Tufin Orchestration Suite Reviews

The most valuable feature is the ability it gives us to browse our entire infrastructure and easily find which rules match our policies. Tufin also helps us to clean up our firewall rules by suing the object browser throughout our entire infrastructure.

Tufin has allowed us to do much faster analysis. We don't have to analyze the entire rule set anymore because it tells us whether each specific rule matches policy or not.

I'd like to see more features implemented into Tufin to help us with automatic monitoring of our firewall environment.

It's quite stable. We've had no issues with instability at all.

We don't have firewalls all over the world, just a part of it. For the number of firewalls we have, Tufin works fine.

For the project I worked on, there were some things that didn't work quite well enough, so I got the impression that customer service had different expectations from technical service. I used it as an opportunity to tell customer service that we should work on the project and finish the concept before talking about pricing. But they thought we only needed the standard product, but for me it was clear that our evaluation showed we needed something more.

I was only involved in the POC, and I didn't have any big issues with it. So I didn't have a lot of contact with technical support.

When the decision for Tufin was made, I was not yet in the company. I've performed several upgrades since, and they all went well.

We also evaluated AlgoSec and FireMon, but we're staying with Tufin as it's our first choice. We only looking at other vendors because we found that during our evaluation of Tufin, there were some features that weren't implemented. We didn't make any progress on the other evaluations, however, because we didn't want to invest the money in them when we had the feeling that they weren't going to do what we expected.

Tufin SecureTrack has been great for us.

The multi-vendor support is very important for us. This is the most important feature because our system has integrations of software and hardware from many vendors. Tufin has also integrated well, supporting our system of multiple vendors.

Our company has a common policy that we need to ensure covers three different vendors we work with. Tufin helps us to manage this as it's where we've defined the common policy and also where we manage it.

I think that Tufin needs to be as-a-service, that is, in the cloud. The installation also needs to be easier. Additionally, with Tufin's business model, the licenses are quite expensive.

It's hard to stay updated with the last version. That's really the main hurdle we have with our deployments of Tufin.

It's quite stable, but you always need to do updates. Staying updated has prevented instabilities.

We don't have this issue because we only have four firewalls. It has scaled for our needs.

The initial setup was straightforward and pretty easy.

We implemented it ourselves with our in-house team. It was easy.

Sometimes it's very difficult to get the ideal revenue out of this tool. It's expensive.

The licensing is expensive. Maybe for a big company, the price and the licensing is not a problem. For a small or medium company, though, it could be an issue.

We also looked at AlgoSec and FireMon.

The SecureTrack and SecureChange features are the most valuable for us. SecureChange can work with different appliances. The integration between topology, security, and workflow is powerful, and the workforce capability to create a lot of different scenarios is great.

We use SecureChange because we have separate views to see those who are compliant with rules, those who are on probation, and the managers. The integration with our system is quite good, which is important because we have 5000 firewalls. Fortunately, we don't have a lot of rules but there are many people who can make and change rules. With this approach, Tufin has become a very powerful tool for us by creating an automatic implementation.

I would like to see a powerful integrator for automation in the environment.

We haven't had any issues with deployment.

We've had stability issues because it's a heavy solution. It takes a long time to get up and running, and when we migrate releases, that's an issue.

We've had no issues scaling it for our needs.

Our experience with technical support has been mixed. Sometimes we've gotten prompt responses; sometimes we didn't. We're also very, very busy and it's difficult for anyone to find time to work with technical support. Our last trouble ticket took two months before they asked us if we were ready for a fix, but we were all busy!

Implementation is complex now and the two-track environment is very stressful. I'd like the capability to put different rules within the appliance in order to manage the implementation.

We implemented it ourselves.

There are a couple of valuable features for us.

The first is that it allows us to track every change to our infrastructure, such as when the administrator makes new rules. Not only are we able to track every change, we can roll them back very easily as well.

The second valuable feature is that when you have huge growth within your firewall, it predicts what the growth may be and makes adjustments accordingly.

