What is our primary use case?
We use it with SecureTrack, mainly for auditing purposes. We also use SecureChange for workflows on temporary firewalls.
How has it helped my organization?
We use Tufin to clean up our firewall policies. From an auditing perspective, it is centrally managed in one place for all of our firewall vendors.
One of the biggest quick wins that we had with Tufin was cleaning up our firewall policies and rules. We cleaned out a lot of rules which helped our devices, longevity-wise, as well as speed-wise.
What is most valuable?
- Easability
- Audit features
- SecureTrack
- Change of work allowance
- It is very open to changing it and making it do what we need it do.
- We get a holistic view of the infrastructure, as well as automation workflows.
The visibility is great, so far. We are still building it out because we have a lot of firewalls from different vendors. Overall, it's a good product in the way it works.
The change workflow process is flexible and customizable. We use this process a lot. We have developers do custom integrations with different vendors, especially ones that are technically supported, as well as doing some custom integrations with our Juniper products, which are not officially supported.
The solution’s cloud-native security feature is definitely welcome. We are starting to embrace the cloud. We are a little more legacy and timid in our approach, considering the amount of data that we have and the way that we want it to be accessed. However, the cloud-native applications are going to be big, so I definitely think that's a welcome feature that they're working on.
What needs improvement?
We would like Tufin to have interoperability with Juniper products, along with official support.
They could maybe update the interface. However, I know there is an interface update coming, I just haven't seen it yet.
There is room for improvement, as far as making the product easy to use and having training available.
In my training with the workflow, it always kicks me back every time that I do a step backwards. I think that automatically it should take you to the next step in the workflow, that would be appreciated.
What do I think about the stability of the solution?
So far, the stability has been great. One of my colleagues just did an upgrade from the previous version to 19.1, which had a bit of database issues. Those have now been resolved.
What do I think about the scalability of the solution?
The scalability seems good. We have a distributed system right now, and it seems like it can scale up or scale out, as needed.
How are customer service and support?
So far, the technical support has been good. I haven't had to deal with support a lot yet. We have weekly check-ins with our account manager where we go through what we can do with it. Overall, I think it's adequate.
Which solution did I use previously and why did I switch?
We didn't have a previous solution.
It is nice to see the capabilities that Tufin has, and we look forward to building it out.
How was the initial setup?
I wasn't there for the initial setup, but from what I've seen, it was pretty straightforward for the engineers who set it up.
What was our ROI?
The solution has helped us reduce the time it takes us to make changes. From the auditing perspective, it definitely saves a lot of time. Once we get our USP built out with the automatic calculations, as well as having validation and seeing where the roles need to go in place, this solution will be very helpful.
It is helping engineers spend less time on manual processes.
Which other solutions did I evaluate?
We did look at a few other vendors.
The power that Tufin has behind it is the reason they chose it. They saw that it had a lot of capability compared to its competition.
What other advice do I have?
Check out this product and see what it can do for you. Talk with the marketing team and account reps and see what direct benefit the platform gives you. Then, see what strengths it has compared to the competition, as well as its value proposition.
We are not to the point of using the solution to automatically check if a change request will violate any security policy rules, but it is coming.
We are building the security policy part of it out across out hybrid network, especially with the USP.
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.