Tufin Orchestration Suite Reviews

I have used Tufin for traffic analysis, to check the traffic hitting a specific rule, for rule consolidation and so on. It’s really helpful. For my usage, it's very good.

We would like to see historic reports for the device, for a policy, for rule consolidation, and for rule optimization.

Also, it's pretty slow for us. Just to run an analysis for a single rule, we need to wait at least five minutes.

We had a couple of stability issues before, when we were running on our old core. We used to not get the reports as we expected. The Tufin used to get disconnected from the device and just not provide the exact reports such as the hits on the rules.
Over the last year and a half, we upgraded twice, and right now it's pretty stable.

It has been scalable for our needs.

Technical support is really good. They're supportive.

We've been using AlgoSec as well for analysis. We use both Tufin and AlgoSec for our reports.

It's a good tool. We would need a view of all the tabs, for the analysis. If it's pretty fast, that should be good for us.

We're using SecureTrack, and the most valuable feature for us is the accurate reporting it provides. Every time I run a report, I know it's going to return just the exact information I'm looking for. 

I like the ability to drill down in the reports. That's very handy. It allows you to drill down, but it doesn't show you all the information at once, because some of it can be very overwhelming. It simplifies the information and then you can drill into the details.

At first, it presents it all in one format in the report. That's the simple format. Some of the things I'm looking for, I want an answer back quickly. I can see in just a one-page review that all of the information I was looking for is there.

On an enterprise-wide scale, I would like to see improvements to the auto generation feature. We don't use it very much, if at all, because it didn't work well.
It’s the feature where Tufin can review a certain rule and recommend more granular rules based on the logs that it sees for the rule. We've had a lot of difficulty getting that to work smoothly. Our Tufin engineers have had to play with the software behind the scenes to get that feature to work. It'd be nice to be able to just turn it on and have it work, no matter where we're looking at these rules in the enterprise. That's actually been a need. We are an organization with over 15 years of firewall rule history. We need to remediate rules. We need to clean them up. That's something I think Tufin needs some improvement on. I like the ability to review Cisco configurations right there on the spot. I've found that very handy.

I think for the most part it's been stable now that we have our new hardware. Our organization's very taxing on it. We have dozens of engineers running reports at the same time, but it's usually just a workload issue. It does give you the ability to schedule reports. If it's not something you need right away, then you can just schedule the report to run as soon as possible and then continue to work somewhere else. That saves me a lot of time.

At a previous job, I used FireMon. It was similar at the time. I think Tufin has a lot more offerings with the Orchestration Suite now.

Work with the sales teams directly, because they seem very willing to be flexible with the development side. Every organization has different needs. Tufin’s willingness to be flexible impressed me.

In my group, we use Tufin to prove recourse. With firewalls, in terms of searching for existing rules, if we are looking for a particular rule, it shows whether an object exists, the network objects that exist. And if it does, it shows what is already in place and if we need to add something here and there. It's basically research analysis.

We use it for pulling your own reports, and checking the existing rule database from different firewalls from different managers.

I think they can improve the speed, although our speed issues might not be related to Tufin. Sometimes it is slow generating the reports, but I guess it depends on your infrastructure, if you have a good enough server. If you have more servers, the better.

If your infrastructure is big, and you're pulling a lot of metrics from many devices, it can be slow. But, if you add more servers, like a database service that reports are being pulled from, that speeds up the report generation a lot.

I know Tufin is great tool and can offer a lot more. I'm sure other groups or other people use it for what my group needs.

We are big, but I don't really know about scalability issues. I don't work on Tufin. I just utilize it. We just added a few more servers. In the last few weeks, the reports were coming pretty fast from busy firewalls.

I didn’t really use customer support. It's pretty self-explanatory when it comes to running reports and pulling metrics.

I was not part of the decision to use it.

We have not thought of using any other solutions. We have had Tufin since I joined the company.

It would be beneficial to get some kind of training from someone who knows the product, maybe from Tufin or someone else familiar with the product and the features. I know it can offer a lot, and you want to use its full potential.

Policy management.

It understands my need to make sure that there are specific metrics that we are looking at and with those seeing across our technologies, as opposed to just a vendor technology building reports. It's easier for us.

So far, with the asks that have been requested, we have been able to find the metrics we need. 