There are several security devices that are not on their list, so Tufin needs to improve this list. There are also a few design elements that could be improved as well.

We've had no issues with deploying it.

The stability is quite good. We are deploying the solution on physical machines, and it's on a lot of devices in our company. I think that if we did reports every day and every week, there would be no problem with the stability. It needs no maintenance and it's very stable.

For us, it's a new product so we don't know about scalability right now. We may need to scale it in the next year or two.

The customer service is superb and quite good.

The technical support is online and it allows us to get very fast answers to our questions. We appreciate the speed very much.

The initial setup is neither easy nor complicated. We have I5 hardware, and we had a little bit of difficulty installing our devices and Tufin.

Try it and you will like it.

The most valuable feature is that we can see what changes are happening on all our security devices at the very moment that they're done, so if any mistakes happen, then we can catch them very quickly before there is a big disaster and outage.

Mistakes like firewall policies where people put in wrong IPs instead of allowing permits and traffic stops. That is why it is very, very important.

On one of my earlier deployments, I was actually able to quickly diagnose about 100 VPNs that went down because one the administrators made a wrong encryption domain in the tech point, so we were able to catch it right away as the change happened. We were able to revert the changes very, very quickly, and it did not cause a long amount of downtime.

We are able to look at any objects that are not used, rule usage, which, for wide-open rules, we can put in tracking on those rules so we can turn down the rulebase, so those are the good benefits. The rulebase actually shows the same way for all the devices, so if you have checkpoint firewalls, or if you have five load balancers, you can actually have a similar view of all this, so you can understand it very easily.

The other good part is that whenever changes happen, we have to go through change control. We can put in our changer card numbers, and then those all come in the dashboard as the changes that were done on that particular change record, so then you can correlate the changes to a particular request which was approved.

New features would be when you look for any of the rules that are unused, then I would like to see whether there was a way to also make sure that the objects that exist are actually live or not. What I mean to say is, if you have a server that you had allowed in the rulebase, and you decommission the server, now the rulebase is there, which shows their logs, but I want to make sure that the server is actually decommissioned and not still alive. If there is a way that we can check for those objects, whether those objects still are alive in the network, that would be great.

I've been using the product since 2007, since its very early stages.

At one time, it had processed for a year. When I was in my previous company, I had installed one of the T500 boxes, and it had actually processed about 2.7 terabytes of logs, and we were able to trim down the biggest firewall. We now do about 11,000 rules, and they had never been cleaned for about five or six years, so by the end of the whole exercise, we trimmed down the rule base to less than 300 rules.

I've used about 200+ devices. That was all the environment was, so I definitely know, talking to other customers who have thousands of devices, so it scales very well.

Technical support is great. I've worked with several people within the company.

It was straightforward. I was able to get all my firewalls and a lot of the other networking devices in less than half a day.

I compared it to the usability and the easy way to actually add devices. We compared it to AlgoSec and FireMon. Both of them I did not feel were very intuitive to work with, so a lot of training would be required.

Just buy it. Don't even think about any other product. Just buy it.

We're able to generate reports to know what's going on with our rules, specifically expiration dates and PCI's, for our firewalls. It lets us know exactly what's happening.

When we make changes, we need to know exactly what's going on between each firewall and why a rule may pass or not pass between each. It would be good if Tufin gave us the ability to do this in a graphical way.

We have sixty firewalls, and sometimes the path between any two firewalls may have five rules. We need to know exactly what is going on and where we have to implement a rule. It's very complicated to do right now, and that's why we want to implement a security change.

We've had no issues with deployment.

We've had no issues with stability.

We've had no issues with scalability.

We need a vendor that has good, responsive support. Tufin support has been that.

We have a virtual firewall and when we ran our system, there was a problem with mismatched object rules. We called support to help us clean the firewall. The rep looked around and, after an hour-and-a-half, confirmed the problem. Then another five or six technicians analyzed our request and, after three or four days, released a fix for us.

