Tufin Orchestration Suite Reviews

We use this solution for firewall compliance reviews.

This solution has helped us to speed up our review process. After we do make a change, we're able to quickly review what has actually changed. 

This solution has helped us with compliance because we're able to map out certain firewall rules against compliance requirements, and we're able to write reports to show us exactly what our firewalls look like in those areas.

From our perspective, the most valuable features are the compliance and firewall reporting modules. Indirectly, we use Tufin to clean up our firewall policies. We run reports, and then use those reports to drive improvement in the firewall rules. The visibility into the Check Point firewall rules is a lot easier to look at using a Tufin report as opposed to a Check Point report.

This provides good visibility of our firewall rules. Using Check Point is a little cumbersome to get what you need, so with this solution, we’re able to filter through and better get the information.

Tufin has a lot of tools for PCI compliance, as well as other modules that support things like SOX, but there is nothing substantial out there for the NERC CIP space. It would be nice to have some automated tools for NERC CIP compliance.

One of the areas that I've had challenges with is making complicated reports. There is an ability to pull in CSVs, but I've struggled to find the format that the CSV should be in.

I could spend hours building out a policy to check the firewall rules, and then the next person comes along and they don't see it because it's stored within a user profile. Consequently, they have to build out the exact same thing for hours instead of just being able to export it, and then import it into their profile.

The stability of this solution is fine. We don't have any issues with it, at least as far as I know.

It seems to be really scalable once you have all of the modules working together. We have a broad array of subgroups that we're working on compliance with, from really small to really large, and it works well with all of them.

I've never had to deal with their technical support.

I was not part of the initial setup of this solution.

Using this solution has allowed us to reduce the amount of time we spend making changes by approximately twenty percent.

This solution has a lot of functionality that we aren't using at this point, but it seems to have the flexibility and scalability. The drawback is the lack of integrated NERC CIP.

For anybody researching this or a similar solution, I would always tell them to look at all of the available options, but Tufin does all of the things that we needed it to do.

I would rate this solution an eight out of ten.

We use this solution for auditing our security and system access entries, then alerting us to problems.

The auditing reports generated by this solution help us to find issues.

This solution has helped us to meet our compliance mandates. We have very strict standards and security policies that we must follow. This tool is very flexible for the management team. It also helps us to ensure that our security policy is followed across our entire hybrid network, but we have a lack of security in some points.

The most valuable feature is that it extends security entries in the firewall policies. Given the number of entries in the access control, this would take a lot of time, so this feature is very valuable for us.

The visibility this solution provides us is great. At the moment, we are in the process of continuous improvement, and we need to include these new features.

The change workflow process is okay.

I would like the ability to export information in other formats including PDF, HTML, or Excel.

The stability is very good. It's better than the other tools that we have in the company.

To this point, we have only used the basic functionality. We have several teams working with the tools.

Technical support for this solution is excellent. At the moment, we have very good communication with support.

The initial setup was good and we had no trouble with it.

We handled the deployment of this solution internally.

We did not evaluate other solutions before choosing this one.

This tool is excellent in the specific areas where it is applied. We are spending less time on manual processes and at some point, we will be stopping them.

This solution definitely helps to reduce the time it takes to make changes. With other tools, I have spent five or six hours or even days, but with this solution, it takes me thirty minutes. It can take even less, depending on the complexity of the firewall.

My only complaint is that I would like to be able to export data to different formats.

I would rate this solution a nine out of ten.

We're using this solution mainly to get some audit reports regarding the policy installations on our firewalls. We aren't using any changes or other features, and we're not installing policies automatically. We're just using it to collect some log data like who installed something and what they did.

It's user-friendly. It's easy to understand menus on the web GUI. That's a good feature for us. I can say that it's doing what it's supposed to do. It also integrates well with other products like Check Point.

It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old. It would also be better if they had an SMS gateway integration. I would like to have some integrations with other products like Jira for change management and incident management.

I have been using Tufin for about three years.

Tufin is a stable product. We're not having any issues. Sometimes we do have problems with the product, but it wasn't related to Tufin. Sometimes when we had an upgrade on the firewall product itself, we encountered some problems.

It's a scalable product. We have about 50 gateways, and Tufin collects data from all of them. We also have a management server, and we've integrated two important classes of databases. We're only using three instances, and we're not having any issues.

Tufin support is good, and we managed to implement this solution by ourselves. But it would be better if some engineers from Tufin joined a session and did stuff together with us. That would have been much appreciated. I would expect them to organize the session and provide some support, at least in the beginning.