My suggestion would be to be able to correlate it with other toolsets, and not just have it contained in their own toolsets. I’d like to be able to extract it so it can be consumed by other tools, like a governance tool such as GRC2, Archer, and by algorithms. It should not be contained in their environment. Let them perform their functions, but allow me to absorb others and use other governing tool sets to take a look at your metrics.

I’m rating it a seven just because I don't think I'm using the tool at its full functionality yet. It's meeting my current needs, but I don't know what the future use cases would be. So I can't say it's a ten, yet, but I'm moving towards ten. So, I start with a five as I use its functionality as meeting my needs. It will grow, I have confidence.

The speed is good. As we continue to upgrade the software, I've been keeping up to date. Every version that I install, I see some improvement on the speed actually. So far so good.

I haven't had any issues. Even though my interaction has not yet provided me with a full understanding of whether it's stable or not, I have been interacting with the tool enough to determine whether there are any stability issues.

If the tool meets your needs, evaluation process wise, then you should make sure that you reap the benefits. It has a lot of functions, and a lot of benefits and features. Start using them all.

The biggest value for me is the ease of implementation. I'm newer to the company, only been there a year, but the fact that I could could win and recommend this product within six hours of getting the license installed shows that there's immediate ROI to my CSO.

I've been trying to clean up the firewall policies that I inherited from different iterations across topology changes -- from Cisco to Juniper to where we are now -- that have never been cleaned up. We're not publicly traded, so there's not a mandate to do so. When I worked in the energy sector, though, there were such mandates, but we weren't properly staffed.

Our current firewall policies never had a full, comprehensive risk rating of every rule, but we have that now. I've implemented different zones for setup so that we're able to get reporting immediately for our PCI environment. We know whether or not we're in compliance. If not, we can fix it immediately without waiting for an outside auditor. We can be proactive.

I'd like to see more work done on the topology side. Although the tool has gotten progressively better, topology still needs work. If it could be improved, that would really make the tool much more powerful. You can then have non-firewall people using it for troubleshooting.

I've used it now with various companies for over 10 years.

We've had no issues with deployment.

It's never failed or completely gone down. It's one of those set-it-and-forget-it tools.

I'm very impressed with the scalability. Previously, we used appliances sitting on our network. This time, we went with a VM and our technical rep said we could put up to 80 licenses on it. That's way more scalability that I anticipated.

Customer service is very good. I haven't worked with than much other than for the license, but they're very responsive.

Technical support is excellent. They're good at answering questions, very helpful, and responsive.

I've also used FireMon. We liked the Tufin UI better.

The initial setup was very straightforward. Our VM team installed the image for me and then I installed the license. From start to finish, it took about 24 hours, and most of that was paperwork.

In-House

I was able to create initial tuning reports within an hour of populating the system with my firewalls. Within one week, I was able to create my PCI zones and configure automated reports for compliance

We looked at FireMon, which is an excellent product, but for me it came down to getting everything stood up and running within a minimum amount of time. I needed it to look really good because I was putting my name on it. Plus, my manager loves the web UI over the FireMon UI, which for him was the key.

You're going to be really shocked with the first couple of reports that show stuff about which you had no idea. Let it go and get buy-in from as many other groups as you can. If security and network are separate, get network involved to access devices that will provide a clear picture of everything, especially of topology. Build those bridges ahead of time and present it more as a collaborative tool and not a "I'm watching you" tool.

Policy analysis is the product’s most valuable feature. It can pull out various rules that we need to work on, edit, update, and so on. It can identify rules that need to be moved, or need to be optimized.

Tufin analyzes tens of thousands of rules for us. Not all one firewall, but there's thousands and thousands of rules that Tufin analyzes.

Reporting is great. The only issues that we ever run into are with usage reports. You can run into things where something will have been modified and it ends up changed or something like that. Other than that, reporting is great.

The capabilities Tufin has for Check Point products are excellent. It'd be nice to get the same level of features that it does for Check Point up to par with Cisco, Palo Alto, and so on. There's a couple of things that are lacking. For example, on the Palo Alto side, if you're using a lot of layer 7 rules, there's very little visibility into that. When you run policy analysis, you're still only getting back source IP, dest IP, ports. It's not showing the URLs, all that kind of stuff. That's the main thing.

