Tufin Orchestration Suite Reviews

Our primary use case is fo the security of our medical facility. We have a lot of holes in the firewall and we wanted to see the details. For example, we see a lot of traffic between the different zones that we needed to reduce. So we use the solution to eliminate this traffic. It also allows us to have a lot of optimization rules for a good switching policy in the firewall. 

It can quantify and reduce a lot of risks.

I like the deployment and management of this solution. I don't have much experience in that kind of security solution, but I have three years of experience in similar solutions, like AlgoSec. I do some scripts to optimize the solution, such as configuring the API.

Additionally, when we export the report, you can see a lot of logs of all the equipment in the company and we can identify some of the machines or some log station in the network. Also, the user can create some requests to implement the flow and push the rules in the firewall. You can analyze the log and the traffic, you can have a lot of API's, and do some reporting.

In the next release I would like to see better migration in the Cloud because that will allow more visibility in the network.

I have been working with Tufin Orca for one year.

This solution was already deployed and we just manage it.

It is a stable solution.

This solution is scalable.

I have tons of contact with support. If you have some problems or issues you can contact support and manage the problem together. I did that with a lot of competitors, like Palo Alto on our network. If we have an issue in production, my production team will try to solve it or you can contact support to manage the issue.

I am satisfied with the support.

The initial setup is not complex. It's easy for me because I have some experience and training on it. Now I can do a whole production on the application.

We used an integrator for implementation because I have a colleague who has a lot more experience than me and we worked together to manage that solution.

I would recommend this solution. I think it's a good solution to have. It is good to know what this solution does in the network. You can have a lot of training on it and see a lot of questions from different users in the company.

On a scale of one to ten, I would rate it an eight.

We use this solution for Firewall audit, compliance, and some automation.

Using Tufin makes it easy to visualize when investigating or auditing configs.

The most valuable feature is alerting, which lets me know when someone has made a change. When something stops working I can see what has been done and by whom.

This solution is easy to set up and use.

It is very easy to see what has changed when comparing two different revisions.

I would like to see visibility into the FW features like IPS/Content Filter policies, the same way it does for FW rules/policies.

We use this solution for recertifying connections, application-based automation, and compliance with regulations.

The workflows save time and speed up the authorization processes for applications. For network operators, it enhanced visibility. For application operators, it increased knowledge of dependencies and also provided them with impact awareness.

Before this solution, we used Excel sheets. This approach did not provide ways to filter the options for implementing changes. The filtering of lots of criteria is very valuable.

I would like to see more configuration options on next-generation firewalls, defining possible standards for devices.

The tool is highly reliable.

We have not run into limitations around scalability. Depending on the devices, it is better to have a sizing discussion with the sales engineer.

In the beginning, we did not have a dedicated support handler and it caused some issues because the service requests were interrelated. When we later obtained a central contact in support, it improved the handling.

Prior to this solution, we used Excel and firewall vendor consoles.

The initial setup was fairly complex because of the agreement with the network provider.

We implemented this solution in-house with the support of Tufin Professional Services.

I suggest talking with Tufin about the flexibility of the pricing structure.

We did not perform our own evaluation. However, one of the daughter companies evaluated multiple products (Tufin, FireMon, and AlgoSec) and selected Tufin. We relied on their research.

Implementing the tool is easy, but introducing the changes within the company can be challenging.

We use SecureTrack for troubleshooting, APG (Automatic Policy Generator), implementation of new requests, change monitoring, rule and object usage reports.

This solution provides an unified display of rules across vendors.

We use this solution e.g. for cleanup and processing of shadowed rules.

Using this solution saves us time and money. The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.

We are able to perform an inventory analysis for colleagues.

The most valuable feature of this solution is APG, the Automatic Policy Generator. Further there are very good capabilities for policy browsing and reporting implemented.

I would like to see better report integration in this solution.

I would rate the stability of this solution a nine out of ten.

The scalability of this solution is ok.

The technical support team for this solution is very polite.

There was some functionality in the integration with Check Point that was initially working not in the best matter, and it was only fixed after Check Point got involved.

We did not use another solution prior to this one.

The initial setup of this solution was not complex. It was simple.

Our in-house team handled the implementation and deployment of this solution.

Tufin is expensive but it is very good.

We did evaluate other options. However, Tufin was the best one that we tried.

We are using Tufin to manage our multi-vendor firewall environment.

We are using the Secure Change workflow to request, asses, and implement Firewall requests. Secure Track is used from our Security and Audit department for regular policy reviews.

Due to the usage of Tufin, we reduced the manual effort during audits to a minimum. The central place to request Firewall Rule Changes supports our Operation teams in a multi-supplier environment on a daily basis.

The automated reporting on a regular basis is helping us to be compliant with legal requirements.

