IT Central Station is now PeerSpot: Here's why

Tufin OverviewUNIXBusinessApplication

Tufin is #2 ranked solution in top Firewall Security Management tools. PeerSpot users give Tufin an average rating of 8.0 out of 10. Tufin is most commonly compared to AlgoSec: Tufin vs AlgoSec. Tufin is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
Tufin Buyer's Guide

Download the Tufin Buyer's Guide including reviews and more. Updated: July 2022

What is Tufin?

Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment. Customers gain visibility and control across their network, ensure continuous compliance with security standards and embed security enforcement into workflows and development pipelines. 

Tufin Customers

3M, AT&T, Blue Cross Blue Shield, BNP Parabas, ConocoPhillips, Deutsche Bank, GE, IBM, Pfizer, United States Postal Service 

Tufin Video

Tufin Pricing Advice

What users are saying about Tufin pricing:
  • "There is a permanent license for devices, but it's not relative to a device itself. Once you purchase 10 licenses for virtual appliances or virtual context, you can put them into different virtual firewalls, but you can reuse these licenses for other devices if you don't need them for the old ones."
  • "Because we're quite a large company, the price wasn't too much of a factor for us."
  • "The price is on the cheaper side."
  • "It is expensive, but as compared to other players, it's more or less okay. Their pricing is not very transparent. This is my biggest point regarding Tufin. I've never seen a price list or something like that. It's always individual, and in many cases, it's very confusing to know what is the base and what is the price."
  • "Price could always be better, but there are always consequences."
  • Tufin Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    DSI France retail banking networks at a financial services firm with 10,001+ employees
    Real User
    Top 20
    Suits customer needs in complex environments but licensing model for routing devices could be simplified
    Pros and Cons
    • "Policy management and the cartography of the network have been the most valuable features."
    • "The network part of the solution could be improved. It's too hard because of the Tufin licensing model for the routing devices."

    What is our primary use case?

    We use the solution on-premises.

    What is most valuable?

    Policy management and the cartography of the network have been the most valuable features.

    What needs improvement?

    The network part of the solution could be improved, specifically the licensing model for routing devices. Customers need to get the license easily in order to have the cartography of the network and build the other solution of Tufin, such as a secure change and secure application. To do that, we need the licenses for the network devices in complex environments where customers have a lot of network devices. It is too hard to get a license for each device, so Tufin should remodel the license model for these kinds of devices.

    For the license for the security devices, it's okay that Tufin has a model for physical devices and for virtual devices. For the network devices, the main reason to have a license is to get topological information, routing information, and so on. With Tufin, it's a bit hard to tag all the devices that you need to build the topology of your network. 

    We have already talked to Tufin in order to simplify the license model for the routing devices because these devices are the main technology. The RN is just for routing information, not for the security and building access list, and building VPNs, and stuff.

    In order to have that topological view, you need a license for each device. For that, the cost of the solution rises exponentially. Because there are a lot of routing devices for your network, in order to build the topology of your network, you have to spend a lot of money just on licenses for devices that aren't security but do routing work only.

    They have to rebuild their licensing model in order to fit the needs of their customers.

    For routing devices, we would like to have something related to the orchestration for the solution because we know that there is one for Tufin, but I don't know how it works, if it has to work with all the models installed, what the features are for that orchestration, and what the needs are for that model to work properly in a complex environment. 

    For example, we work in complex banking environments where there are a lot of bricks to communicate with. For that, what is the information needed for the orchestration in order to have an extensive look at the topology of our network, and after that, how the orchestration is going to implement the right accesses to main privileges on security devices all around the topology of our employment.

    For how long have I used the solution?

    I have been using this solution for five years.

    Buyer's Guide
    Tufin
    July 2022
    Learn what your peers think about Tufin. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    622,358 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    We didn't have a lot of problems regarding the solution. It's a stable solution.

    In order to have it running correctly, we had to dedicate a person to manage the solution. I work on it with Tufin and with some of our partners in the group. We have our Société Générale in the group. We have some other partners inside the group with Tufin in order to build this kind of model for the time to market objectives.

    We didn't have a lot of problems concerning maintenance. We had two or three hardware problems that were solved remotely by support and for the upgrade and the OS upgrade because there are two kinds of upgrades to operate. The OSTs and the secure channel also have upgrades, which we did ourselves.

