewalls from a single point. It's possible to see where an IP is inserted in rules. 
• The designer gives the ability to know where to add a rule, or if the rule is already in place. 
• The reports are personalized now and the cleanup is helpful for administrators.

It would be great to add a link to Visio to create shapes directly from Tufin, as it has the configuration. 

We use it for compliance, and the performance is good.

Before, we had to manage each file individually. Now, they can all be managed as a single entity.

• Central management for all the firewalls.
• The ability to do queries on the rules and understand in which files the rules are configured.

It needs better reporting with more graphics and more pie charts, so management can understand details. The reports that are done now are full of data and management would like to have an image to help understand, right away, what the reports are saying.

Stability is good.

Scalability is good.

I have been in contact with technical support. Sometimes they are slow but they get to a solution.

Plan ahead because the implementation of Tufin is hard if you don't have an idea of what you want to do. Without a plan, it will be hard to get it working.

When I'm selecting a vendor, I read the opinion of other people who use the product. I want to learn if it is buggy and if it is doing what people need it to do.

I rate Tufin at about eight out of 10 because they really need to improve the reporting.

We were looking for a solution to provide firewall rule management that would enable us to choose which firewall rules to keep and which to eliminate.

Now we can confidently remove firewall rules that are not needed and make the configuration of firewalls more strict.

We are able to discover firewall rules that are too broad and widen the security footprint.

This solution would benefit from an improved reporting functionality with graphing so that reports can be presented to management.