I also have AlgoSec, and it seems to be much more complicated. I would say that Tufin is much more compatible with Check Point firewalls. That was the main reason for choosing Tufin over AlgoSec.

The initial setup is complex. I didn't have any Linux knowledge in my past, but I could say Tufin support is good at it. When we need to get some support, they respond quickly. They explained everything to finalize issues regarding the installation.

We implemented this solution by ourselves. It took us one or two hours to install and deploy this solution.

The price is on the cheaper side. I'm not planning on adding additional resources, and I don't expect any additional costs.

Not before but after using tufin actively about a year, we have evaluated algosec as an alternative solution. It was also well designed alternative but it was not well integrated as tufin did with Checkpoint

There aren't many products like Tufin and AlgoSec. I think both products are good, but when people are using Check Point applications, we recommend Tufin.

On a scale from one to ten, I would give Tufin a ten.

The solution is predominantly used for managing firewall changes, policy changes, and understanding those aspects.

Most people use it for the basics, even though they could use it for a lot more.

The most valuable feature is being able to customize your own clarity to that aspect of change management.

Having better visibility of what is going on. If it gets out of control, you can keep it in your head no matter how smart your administrators are.

From what I have seen, it's user-friendly.

It's a bit clunky, but that may be because of different environments, and it is struggling to get the information. It's possible that the performance issue is because of the network and not the right architecture.

I would like to see anything that is graphical, as much graphical representation of things. Modeling, and what-ifs. It becomes more intuitive and allows you to close some of the gaps between drawing stakeholders in, for example. If they ask "Why are you spending so much money on this tool?"  or "Why are you doing this?", you can show them examples and it becomes more obvious.

I would like to see AI elements included with this solution. There is quite a lot of human element in understanding the consequences of change within the firewall environment, but they might benefit from more of an AI element as well.

I am a security architect and I have been involved with it periodically for approximately five years.

It's a reliable solution.

It's a scalable product. I have dealt with companies that are pretty sizeable, and it seems to handle it.

I personally have not contacted technical support, but the information that is available on their website is pretty useful, it's pretty good.

You need to allow a fair amount of time. That is the case for all firewall management tools.

It gives the appearance of being straightforward to get going but they need a bit of time particularly to do the sorting of the matrices for example.

When planning, people should estimate it then double it, just to make sure they get things right.

Price could always be better, but there are always consequences. Normally, there are other issues that come into play. For example, you pay more and expect to lean on the vendor more for the services and support.

I have recommended this solution from time to time and I would definitely recommend it to others.

I would rate Tufin a seven out of ten.

So far, the solution has been fantastic. The customer has been very happy with its capabilities overall. 

It works very well in an enterprise environment.

There aren't any gaps in its offering at this time. It's a very complete solution.

The reporting on offer is very good. Tufin makes nice reports.

Technical support has always been very helpful and responsive. 

The pricing could be a bit more competitive. If you compare it to, for example, AlgoSec, AlgoSec has better pricing.

The implementation could be a bit easier. 

I've been working with the solution for about a year or so at this point. It hasn't been too long. 

We've had to contact technical support a few times in the past. Their support is fantastic. They are very helpful and responsive. They are knowledgeable about the product. We are quite satisfied with the level of service we receive. 

I also work with Cisco devices.

We had some issues during the initial implementation. Our client had some devices that, for some reason, just weren't integrating. If they could look into issues that clients face at the outset, when the setup is happening, it would make the experience a lot easier to handle. They just seem to need to be able to handle more integrations with other devices. 

The pricing could be a bit better. It's definitely not the least expensive option. It would be ideal if the product pricing came down a bit so that it was more competitive. The clients would appreciate that a lot.

I'm currently looking at other solutions to compare Tufin to. I have done some comparisons between Tufin and AlgoSec and my takeaway from that is that AlgoSec is less expensive.

I would advise other organizations considering the solution to first be aware of what they want to achieve. As a company, you need to start there before you start choosing solutions. That way, you'll know if the solution will properly meet your expectations. Tufin has a few options as well. It's important to understand which would work best according to your requirements. 

I would rate the solution at a nine out of ten overall. We've been very please with the capabilities of the product and our clients have been happy. 

Our customers use Tufin to manage multiple firewall access rules through a single console. We have done on-prem, public, and private deployments of this solution.