    Tufin has a policy of publishing new versions of the Dell OS, so two versions a year. One is a final version, and the other one is a beta version. In a year, you get two or three updates. It's not very hard to follow the stream of changes in one year.

    What do I think about the scalability of the solution?

    We didn't have to expand the solution, but management has had thoughts about expanding the solution for other environments, for other clients, and for the customers.

    How are customer service and support?

    Technical support was present and responsive for our needs. We had some problems with the appliances. They were very quick to respond to our support tickets and to give the right solutions for the problems we had.

    On a scale of one to give, I would give technical support a four.

    How was the initial setup?

    We needed someone from Tufin in order to get it installed. It's not a straightforward process from scratch. You have to build your own network with someone from the PS, and after that, you have to give a lot of information about your network, your devices, where they are located, what is the networking scheme of your network so that the PS can implement all that. After that, they can build the model for you.

    On a scale of one to five, I would rate initial setup a three.

    What about the implementation team?

    We used engineers from Tufin for setup. They were responsive. They were experienced with the solution they sell.

    What's my experience with pricing, setup cost, and licensing?

    There is a permanent license for devices, but it's not relative to a device itself. Once you purchase 10 licenses for virtual appliances or virtual context, you can put them into different virtual firewalls, but you can reuse these licenses for other devices if you don't need them for the old ones. 

    For example, if you deploy new ones, and you don't need these licenses for the old context, you can redeploy them in another one relative to a device, like a Mac address.

    The problem is that once you redeploy the license for another context, another rhythm, or another virtual appliance, you lose all the history and reports from the Syslog from the old one.

    Which other solutions did I evaluate?

    I haven't looked into the competition because we don't have the ability to choose between solutions for central management.

    What other advice do I have?

    I would rate this solution 7 out of 10. 

    The main brick in order to build your solution is the first step, which is having a good understanding of your network and good people to talk to when you want to build your topology. Once it is done, the solution runs by itself. Exporting, reporting, topology, and changes are all handled by this solution.

    After the initial deployment, it is a stable solution. It can suit customer needs in complex environments.

    A con is that it is very needy in terms of implementation such as small configurations. We had that problem with networking devices. We had to implement it to get all the information from all the routing devices. Even if they don't belong to our network, we had to have the information from MPLS devices on the telecom operator. Sometimes it was difficult to build the solution from scratch.

    The Syslog part was a little difficult to handle. For the appliance we have right now, it handles the management, the Syslog, and all the needed modules in order to operate the solution. Sometimes, it is a little bit hard for the appliance to get straight to all the models it runs. Maybe with the new models of the appliances, it's easier for the appliances to run all the models. With the newer generations of the OS, I suppose that now it's more effective and less of a time-consuming process, but it's okay for us to upgrade after that in order to get all the new features in the new OS.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Information Technology Graduate at a computer software company with 10,001+ employees
    Real User
    Top 20
    Provides great visibility, allows us to automate the entire change process, and saves A LOT of time
    Pros and Cons
    • "Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc. If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers."
    • "They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs."

    What is our primary use case?

    Some of our customers has Tufin, and we manage it. We're also planning to have our own Tufin that we're going to use as a leveraged service for all of our customers.

    What is most valuable?

    Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc. 

    If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers.

    What needs improvement?

    They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs.

    For how long have I used the solution?

    We have been using this solution for three months.

    How are customer service and technical support?

    I have not contacted their technical support.

    Which solution did I use previously and why did I switch?

    We didn't work with any similar product, but we are just going with secure track and secure change, not secure cloud and secure app. That's all that we really need at this time, and obviously, we will work with Tufin in the future if we need more.

    How was the initial setup?

    A few of our clients have decided to implement Tufin themselves, whilst we just manage their firewalls. We were not involved in the setup of the management suite. However, after seeing the benefits of this, we have heavily considered the use of Tufin on a number of our other clients we manage.

    We have identified that setup is a part of this and in our conversations with Tufin sought to address this. They offer a service for the full setup of the platform for use as an MSSP, and then providing a hand off service towards the end of this setup process which teaches engineers how to setup the remaining required devices.

    For the full functionality, Tufin utilises all L3 devices on the network, so setup can be quite daunting. However, we identified that it would take ~30 minutes per L3 device, some of which can be done simultaneously. This is the biggest drawback to Tufin integration. However, Tufin can be used to some degree without this, meaning you can reap the benefits of it sooner rather than later.

