Tufin Room for Improvement
DSI France retail banking networks at a financial services firm with 10,001+ employees
The network part of the solution could be improved, specifically the licensing model for routing devices. Customers need to get the license easily in order to have the cartography of the network and build the other solution of Tufin, such as a secure change and secure application. To do that, we need the licenses for the network devices in complex environments where customers have a lot of network devices. It is too hard to get a license for each device, so Tufin should remodel the license model for these kinds of devices.
For the license for the security devices, it's okay that Tufin has a model for physical devices and for virtual devices. For the network devices, the main reason to have a license is to get topological information, routing information, and so on. With Tufin, it's a bit hard to tag all the devices that you need to build the topology of your network.
We have already talked to Tufin in order to simplify the license model for the routing devices because these devices are the main technology. The RN is just for routing information, not for the security and building access list, and building VPNs, and stuff.
In order to have that topological view, you need a license for each device. For that, the cost of the solution rises exponentially. Because there are a lot of routing devices for your network, in order to build the topology of your network, you have to spend a lot of money just on licenses for devices that aren't security but do routing work only.
They have to rebuild their licensing model in order to fit the needs of their customers.
For routing devices, we would like to have something related to the orchestration for the solution because we know that there is one for Tufin, but I don't know how it works, if it has to work with all the models installed, what the features are for that orchestration, and what the needs are for that model to work properly in a complex environment.
For example, we work in complex banking environments where there are a lot of bricks to communicate with. For that, what is the information needed for the orchestration in order to have an extensive look at the topology of our network, and after that, how the orchestration is going to implement the right accesses to main privileges on security devices all around the topology of our employment.View full review »
Information Technology Graduate at a computer software company with 10,001+ employees
They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs.View full review »
CyberSecurity Architecture Manager at a computer software company with 10,001+ employees
I have heard many people complain that there is a high level of complexity. It may make it difficult to work with for some people. That said, I don't have those issues with the product.
The initial setup can be tough.
The product could use better integration with the cloud.View full review »
Network Operations Engineer at a computer software company with 10,001+ employees
The older version that we have doesn't support some newer firewall vendors. I'm not sure what the status of integration is right now on the latest version, however, it would be nice if they updated the older versions to allow for better integrations with firewalls.
Sometimes the solution does take a bit of time to load. That said, it is a pretty old version, and that may be the main reason this is the case. It's possible that if we just upgraded to the latest version everything would go faster.
Everybody wants to implement some kind of standard rules, however, it's difficult to standardize everything due to the fact that each company is unique. That said, if there was some sort of universal guide to ensuring firewall rules were compliant, that would be helpful.
It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old. It would also be better if they had an SMS gateway integration. I would like to have some integrations with other products like Jira for change management and incident management.
User at a media company with 10,001+ employees
Their pricing can be better. It is not very transparent.
In terms of functionality, we have not had any particular or special disadvantages other than the integration, but every tool that you take to integrate with your infrastructure is more or less complicated. For example, you have a history in your firewall infrastructure, and the longer the history is, the more you have to work on it to integrate. We see that in our infrastructure. We have been a service provider for more than 40 years, and we have been on the market for 20 years. We have a lot of customers, and there are some individual requests and setups. For the integration of Tufin or any other tool, you need a certain level of standardization. We have more disadvantages on the site from different firewall vendors. For example, with Drupal, you can integrate any individual firewall, but for Fortinet, you have to use a Fortinet manager.
We are not looking for any additional features at the moment. We are not planning to buy any other modules.View full review »
Principal Consultant at a consultancy with 1-10 employees
It's a bit clunky, but that may be because of different environments, and it is struggling to get the information. It's possible that the performance issue is because of the network and not the right architecture.
I would like to see anything that is graphical, as much graphical representation of things. Modeling, and what-ifs. It becomes more intuitive and allows you to close some of the gaps between drawing stakeholders in, for example. If they ask "Why are you spending so much money on this tool?" or "Why are you doing this?", you can show them examples and it becomes more obvious.
I would like to see AI elements included with this solution. There is quite a lot of human element in understanding the consequences of change within the firewall environment, but they might benefit from more of an AI element as well.View full review »
Project Manager at a comms service provider with 10,001+ employees
We need the solution to have full compliance with IPV6.
We also use VMware features and we need the solution to be fully integrated. We used to make micro-segmentation. We'd like to be able to do this again, and for that to happen, we need more integration.
The pricing of the solution is rather expensive.
It needs to be more comprehensive. There are also some drawbacks in trying to import a policy matrix inside. If some people design a policy matrix in the file, in an Excel file, the problem is that we will have to work a bit to interact with it properly. Something more economical needs to be in place to deal with the policy matrix.View full review »
We haven't really had issues with the product.
There are some missing features we'd like to see them add in the future.View full review »
CTO at Uridium Technologies
The pricing could be a bit more competitive. If you compare it to, for example, AlgoSec, AlgoSec has better pricing.
The implementation could be a bit easier.View full review »
Presales Network & Security Engineer at a tech services company with 51-200 employees
The cost of this solution should be improved.
They need to offer more support to vendors, such as Cisco, Checkpoint, Fortinet, and Forcepoint.
They have an API, but it needs more service on this.
While technical support is good, they could still improve.View full review »
Our compliance goes through SecureChange and they give us the rule set and then the recommendation. Ideally we'd like to press a button and create a Terraform to put into the build and deploy. We can't do that yet and there are several manual steps which can lead to errors. We'd like that to change.
I would also like to see the ingest of flow data enhanced, so that multiple flow data can be ingested from different points on the network and be mapped out. The basics work, the issue is when you have a complex network because maybe you want flow data from the firewall and with Tufin it's only from a single source.
IT Coordinator at a financial services firm with 10,001+ employees
Its price is reasonable, but it could be lower.
It could have a more effective approach for creating and changing rules. It could provide advice or suggestions for a better understanding of rules and changing the rules. There should be suggestions for the rules that need to be changed to make them less risky.
Information Security Engineer at a healthcare company with 10,001+ employees
They are a little bit behind on some of their support for the Palo Alto firewall platform. I'd like to see that catch up, specifically around importing certain objects.View full review »
Currently, we are able to monitor access rules and the operating system of a firewall. It would be great if we can also monitor the configuration of the firewall through Tufin.