Tufin Orchestration Suite Reviews

We are using Tufin to be security compliant within our organization.

This solution was a need for our organization to stay compliant and it has helped us in this way.

The most valuable feature of Tufin is rule analysis.

I have been using Tufin for approximately three years.

Tufin is stable.

The scalability of Tufin is good.

We have approximately 20 people using Tufin in my company. We have many teams using the solution, such as security, operational network, and network architecture.

We do not have plans to increase the usage of this solution.

The support I received from Tufin was responsive and helpful.

I rate the support from Tufin a four out of five.

Positive

I have previously used AlgoSec and we switched because the price was too high.

The initial setup of Tufin was complex. We had some issues with the architecture.

We did the implementation of the solution in-house.

The price of Tufin could be lower.

We have a team of three engineers that do the maintenance of the solution.

I would recommend this solution to others.

I rate Tufin a nine out of ten.

We are an IT service provider. We are using it in our company and on the customer side. So, we have internal customers, and we are also a solution provider for external customers.

We can check and analyze the current status of our firewall rules.

Their pricing can be better. It is not very transparent. 

In terms of functionality, we have not had any particular or special disadvantages other than the integration, but every tool that you take to integrate with your infrastructure is more or less complicated. For example, you have a history in your firewall infrastructure, and the longer the history is, the more you have to work on it to integrate. We see that in our infrastructure. We have been a service provider for more than 40 years, and we have been on the market for 20 years. We have a lot of customers, and there are some individual requests and setups. For the integration of Tufin or any other tool, you need a certain level of standardization. We have more disadvantages on the site from different firewall vendors. For example, with Drupal, you can integrate any individual firewall, but for Fortinet, you have to use a Fortinet manager.

We are not looking for any additional features at the moment. We are not planning to buy any other modules.

I have been using this solution for five years.

Until now, we have not had any problems in terms of stability.

It has been scalable so far. We don't have any issues.

On the administration side, 15 people are working with it.

I would rate them a six out of 10. In many cases, we had to escalate.

I didn't work with a similar product previously.

Its implementation process is complicated.

It is expensive, but as compared to other players, it's more or less okay. Their pricing is not very transparent. This is my biggest point regarding Tufin. I've never seen a price list or something like that. It's always individual, and in many cases, it's very confusing to know what is the base and what is the price.

I would advise thinking about which modules you really want to use. We are using it only to have a transparent view of the firewall rule base and nothing more. We are not using any modules of this solution because we want to be and stay independent. For example, for the execution of the firewall rules, we use our own system. We have also developed all the other things ourselves so that in the future, we can switch to another product. So, you have to take care that you are not fully dependent on Tufin. 

I would rate it a seven out of ten.

We use the solution on-premises.

Policy management and the cartography of the network have been the most valuable features.

The network part of the solution could be improved, specifically the licensing model for routing devices. Customers need to get the license easily in order to have the cartography of the network and build the other solution of Tufin, such as a secure change and secure application. To do that, we need the licenses for the network devices in complex environments where customers have a lot of network devices. It is too hard to get a license for each device, so Tufin should remodel the license model for these kinds of devices.

For the license for the security devices, it's okay that Tufin has a model for physical devices and for virtual devices. For the network devices, the main reason to have a license is to get topological information, routing information, and so on. With Tufin, it's a bit hard to tag all the devices that you need to build the topology of your network. 

We have already talked to Tufin in order to simplify the license model for the routing devices because these devices are the main technology. The RN is just for routing information, not for the security and building access list, and building VPNs, and stuff.

In order to have that topological view, you need a license for each device. For that, the cost of the solution rises exponentially. Because there are a lot of routing devices for your network, in order to build the topology of your network, you have to spend a lot of money just on licenses for devices that aren't security but do routing work only.

They have to rebuild their licensing model in order to fit the needs of their customers.

For routing devices, we would like to have something related to the orchestration for the solution because we know that there is one for Tufin, but I don't know how it works, if it has to work with all the models installed, what the features are for that orchestration, and what the needs are for that model to work properly in a complex environment. 

For example, we work in complex banking environments where there are a lot of bricks to communicate with. For that, what is the information needed for the orchestration in order to have an extensive look at the topology of our network, and after that, how the orchestration is going to implement the right accesses to main privileges on security devices all around the topology of our employment.

I have been using this solution for five years.

We didn't have a lot of problems regarding the solution. It's a stable solution.