    What was our ROI?

    What we found is that the return on investment will be pretty quick. This is because of the time saving that Tufin offers in FW changes, we can implement more changes at a faster rate. This has huge savings for employee's workload and the cost of their work. We have freed up a large majority of our FW engineer's time. The huge ROI we witnessed has resulted in us identifying that we can go to market to gain more customers and really broaden our customer base without the 'con' of hiring more people.

    What's my experience with pricing, setup cost, and licensing?

    Because we're quite a large company, the initial price wasn't too much of a factor for us. This is because the ROI was so significant for us.

    Which other solutions did I evaluate?

    We identified others, like Firemon and Skybox, however we found that they were not as mature as Tufin, not offering the same range of Firewall Vendors, e.g. Palo Alto, Check Point, etc., and the same level of automation.

    What other advice do I have?

    I would advise others to definitely work with Tufin and work out the best costs. Work out how soon you'll realize your return on investment. That has been a major kind of help. They've been brilliant in trying to help us develop a business case for using it, and then internally, I am sure there will be a massive help for implementing it in the future.

    I would rate Tufin a nine out of ten based on the whole experience that we've had with it and the real kind of capabilities of the product.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Tufin
    July 2022
    Learn what your peers think about Tufin. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    622,358 professionals have used our research since 2012.
    CyberSecurity Architecture Manager at a computer software company with 10,001+ employees
    Real User
    Easy to scale with good compliance and robust features
    Pros and Cons
    • "You can easily scale the solution if you need to."
    • "The initial setup can be tough."

    What is our primary use case?

    We were primarily using the solution in order to grade the firewall rules.

    How has it helped my organization?

    How the solution benefits the organization is something that is currently being tested. We're considering doing something different, as we just used this product as a POC.

    What is most valuable?

    The compliance aspect of the solution is its most valuable aspect.

    The stability is very good.

    You can easily scale the solution if you need to.

    The number of features is very robust - and there are a large number of features. That's a huge selling point, which is why its popularity is where it is.

    What needs improvement?

    I have heard many people complain that there is a high level of complexity. It may make it difficult to work with for some people. That said, I don't have those issues with the product.

    The initial setup can be tough.

    The product could use better integration with the cloud.

    For how long have I used the solution?

    I've been using the solution for years at this point, It's been a long time.

    What do I think about the stability of the solution?

    The stability is very, very good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. The performance is good.

    What do I think about the scalability of the solution?

    The scalability of the product is excellent. If a company needs to expand it, it can do so relatively easily.

    In our case, while I don't have an exact user count, I can say that there were quite a lot of people on the product.

    We're talking about shifting potentially away from Tufin, however, if we had kept it would have been used extensively.

    How are customer service and technical support?

    While other people have the opinion that it could be better, I've mostly been satisfied with the level of support we've received. They've been okay. I've had three or four run-ins with them and they were all positive experiences.

    Which solution did I use previously and why did I switch?

    I also work with AlgoSec. We use both solutions currently.

    How was the initial setup?

    The initial setup is not straightforward. It's a little difficult, a little tough. New users need to expect this before they get started.

    Often, a consultant is involved in the process, as there is a large learning curve, and many companies don't have the bandwidth to ramp up the staff. Bringing on a consultant can speed up the processes a bit.

    The deployment took about a month or so.

    We're still working on how many people we actually require to handle the maintenance aspect of the product.

    What about the implementation team?

    Typically, we get a consultant for everything, however, this last deployment, in particular, seemed to be more challenging for the consultant and for the staff.

    That said, our experience with the consultant was very good overall.

    What was our ROI?

    While we are getting what we need out of the solution in terms of functionality, I haven't really looked into an exact ROI. We got what we were looking to get out of it. 

    What's my experience with pricing, setup cost, and licensing?

    The billing and licensing aspect of the product is not something I'm a part of. I don't have any insights into the costs involved in using the solution. I cannot see if there's just a flat licensing fee or if there are other costs needed on top of that.

    Which other solutions did I evaluate?

    We are considering moving away from the solution currently. We're looking for other options. We might shift towards FireMon, however, nothing is set in stone.

    What other advice do I have?

    We're just a customer and end-user.

    We're likely not using the latest version of the solution. Currently, there is a team that directly supports it. I can't remember the exact version number off-hand.