The only other thing I could see being improved would be regarding one bug. Once in a while when you save a policy analysis query and you click save, it goes back to the screen where it lists them all. Someone else's will be there, and it's somehow swapped them with another engineer who was saving something at the same time. It doesn't happen often, but when it does, it's annoying. Especially if you've just entered a whole lot of info into it.

I’m rating it an 8 because of a couple of those little nagging features, the little bugs. But by and large, it does the job that we need it to do at the moment. We're going into the new world of SecureChange. We'll see how that goes, too.

In our previous configuration, it would take a beating. It would take days to get certain reports out of the system. We've just purchased a whole bunch of new hardware, and Tufin’s been a lot more stable. I'm getting reports again very fast.

Based on looking at some of the other products out there, Tufin is definitely the leader of the pack. It's a good choice. Make sure you buy enough hardware, and make sure you know how you're going to use it. A lot of the features get very processor- and database-intensive, and you should have the proper gear to use it.

We can identify rules that are not used. We can identify rules that are open.

When importing the devices, they made it nice where you can script it and import all the devices into Tufin. That was a nice little feature.

I like the SecureApp feature. That looks like it's pretty handy. The compliance portion of it, where you build your security database. It runs against that security database and figures out whether the correct ports are opened up or if there are vulnerabilities.

I know that in importing some devices, I think routers and switches showed up the same. Router would be layer 3 but they would only show up in Tufin as a layer 2 device. On the Cisco portion of it, there wasn't separation between that.

At this point, there aren’t any other configurations I’d like to see.

I’m using SecureTrack basically to evaluate rule bases.

I have not really found any other side benefits. I don't really use it that much and it's relatively new. I don’t use any of the recording features.

I wouldn't say we had stability issues.

We have, I think, over a thousand devices right now, and we haven’t had any scalability issues.

I’ve never used technical support.

I was part of the initial setup. I imported devices but that's about it. It was pretty easy. You can put it in an Excel spreadsheet and import it that way or as a CSV file.

It's a pretty useful tool if you have a large environment with a lot of devices and you're trying to make it easier for the technicians to basically pawn the work off and make the application team more accountable.

With the limited knowledge I have of it and the limited use, I would probably give them an 8. I never give anyone 10's or 9's.

We use Tufin for oversight and revision control to avoid implementing rules that are against security policy documentation, and also to correct any kind of issues or mistakes in policy changes.

It can be useful for comparing rule changes to create rules that are more efficient and more consistent.

We primarily use Tufin to alert us whenever a firewall policy change has occurred. We immediately get an email with a summary of what changed, the objects, any kinds of rules that were created, and so on. We can review that from our email client to see what the other admin changed and visually see if they did something that was against our standards, if it was just a poorly written rule or something like that.

It's asking a lot, but anytime they add stuff to the rule usage analysis or the policy generator - those things are amazing already as they are - we'd really like to leverage that for cleanup and so on. One of the biggest issues for an encroached application silo firewall is that the policies get super-complicated and cleanup is not only a hassle but can impact business.

I’d like to see the cleanup process be more efficient. That's my biggest headache and the biggest elephant in the room. When you have a policy that's got hundreds of rules, help me clean it up please: tell me what rules aren't used, tell me what rules are redundant, and tell me how I can simplify the rule base. I mean it does a lot of that today, but feel free to innovate there. Make it better.

It has been stable. We pretty much just set it and forget it. It reaches out to us or, when we want to go consult it, we don't typically have any problems pulling it up.

It has scaled well for us. We probably have about a couple hundred firewalls feeding it information including rule usage and so on.

We haven't really had to use technical support. I think the only time we had to was during implementation. We have kind of a weird setup where we needed to split out syslog for rule usage analysis because we consolidated our syslog in one place. We said, "Hey, can you just have Tufin pull from that?" Support helped us with that.

Implementation was easy. The previous solution we had didn't really work. We brought Tufin in, got it working, and rolled it right out.

I was involved in the implementation, not so much in the vendor selection. Of course, I knew about Tufin, its reputation and so on, so I was not opposed to it at all.

I’m rating the product a nine just because I’m stingy with my tens.
Tufin delivers on everything that we've asked them. For a similar use case, they're solid and you're not going to have any kind of surprises or issues that are going to crop up from what I've seen. As an administrator rolling something out and having it work the first time, that's pretty much all you can ask for.