In order to have it running correctly, we had to dedicate a person to manage the solution. I work on it with Tufin and with some of our partners in the group. We have our Société Générale in the group. We have some other partners inside the group with Tufin in order to build this kind of model for the time to market objectives.

We didn't have a lot of problems concerning maintenance. We had two or three hardware problems that were solved remotely by support and for the upgrade and the OS upgrade because there are two kinds of upgrades to operate. The OSTs and the secure channel also have upgrades, which we did ourselves.

Tufin has a policy of publishing new versions of the Dell OS, so two versions a year. One is a final version, and the other one is a beta version. In a year, you get two or three updates. It's not very hard to follow the stream of changes in one year.

We didn't have to expand the solution, but management has had thoughts about expanding the solution for other environments, for other clients, and for the customers.

Technical support was present and responsive for our needs. We had some problems with the appliances. They were very quick to respond to our support tickets and to give the right solutions for the problems we had.

On a scale of one to give, I would give technical support a four.

We needed someone from Tufin in order to get it installed. It's not a straightforward process from scratch. You have to build your own network with someone from the PS, and after that, you have to give a lot of information about your network, your devices, where they are located, what is the networking scheme of your network so that the PS can implement all that. After that, they can build the model for you.

On a scale of one to five, I would rate initial setup a three.

We used engineers from Tufin for setup. They were responsive. They were experienced with the solution they sell.

There is a permanent license for devices, but it's not relative to a device itself. Once you purchase 10 licenses for virtual appliances or virtual context, you can put them into different virtual firewalls, but you can reuse these licenses for other devices if you don't need them for the old ones. 

For example, if you deploy new ones, and you don't need these licenses for the old context, you can redeploy them in another one relative to a device, like a Mac address.

The problem is that once you redeploy the license for another context, another rhythm, or another virtual appliance, you lose all the history and reports from the Syslog from the old one.

I haven't looked into the competition because we don't have the ability to choose between solutions for central management.

I would rate this solution 7 out of 10. 

The main brick in order to build your solution is the first step, which is having a good understanding of your network and good people to talk to when you want to build your topology. Once it is done, the solution runs by itself. Exporting, reporting, topology, and changes are all handled by this solution.

After the initial deployment, it is a stable solution. It can suit customer needs in complex environments.

A con is that it is very needy in terms of implementation such as small configurations. We had that problem with networking devices. We had to implement it to get all the information from all the routing devices. Even if they don't belong to our network, we had to have the information from MPLS devices on the telecom operator. Sometimes it was difficult to build the solution from scratch.

The Syslog part was a little difficult to handle. For the appliance we have right now, it handles the management, the Syslog, and all the needed modules in order to operate the solution. Sometimes, it is a little bit hard for the appliance to get straight to all the models it runs. Maybe with the new models of the appliances, it's easier for the appliances to run all the models. With the newer generations of the OS, I suppose that now it's more effective and less of a time-consuming process, but it's okay for us to upgrade after that in order to get all the new features in the new OS.

There are five people using this solution in my company. I manage the team that utilizes Tufin. I have had experience with the demos that my team has given me in relation to the auditing of our Palo Alto platform.

I'm a consumer of reports. The reports are clear as long as they're set up correctly. I'm able to see auditing changes, and changes in our firewall platform more clearly than with the native tools. It seems relatively useful. It can also provide guidance on different configurations that we have. 

The solution is on-premise.

The clarity around the auditing provides the most value for us.

They are a little bit behind on some of their support for the Palo Alto firewall platform. I'd like to see that catch up, specifically around importing certain objects.

From the Palo Alto platform, I remember hearing that Tufin required an update, so that would've been the only flash issue.

Their customer support is responsive.

The pricing is reasonable.

I would rate this solution 7 out of 10.

My advice is to look at what is currently supported in whatever security technology you have because some of the features may already be covered. However, if you identify a gap in what you currently have, specifically around auditing, then I would definitely suggest looking at Tufin.

We primarily use this solution for integration, and we deploy the solution on-premises and on cloud.

They have very good responses regarding integration and internalization with open tickets.

The solution does not have automation with other Firewalls and it should be included.

We have been using this solution for approximately five years.

The solution is scalable. Currently, approximately 60% of our organization uses it.

We have had a good experience with customer service and support.

We have used AlgoSec.

Licensing costs are charged every year.

I rate this solution a six out of ten. The solution is good but can be improved by including additional automation in the next release.