    I'd advise organizations considering the solution to do their homework first and see if they can find out from industry associations and professionals what their experience has been.

    In general, I would rate the solution at a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Network Operations Engineer at a computer software company with 10,001+ employees
    Real User
    Top 20
    Very straightforward to use with excellent scalability and reliable stability
    Pros and Cons
    • "The solution is quite scalable."
    • "The older version that we have doesn't support some newer firewall vendors."

    What is our primary use case?

    We have a lot of ASA firewalls. We primarily use the product in order to lay down the rules and try to find out if there are any duplicate rules that need to be cleaned up, et cetera. It is mostly tasks like that.

    What is most valuable?

    The solution is very straightforward to use. It makes doing our work easy. The product is very good at helping us clean up rules.

    We've found the stability to be quite good.

    The solution is quite scalable.

    What needs improvement?

    The older version that we have doesn't support some newer firewall vendors. I'm not sure what the status of integration is right now on the latest version, however, it would be nice if they updated the older versions to allow for better integrations with firewalls. 

    Sometimes the solution does take a bit of time to load. That said, it is a pretty old version, and that may be the main reason this is the case. It's possible that if we just upgraded to the latest version everything would go faster. 

    Everybody wants to implement some kind of standard rules, however, it's difficult to standardize everything due to the fact that each company is unique. That said, if there was some sort of universal guide to ensuring firewall rules were compliant, that would be helpful. 

    For how long have I used the solution?

    I've been using the solution for a year and a half to two years at this point. It's been a while. I've definitely used it over the last 12 months or so.

    What do I think about the stability of the solution?

    The stability has been good. I haven't experienced any bugs or glitches. It doesn't crash or freeze. The stability has been reliable in terms of performance.

    What do I think about the scalability of the solution?

    I find the product to be easy to scale. Adding new firewalls is pretty straightforward and it handles the process well. If a company needs to expand and add more firewalls it shouldn't be a problem at all.

    I would say six or seven people are using it and they're network operation people who have to deal with day-to-day firewall management, putting in new firewall rules, et cetera.

    How are customer service and technical support?

    I've never had an opportunity to reach out to technical support. I can't speak to how knowledgeable or responsive they are. I have no experience.

    How was the initial setup?

    The initial setup happened before my tenure with the company. I was not present when it was set up, and therefore I can't directly speak to my experiences with any implementation. I do not have a sense of if it was difficult or straightforward, and I can't say how long the deployment took. 

    There is a bit of maintenance required, in terms of adding new rules, et cetera. We have individuals on staff that can handle that.

    What's my experience with pricing, setup cost, and licensing?

    I don't have any issue with the pricing, however, I was not the purchaser. I can't speak to the exact cost for our company.

    Which other solutions did I evaluate?

    While I was using Tuffin, I did want to evaluate AlgoSec. I wanted to compare the two to see which was better. In the end, I've decided I would stick with this product.

    What other advice do I have?

    We are just a customer and an end-user.

    We are not using the most up-to-date version of the product. We are using one of the previous versions. I cannot at this time remember the version number, however, it was pretty old. We had a plan to upgrade, and then unfortunately ended up not doing that.

    I'd rate the solution at a nine out of ten as it helps us do our work. We're mostly quite happy with its capabilities.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    ALKAN Ermis - PeerSpot reviewer
    Network manager at Ekol Lojistik AS
    Real User
    A stable and scalable security solution with a user-friendly GUI
    Pros and Cons
    • "It's user-friendly. It's easy to understand menus on the web GUI. That's a good feature for us. I can say that it's doing what it's supposed to do. It also integrates well with other products like Check Point."
    • "It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old."

    What is our primary use case?

    We're using this solution mainly to get some audit reports regarding the policy installations on our firewalls. We aren't using any changes or other features, and we're not installing policies automatically. We're just using it to collect some log data like who installed something and what they did.

    What is most valuable?

    It's user-friendly. It's easy to understand menus on the web GUI. That's a good feature for us. I can say that it's doing what it's supposed to do. It also integrates well with other products like Check Point.

    What needs improvement?

    It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old. It would also be better if they had an SMS gateway integration. I would like to have some integrations with other products like Jira for change management and incident management.

    For how long have I used the solution?

    I have been using Tufin for about three years.

    What do I think about the stability of the solution?

    Tufin is a stable product. We're not having any issues. Sometimes we do have problems with the product, but it wasn't related to Tufin. Sometimes when we had an upgrade on the firewall product itself, we encountered some problems.