We would like to see granular user permissions on SecureTrack.

The topology should be made easier to configure.

I would like to see the setup of the Unified Security Policy simplified.

We have had no outages over the last six years, so this solution is very stable.

This solution is highly scalable.

Customer support reacts very fast. Due to the complexity, sometimes additional support levels need to get involved.

We did not use another solution prior to this one.

The initial setup was complex.

A mix of Tufin Professional Services and in-house.

We evaluated other options before choosing this solution.

I recommend getting Tufin Professional Services involved when implementing automation.

We use Tufin for firewall management, firewall compliance monitoring, and unified policy implementation.

Tufin assists us in maintaining a robust view of our internal network topology. This topology may be built with a certain period, but it saves lots of operational and audit time in the long run.

The most valuable feature of this solution is the Interactive Map. The interactive map would show our network topology, which would benefit in terms of understanding our environment (especially for new staff) and first-level investigation (including end-to-end firewall path analysis).

The product should integrate with the UTM features. It may benefit the firewall implementation and migration.

Our goal is to move towards a completely automated system within our organization. We also want to integrate different business units, see what our vision is from an automation standpoint. In addition, we want to get complete visibility across all the different platforms that we have.

We use Tufin to clean up our firewall policies. It makes our firewalls and our security-stack devices a little bit more bulletproof. We are in constant compliance and it's nice for us to know what's out there and what's actually being used, from a business standpoint and also from an operational standpoint.

Also, what used to take us a few days to implement from inception to final, is now accomplished within a day. But our goal is to move it to a matter of a few minutes. Overall, holistically, it gives everybody a chance to focus on the more important tasks at hand and to be cognizant of automation as it comes along.

It has also helped reduce the time it takes to make changes. The process used to take a few days to a week. In some cases, given the complexity of our projects, it used to be a little bit more than a week. Now, it has come down to a day or two at the most. We want to shorten that as well, to bring it down even more. But it's far better than what we had many years ago.

Our engineers are spending a little less time on manual processes. There's always that constant time spent to keep the product and the platform up to date but, overall, they're spending a little bit less time.

It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us. It depends on which application we're talking about. ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser. The Topology Map, which feeds into our SecureChange - the latter being an automation platform - there's a lot of synergy between the two. All the features that we have used are critical and are good.

The change workflow process is flexible and customizable. It's not 100 percent but it's definitely in the high 90s. It is very customizable, it's easy to set it up. There are certain fields that we feel might require some enhancements but, overall, it is customizable. It's very easy to use and super-efficient.

Tufin has come a long way when it comes to visibility. What we would like to see is a little bit more on the discovery level, network discovery, which Tufin does not have today. It does a pretty good job when you statically define the endpoints; it goes and discovers them. But an auto-discovery feature on the network would be awesome.

More API integration with third-party platforms is something that we would definitely like to see in upcoming releases.

Enhanced reporting and enhancements to some of the dashboard features would be good too.

The solution is very stable so far. Within our environment it doesn't cause major outages. There have been a few instances where we did run into issues but they were things that we could fix relatively easily, with less of an impact to the business.

The scalability is pretty good. Right now, our solution is a little bit more contained, given our business requirements. But we don't see scalability as a roadblock if we do have to expand it out or scale out. No complaints there.

Tech support has been phenomenal. It's very easy to get someone on the call and resolve an issue. They've been really good.

We knew we needed to switch based on past lessons we learned. The overall goal was to have a better and efficient system going forward. With automation on the grid, this was a win-win solution for us. It was able to provide us everything that we were looking for and also help us meet our roadmap goals as well.

Very straightforward. There was nothing complex about the initial setup. It's easy to get it up and going in a matter of a few hours.

We pretty much did everything on our own with a little bit of help from Professional Services. When it came to customization we did leverage some of their expertise. But most of the solution was rolled out in-house.

We do see some return on investment but the financial toll, the prices, are always going to be up there. Tufin does a pretty job in working with us to reduce the cost or give better discounts so there definitely is an ROI.

The cost is pretty high. It's close to seven figures. That only goes to show our commitment to using the solution and the products to reach our goals.

We did look at one other solution but the other solution was not close to what Tufin was able to provide, given our enterprise requirements. That basically helped us move in the direction of Tufin.

Tufin provides a very comprehensive solution. Anyone looking to go down the path of automation should not look any further because Tufin will be able to meet their requirements and scale out really effectively.

We don't yet use the solution to automatically check if a change request will violate any security policy rules. We are in the process of building that. Similarly, we are still working on having the solution ensure that security policy is followed across our entire hybrid network.

We are in the cloud but we haven't yet started using the Tufin solution actively in the cloud. We are still in a trial phase as of now, but so far the results have been pretty good. We tend to test things out a little bit more but the results have been positive and favorable for us to move forward.