We deployed the solution based on the preferences and needs of our clients. The solution was deployed on cloud and on-premises. However, it was primarily deployed on cloud.

The firewall security was very valuable.

The firewall management is complex for beginners, and the solution could be improved by including icons that provide insight into what they are and how they function. For example, the ability to understand what an icon does by hovering over it.

We have been using this solution for three months.

The solution is stable.

The solution is scalable.

We have had a good experience with customer service and support.

I rate the initial setup a seven out of ten. Deployment on cloud is done through a web platform, and deployment on-premises takes two to three days.

We implemented it in-house but got assistance from someone with hands-on experience with the product.

The licensing costs for this solution are decent for the services provided. From my perspective, the prices should be higher because the organization that often uses this solution is critical.

I rate this solution a ten out of ten. The solution is good, and no clients complained about it. Therefore, I recommend this solution for people seeking to use it, as they can never go wrong with it. However, for a beginner, it could be tricky to implement.

Some of our customers has Tufin, and we manage it. We're also planning to have our own Tufin that we're going to use as a leveraged service for all of our customers.

Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc. 

If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers.

They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs.

We have been using this solution for three months.

I have not contacted their technical support.

We didn't work with any similar product, but we are just going with secure track and secure change, not secure cloud and secure app. That's all that we really need at this time, and obviously, we will work with Tufin in the future if we need more.

A few of our clients have decided to implement Tufin themselves, whilst we just manage their firewalls. We were not involved in the setup of the management suite. However, after seeing the benefits of this, we have heavily considered the use of Tufin on a number of our other clients we manage.

We have identified that setup is a part of this and in our conversations with Tufin sought to address this. They offer a service for the full setup of the platform for use as an MSSP, and then providing a hand off service towards the end of this setup process which teaches engineers how to setup the remaining required devices.

For the full functionality, Tufin utilises all L3 devices on the network, so setup can be quite daunting. However, we identified that it would take ~30 minutes per L3 device, some of which can be done simultaneously. This is the biggest drawback to Tufin integration. However, Tufin can be used to some degree without this, meaning you can reap the benefits of it sooner rather than later.

What we found is that the return on investment will be pretty quick. This is because of the time saving that Tufin offers in FW changes, we can implement more changes at a faster rate. This has huge savings for employee's workload and the cost of their work. We have freed up a large majority of our FW engineer's time. The huge ROI we witnessed has resulted in us identifying that we can go to market to gain more customers and really broaden our customer base without the 'con' of hiring more people.

Because we're quite a large company, the initial price wasn't too much of a factor for us. This is because the ROI was so significant for us.

We identified others, like Firemon and Skybox, however we found that they were not as mature as Tufin, not offering the same range of Firewall Vendors, e.g. Palo Alto, Check Point, etc., and the same level of automation.

I would advise others to definitely work with Tufin and work out the best costs. Work out how soon you'll realize your return on investment. That has been a major kind of help. They've been brilliant in trying to help us develop a business case for using it, and then internally, I am sure there will be a massive help for implementing it in the future.

I would rate Tufin a nine out of ten based on the whole experience that we've had with it and the real kind of capabilities of the product.

Our primary use case is trying to make sure that when firewall rules are requested, they meet our compliance. Tufin has a notion of a universal security policy, where you line up the policies and we use the solution for that. We also use it to track all of the changes. I'm the executive director of the company. 

Tufin gives us the rule, definitions and things of that sort, which is great. All the basic functions work well. 

Our compliance goes through SecureChange and they give us the rule set and then the recommendation. Ideally we'd like to press a button and create a Terraform to put into the build and deploy. We can't do that yet and there are several manual steps which can lead to errors. We'd like that to change. 

I would also like to see the ingest of flow data enhanced, so that multiple flow data can be ingested from different points on the network and be mapped out. The basics work, the issue is when you have a complex network because maybe you want flow data from the firewall and with Tufin it's only from a single source.

I've been using this solution for over two years. 

Tufin is a good company. I think most of the products in this market have difficulty working across a multi-vendor solution, and that also applies with Tufin. It works really well when you have a single vendor solution but it's just not as intuitive if you have back-to-back firewalls or you have a complex topology. For simple topologies, it works really well.

There are currently some issues with this solution but if things improve with the new version, which apparently has some enhancements, I would give them a higher rating. For now, I rate this product a seven out of 10.