    What do I think about the scalability of the solution?

    It's a scalable product. We have about 50 gateways, and Tufin collects data from all of them. We also have a management server, and we've integrated two important classes of databases. We're only using three instances, and we're not having any issues.

    How are customer service and technical support?

    Tufin support is good, and we managed to implement this solution by ourselves. But it would be better if some engineers from Tufin joined a session and did stuff together with us. That would have been much appreciated. I would expect them to organize the session and provide some support, at least in the beginning.

    Which solution did I use previously and why did I switch?

    I also have AlgoSec, and it seems to be much more complicated. I would say that Tufin is much more compatible with Check Point firewalls. That was the main reason for choosing Tufin over AlgoSec.

    How was the initial setup?

    The initial setup is complex. I didn't have any Linux knowledge in my past, but I could say Tufin support is good at it. When we need to get some support, they respond quickly. They explained everything to finalize issues regarding the installation.

    What about the implementation team?

    We implemented this solution by ourselves. It took us one or two hours to install and deploy this solution.

    What's my experience with pricing, setup cost, and licensing?

    The price is on the cheaper side. I'm not planning on adding additional resources, and I don't expect any additional costs.

    Which other solutions did I evaluate?

    Not before but after using tufin actively about a year, we have evaluated algosec as an alternative solution. It was also well designed alternative but it was not well integrated as tufin did with Checkpoint

    What other advice do I have?

    There aren't many products like Tufin and AlgoSec. I think both products are good, but when people are using Check Point applications, we recommend Tufin.

    On a scale from one to ten, I would give Tufin a ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    User at a media company with 10,001+ employees
    Real User
    Top 20
    Helps in analyzing the current status of our firewall rules, but its pricing is not transparent
    Pros and Cons
    • "We can check and analyze the current status of our firewall rules."
    • "Their pricing can be better. It is not very transparent."

    What is our primary use case?

    We are an IT service provider. We are using it in our company and on the customer side. So, we have internal customers, and we are also a solution provider for external customers.

    What is most valuable?

    We can check and analyze the current status of our firewall rules.

    What needs improvement?

    Their pricing can be better. It is not very transparent. 

    In terms of functionality, we have not had any particular or special disadvantages other than the integration, but every tool that you take to integrate with your infrastructure is more or less complicated. For example, you have a history in your firewall infrastructure, and the longer the history is, the more you have to work on it to integrate. We see that in our infrastructure. We have been a service provider for more than 40 years, and we have been on the market for 20 years. We have a lot of customers, and there are some individual requests and setups. For the integration of Tufin or any other tool, you need a certain level of standardization. We have more disadvantages on the site from different firewall vendors. For example, with Drupal, you can integrate any individual firewall, but for Fortinet, you have to use a Fortinet manager.

    We are not looking for any additional features at the moment. We are not planning to buy any other modules.

    For how long have I used the solution?

    I have been using this solution for five years.

    What do I think about the stability of the solution?

    Until now, we have not had any problems in terms of stability.

    What do I think about the scalability of the solution?

    It has been scalable so far. We don't have any issues.

    On the administration side, 15 people are working with it.

    How are customer service and support?

    I would rate them a six out of 10. In many cases, we had to escalate.

    Which solution did I use previously and why did I switch?

    I didn't work with a similar product previously.

    How was the initial setup?

    Its implementation process is complicated.

    What's my experience with pricing, setup cost, and licensing?

    It is expensive, but as compared to other players, it's more or less okay. Their pricing is not very transparent. This is my biggest point regarding Tufin. I've never seen a price list or something like that. It's always individual, and in many cases, it's very confusing to know what is the base and what is the price.

    What other advice do I have?

    I would advise thinking about which modules you really want to use. We are using it only to have a transparent view of the firewall rule base and nothing more. We are not using any modules of this solution because we want to be and stay independent. For example, for the execution of the firewall rules, we use our own system. We have also developed all the other things ourselves so that in the future, we can switch to another product. So, you have to take care that you are not fully dependent on Tufin. 

    I would rate it a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Principal Consultant at a consultancy with 1-10 employees
    Consultant
    Good visibility, user-friendly, and stable, but needs better graphical representation capabilities
    Pros and Cons
    • "Being able to customize your own clarity to that aspect of change management."
    • "I would like to see AI elements included with this solution."