It provides very good reports. It can easily integrate with multiple firewalls, such as Cisco, Juniper, Palo Alto, and Checkpoint. 

We can push a policy from Tufin to a firewall, which is a very good feature. We can monitor all access rules and the operating system of a firewall.

Currently, we are able to monitor access rules and the operating system of a firewall. It would be great if we can also monitor the configuration of the firewall through Tufin.

I have been using this solution for the last three years.

It is very stable. It has good stability.

It has very good scalability.

Their technical support is good.

Its initial deployment is not very easy. It is a little bit complex. After the deployment, it is easy to work with it in the GUI. Its deployment takes at least two or three days.

Customers usually evaluate AlgoSec. 

I would advise others to go for it to manage firewalls from multiple brands in a single console.

I would rate Tufin a nine out of ten.

We have a lot of ASA firewalls. We primarily use the product in order to lay down the rules and try to find out if there are any duplicate rules that need to be cleaned up, et cetera. It is mostly tasks like that.

The solution is very straightforward to use. It makes doing our work easy. The product is very good at helping us clean up rules.

We've found the stability to be quite good.

The solution is quite scalable.

The older version that we have doesn't support some newer firewall vendors. I'm not sure what the status of integration is right now on the latest version, however, it would be nice if they updated the older versions to allow for better integrations with firewalls. 

Sometimes the solution does take a bit of time to load. That said, it is a pretty old version, and that may be the main reason this is the case. It's possible that if we just upgraded to the latest version everything would go faster. 

Everybody wants to implement some kind of standard rules, however, it's difficult to standardize everything due to the fact that each company is unique. That said, if there was some sort of universal guide to ensuring firewall rules were compliant, that would be helpful. 

I've been using the solution for a year and a half to two years at this point. It's been a while. I've definitely used it over the last 12 months or so.

The stability has been good. I haven't experienced any bugs or glitches. It doesn't crash or freeze. The stability has been reliable in terms of performance.

I find the product to be easy to scale. Adding new firewalls is pretty straightforward and it handles the process well. If a company needs to expand and add more firewalls it shouldn't be a problem at all.

I would say six or seven people are using it and they're network operation people who have to deal with day-to-day firewall management, putting in new firewall rules, et cetera.

I've never had an opportunity to reach out to technical support. I can't speak to how knowledgeable or responsive they are. I have no experience.

The initial setup happened before my tenure with the company. I was not present when it was set up, and therefore I can't directly speak to my experiences with any implementation. I do not have a sense of if it was difficult or straightforward, and I can't say how long the deployment took. 

There is a bit of maintenance required, in terms of adding new rules, et cetera. We have individuals on staff that can handle that.

I don't have any issue with the pricing, however, I was not the purchaser. I can't speak to the exact cost for our company.

While I was using Tuffin, I did want to evaluate AlgoSec. I wanted to compare the two to see which was better. In the end, I've decided I would stick with this product.

We are just a customer and an end-user.

We are not using the most up-to-date version of the product. We are using one of the previous versions. I cannot at this time remember the version number, however, it was pretty old. We had a plan to upgrade, and then unfortunately ended up not doing that.

I'd rate the solution at a nine out of ten as it helps us do our work. We're mostly quite happy with its capabilities.

The primary use case of this solution is for monitoring, automation, policy orchestration, and security.

The most valuable feature is the monitoring. I quite enjoy the monitoring this solution provides. It allows administrators to visualize the traffic flow, and troubleshoot when necessary. It's a useful tool.

The interface is quite user-friendly and intuitive.

The cost of this solution should be improved.

They need to offer more support to vendors, such as Cisco, Checkpoint, Fortinet, and Forcepoint.

They have an API, but it needs more service on this.

While technical support is good, they could still improve.

I have been working with Tufin for one year.

It's a stable solution. There are some bugs that they are working on but that is common with any vendor.

They do mention that they don't support specific features from Nexus for some automation but it does actually work, although it is not listed as working.

Technical support is relatively good. They are not the best but they are good.

They could improve but they do respond with accurate responses.

The initial setup was straightforward. It was deployed in less than an hour.

The first time without training, it took an hour or so, but it was quite easy.

It's quite an expensive solution.

I would recommend this solution to others who are interested in using it.
I have not worked with any other vendors with this type of solution, for example, FireMon. I haven't worked with it. 

I would recommend it specifically to start with a secure track, which is a monitoring tool. Once the customer sees it, they want the solution. Afterward, for automation and secure change.

I would rate Tufin an eight out of ten.