We had no issues with the setup.

There may be a better product a year from now, but we're using Tufin now and we're satisfied with it. We'll use it until it doesn't do the job. It's a big deal changing firewall vendors, so we don't want to change unnecessarily.

Tufin provides Unified Security Management across heterogeneous environments. This is one of the great features of Tufin. We could easily compare the revisions of the devices, analyze the network and generate reports.

Before we started using this product, to resolve the network problems, it used to take a week or so. But once we started working with Tufin the problems are resolved in a day or two. And also, we can monitor different firewalls under a single GUI using Tufin.

I think SecureApp could be improved because, many organizations who implement Tufin majorly use SecureTrack and SecureChange, SecureApp is rarely used basing on their requirement. SecureTrack and SecureChange have been updated a lot and I personally can't see any changes in further in these. So, I think SecureApp has scope in developing more.

3 months.

The best 10/10.

10/10 They maintain good sessions in providing support

The initial setup is a straightforward, not that complex; just had a few Linux commands to setup the software part and of course there will be some physical effort in setting up hardware as well.

In-house.

Above 100%.

Nominal and market competitive.

I couldn't find other products which have similar features as Tufin.

Surely, I would recommend this product in implementing. If the organization has a large network and different firewalls/network devices; Tufin really helps a lot.

We are a Cyber Security Products and Services company. We resell Tufin products and provide Tufin technical services.

1. It's easily deployable.
2. It provides change and reporting on changes 
3. One of the features helps you clean up firewall rules, and maintain a good, clean rule set.

From an organizational standpoint, it can help improve for one by streamlining the change process, assisting and streamlining the change process for firewalls, routers and switching ACLs.

Also, it can help with compliance from an organizational standpoint, maintaining a certain level of compliance. Also, reporting - it provides reporting to auditors for the organizational level that need to provide evidence and for other auditors outside the organisation.

They could improve their support. 

They've already known about their support being kind of shaky. They can make the product more MSP ready, managed service provider ready. They can do that.

Outside of that, I can't really think of anything right now, but making it MSP ready and providing better support, I think they can definitely improve upon.

5 years.

I am impressed with the deployability. The set-up is really straight forward. I mean, I had one of my guys who has never really touched a computer before set one up.

I believe it is stable, well not every time, but 99.9% of the time.

It scales okay. They can add some scalability to it, yes, they can definitely add scalability to it.

Their pricing is too expensive, and I think they're one of the best products on the market but I think they can't get enough market share because of the pricing (the licensing). It's too expensive. They changed licensing models a couple of times I think, but I think they need to be more cognizant of the middle market, as far as licensing. 

My advice would be to do your research first on the product. Make sure it's going to cover everything you need, which it does. They have several uses for Tufin, several models as far as function like Securetracks, Securechange and the Secureapp, so you've got to do your research and someone may need all of the orchestration, the full Orchestration Suite.

I would ask you to just research it, make sure you get what you need because quite often people go to buy Tufin and they go to buy the Securetrack just the Securetrack firewall changes, that they end up getting a quote for Securechange, Secureapp, and not even know it, and they say "Oh, that's too expensive," but that's not really what they wanted, they just want the Securetracks.

I would also have them get a competitor, a demo ware competitor and compare it to Tufin just so they can see how well Tufin out-performs their competitor.

In regards to my rating of 8, if they did mark the price down, change the licensing model to include more middle market, so they can reach the middle market and get more market share, and also provided their partners, and this is going to be a big one for them, provide their partners with two-way licensing so their partners can use the product for free.

If I am partnering up with Tufin, and I've got to keep downloading demos to use it and I have to advise potential users about the Tufin product, it's just not going to work. They should give me the product for free, especially if I have sold a few deals for them, they should give me the product for free with a couple hundred licenses that I can use anywhere I want to. This should be done every year, so long as I'm a partner.

That would help increase their visibility, their market share, and bring them up from an eight to maybe a nine or so.