    What is our primary use case?

    The solution is predominantly used for managing firewall changes, policy changes, and understanding those aspects.

    Most people use it for the basics, even though they could use it for a lot more.

    What is most valuable?

    The most valuable feature is being able to customize your own clarity to that aspect of change management.

    Having better visibility of what is going on. If it gets out of control, you can keep it in your head no matter how smart your administrators are.

    From what I have seen, it's user-friendly.

    What needs improvement?

    It's a bit clunky, but that may be because of different environments, and it is struggling to get the information. It's possible that the performance issue is because of the network and not the right architecture.

    I would like to see anything that is graphical, as much graphical representation of things. Modeling, and what-ifs. It becomes more intuitive and allows you to close some of the gaps between drawing stakeholders in, for example. If they ask "Why are you spending so much money on this tool?"  or "Why are you doing this?", you can show them examples and it becomes more obvious.

    I would like to see AI elements included with this solution. There is quite a lot of human element in understanding the consequences of change within the firewall environment, but they might benefit from more of an AI element as well.

    For how long have I used the solution?

    I am a security architect and I have been involved with it periodically for approximately five years.

    What do I think about the stability of the solution?

    It's a reliable solution.

    What do I think about the scalability of the solution?

    It's a scalable product. I have dealt with companies that are pretty sizeable, and it seems to handle it.

    How are customer service and technical support?

    I personally have not contacted technical support, but the information that is available on their website is pretty useful, it's pretty good.

    How was the initial setup?

    You need to allow a fair amount of time. That is the case for all firewall management tools.

    It gives the appearance of being straightforward to get going but they need a bit of time particularly to do the sorting of the matrices for example.

    When planning, people should estimate it then double it, just to make sure they get things right.

    What's my experience with pricing, setup cost, and licensing?

    Price could always be better, but there are always consequences. Normally, there are other issues that come into play. For example, you pay more and expect to lean on the vendor more for the services and support.

    What other advice do I have?

    I have recommended this solution from time to time and I would definitely recommend it to others.

    I would rate Tufin a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Project Manager at a comms service provider with 10,001+ employees
    Real User
    Good change manager and technical support but needs to be more comprehensive
    Pros and Cons
    • "The technical support is pretty good."
    • "The pricing of the solution is rather expensive."

    What is most valuable?

    We use two main modules. We really appreciate the change manager. It's one of the most valuable aspects of the solution.

    The technical support is pretty good.

    What needs improvement?

    We need the solution to have full compliance with IPV6. 

    We also use VMware features and we need the solution to be fully integrated. We used to make micro-segmentation. We'd like to be able to do this again, and for that to happen, we need more integration.

    The pricing of the solution is rather expensive. 

    It needs to be more comprehensive. There are also some drawbacks in trying to import a policy matrix inside. If some people design a policy matrix in the file, in an Excel file, the problem is that we will have to work a bit to interact with it properly. Something more economical needs to be in place to deal with the policy matrix.

    What do I think about the scalability of the solution?

    We have a small team working with Tufin. That said, even though the team is not a big team, we have a lot for it to do. Tufin now is our policy manager for the private cloud. It's the main policy manager. We also use Skybox for the legacy part.

    How are customer service and technical support?

    I've dealt with technical support in the past. They are okay. They really try to work with us. I'd describe them as being helpful and responsive for the most part. We're largely satisfied with their level of service.

    Which solution did I use previously and why did I switch?

    We also use Skybox Security Suite. We use both that and Tufin simultaneously.

    How was the initial setup?

    The initial setup was actually handled by another team. I can't speak to the implementation process due to the fact that I did not participate in the process directly.

    What's my experience with pricing, setup cost, and licensing?

    As an architect, the pricing seems expensive to me. For what it does, I would say it's expensive. 

    Which other solutions did I evaluate?

    I can only really compare it to Skybox, which is a solution we also use. 

    If I compare it with Skybox, I see it is the best. It is better than the Skybox. However, we need it to do more. 

    What other advice do I have?

    We are not a reseller. We are an IT enterprise. We are customers and end-users. That said, our relationship is evolving. It's becoming something like a partnership, as we need more features and are making suggestions and trying to develop it out a bit. 

    I'm not sure of which version of the solution we're using. I can't recall the version number off-hand.

    I'd rate the solution at a seven out of ten.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user