Primarily, it is being used as a type of security auditing control on our firewalls. We are in the middle of a new project acquiring dedicated new hardware while building out SecureTrack and SecureChange. After this initial project, and building out all that infrastructure is done, then there will be a project to kick off some of the automation and orchestration type stuff to try and improve some of those processes for the IT group.

The goal is to use it to revalidate, clean up, and optimize firewall policies, but we are not there yet.

The company has had the product in place for a while. 

I am giving up the web proxy stuff, so I can become the SME on the Tufin.

The plan is to integrate it into things, like ServiceNow, then use the automation. That was one of the strengths in the decision to stay with Tufin and invest more resources into it. 

My hope is to use this solution to automatically check if a change request will violate any security policy rules. It is not doing any of that right now.

Right now, our compliance mandates are all over the place, but previously, what they were doing is they were just taking screenshots of something, and I don't know how we passed our audits.

I was shocked and appalled that the current network team isn't even using it right now. In previous roles in previous companies, this product (or one of the competing products) was like the lifeblood of how we worked. It was like step two, after picking up a ticket. We went to use this tool to see where we needed to make changes. That they're not doing that explains why they're probably having to do rework 60 percent or higher limitation tickets, because they're missing devices or it is not being implemented properly.

In our current environment, the most valuable feature from Tufin is their Network Map because our network team can't give us a network map. Tufin has given me more than what the network team have ever given me, as far as documenting the network infrastructure. So, I'm thrilled.

The visibility is good.

The biggest area where I see a need for improvement is some of the documentation and training stuff. It does a really good job of hitting the big concepts, but it needs like another layer deeper of actually getting into some of the details of how to do some of the things. Conceptually, I understand how the product works, but now how do I start building stuff and integrating it into my environment. 

Just being a bit more upfront and honest about issues, as far as like HA, distributed stuff, and the need for load balancers, if you want to do HA. Nobody ever likes talking about the fact that their solution really isn't truly HA, you got buy an F5 to sit in front of it if you want to do HA, or something like that. Everybody shies away from talking about that, but if you get that out upfront, then the engineers can be prepared for it, then they can try and figure it out and make it work. This is not unique to Tufin. Everybody is like, "Oh yeah, we do HA." Then, three months later, after you have bought some stuff, now you're just like, "Oh no, we got to have an F5 in front of this. That didn't even come up in our discussions. So, how do I get resources away for that? Because I don't have an F5 in this environment, and I need one." 

I just found out some of the things that I need to use right now, like the reports from the report package are only available on 17-3 and above, and I need that as soon as possible. Hopefully, we will upgrade to 19-1 or 19-2 even before I go to bed tonight.

It is sort of an uphill battle right now to ensure that it has all the visibility that it needs, so we can be assured that it is doing what it will do.

The stability is solid.

The scalability is good.

I have not used the technical support yet.

I've used Tufin, Firemon, AlgoSec, and all the other solutions at other companies before, and seen what we've been able to do with them. So, when I came to this company, it was just like, "Okay what's our tool? Oh, it's Tufin. What do you mean nobody's using it?"

The initial setup is not even complete yet. We bought some stuff, then had it shipped. There are some additional discussions which are going on next week after this, where there will be some design tweaks which will occur. At first, we were thinking of using VMs for the distributed stuff and collectors, but we can't get those level of resources from the server team. So, we will be better off just buying smaller hardware boxes and having them completely managed by us that way it will be easier. Also, we'll be able to complete it much faster in our environment.

We are using a reseller, but I'm not exactly sure how that relationship even works right now. It is really early. Our stuff has been bought and shipped. We are still trying to complete internal documentation, so we can start doing stuff.

I wasn't part of the bake-off. I think the company went in the right direction, and I am glad that they didn't even look at FireMon.

While our UK side has Skybox, which I have never even seen, the orchestration piece was really the key to solidifying us on the Tufin solution.

I was talking to somebody earlier today who said that Skybox has a more powerful Network Map than what Tufin has, but I haven't even seen Skybox,

If someone was looking for this type of solution, I would tell them, "Here are the top four solutions that I know of and the places that I worked on each of them. Here are the benefits, gossip, and downsides that I've seen for each one." Tufin has the best solution as far as it being self-contained, reliable, and integrating with the other things that you want it to integrate with. The customer service is also not arrogant like some of the other solutions.

We need to utilize it to its capacity and capabilities, and we're not doing that yet.

It will eventually reduce the time it takes to make changes. I don't know how much time it will save, since a lot of the manual processes are done by another team. I am still building my team underneath me.

The cloud stuff is great, but I am sort of scared to look at it because we still trying to work out our traditional stuff being compliant and under control, then doing what it's supposed to be doing. I can't even imagine what the developers are doing in the cloud stuff.