What do you like most about Tufin?
Thanks for sharing your thoughts with the community!
The clarity around the auditing provides the most value for us.
All the basic functions work well.
The technical support is pretty good.
Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc.
If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers.
The solution is quite scalable.
It allows administrators to visualize the traffic flow, and troubleshoot when necessary.
The most valuable feature is alerting, which lets me know when someone has made a change.
The filtering of lots of criteria is very valuable.
The automated reporting on a regular basis is helping us to be compliant with legal requirements.
The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.
Tufin assists us in maintaining a robust view of our internal network topology.
It is a great solution. If you have all the devices and firewalls in place, the amount of details that you get along with the network topology is very good.
The visibility is huge. In order to figure out what was going on previously, we would have to pull stuff out of firewalls and put them in spreadsheets, then do sorts. Now, it's all right there in Tufin. We can write reports to look for what we need, ad hoc searches to find object groups, and know which firewalls are on. This was almost impossible to do previously.
A customer is able to submit a request for access and Tufin will automatically analyze the system to find out where the rule needs to go, and then design the rule for you.
The change workflow process is very easy to customize. You can do a workflow however you want, so you can have an approval every single step. Or, you can remove approvals on certain steps, automating some steps.
In our current environment, the most valuable feature from Tufin is their Network Map.
The best feature for me is being able to look up objects within all of our policies, because we have a little over 12,000 rules and over 30,000 objects. When one person says, 'Hey, where's my server?' I can just go to Tufin and say, 'Hey, where is that server?' and very quickly it tells you where it is, what policy it's on. That is a life saver.
We use Tufin to clean up our firewall policies because it is so fast. A report about compliance and the clean-up process used to take about one month up before. With Tufin, it takes only one day.
There are a lot of benefits to using the reporting. It gives us duplicate objects, duplicate services, shadow firewall rules, and the firewall rules not needed for a given number of days or months.
This solution has helped us to meet our compliance mandates. We implemented the Unified Security Policy (USP). This helped enforce what compliance requirements that we had. We have mitigated and remediated issues that have been brought forth due to that USP showing us issues.
The biggest benefit for us was the time frame to complete a ticket. It went from approximately a week and a half to two weeks down to about three days.
Comparing the rules and policy browser is valuable to me. It gives me the ability to pull running configs and be able to analyze them without having to go directly into the firewall.
Tufin has made handling firewall rule request tickets more centralized and easier to manage.
We were hit by the NotPetya attack. Therefore, our whole company and all its sites were down for several months. So, you don't have an attack like that and not need something like Tufin. Other companies can prevent these attacks, or at least slow them down, by having this type of a tool. We will never go back.
It gives our firewall administrators visibility into the total infrastructure.
One of the things that came up this week was the ability to decommission a server, which we thought was interesting. We had a workshop recently that talked about all the things that need to be thought about when managing firewalls. People said, "A lot of times, things get forgotten when you are decommissioning a server." E.g., making sure rules are taken away and taking out the rule set. The fact that there is an automated workload for that can be helpful.
It provides a comprehensive overview of what our network looks like in terms of what is allowed and what is not, then how the traffic' is flowing with the Network Topology Map.
This solution helps us ensure that security policy is followed across our entire hybrid network. You can have a Unified Security Policy which reaches across all networks, so if you are having a change submitted, it doesn't matter if you're enforcing it or not. You can get an alert saying, "This is a violation." That's a value-add.
The automation piece is the most valuable feature: having SecureChange make the change on the firewalls, instead of my having to go manually make the changes on the vendor product.
This solution has helped us meet our compliance mandates. Everything is all auditable. Every change is tracked down to the person and time.
We use this product to sharpen our change cycle. A request used to take quite a while as we did manual assessments. A lot of that is now done through SecureTrack.
It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us... ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser.
One of the biggest quick wins that we had with Tufin was cleaning up our firewall policies and rules. We cleaned out a lot of rules which helped our devices, longevity-wise, as well as speed-wise.
It provides a real-time sense of how the policies are configured and whether there are any shadow rules. Another great thing is that it provides greater reporting based on how the rules have been set up.
Our engineers are spending less time on manual processes, specifically for the reporting functionality. For doing the rule cleanup and policy analysis, it would be a nightmare to do that manually. So, it is saving our engineering teams time from not having to do manual log reviews.
I don't think that we were ever slow, but we can now say that changes are completed within twenty-four hours.
Tufin is the only multi-vendor firewall tool that is available, and it helps to bring everything together and report on what all of the rules are.
The most valuable features are the GUI interface and the API.
The reports that this solution provides are very useful.
The time that we require to makes changes has been reduced from weeks to days.
We use Tufin to clean up our firewall policies. It benefits us, because you can run a query for whatever your cleanup criteria is, e.g., "Has it been hit in 90 days?" It displays the list, then you can see the rules right there. If you want to get rid of it (or highlight it), then it creates a ticket that goes ahead and flags them all as disabled. While you can delete them, we always disable first. Then, we have a strip that comes back, and if it's been disabled for 90 days, then the system will remove them.
The most valuable feature of this solution is that it reduces both the time required and the number of errors when making changes.
The APIs are the most valuable feature of this solution, as they facilitate integration with ServiceNow and other solutions.
The most valuable feature are role and objects usage for individual objects and app usage.
Our engineers save quite a bit of time that was previously spent on manual processes.
This has helped us to better clean up and audit changes to the firewall policy.
This solution has helped our clients because it allows them to leverage the tools so that they can actually reduce their overall expenses for the environment.
This solution has helped us with compliance because we're able to map out certain firewall rules against compliance requirements, and we're able to write reports to show us exactly what our firewalls look like in those areas.
This solution provides a more organized manner for us to track towards compliance for our PCI audits.
The most valuable feature is that it extends security entries in the firewall policies.
The most valuable feature is the reporting of our risk poster in our firewall.
I like the fact that Tufin was able to integrate with our firewalls, which include Palo Alto and FortiGate.
The change workflow process is flexible and customizable... If we have a firewall completed and we want to redo it, if we need to re-engineer a particular firewall and open a different destination, we can do that by creating a break-fix... That is one of its useful tools.
The most valuable features are the Security Risks and Best Practices reporting/Rule base cleanup.
SecureChange is the most interesting part. It all comes down to having the user request firewall access and SecureChange, based on workflows, takes care of it, sending two or three emails to the business approvers. With one click, you can automate a firewall rule.
The most valuable function is the SecureChange where it is able to automate everything from the validation of the rules to the pushing of the rules.
We have a better view of our compliance status.
Tufin is our audit trail for all changes. We have to be PCI compliant, and it's the tool we go to for enforcing PCI on the network side.
It has allowed us to be more efficient in our processing of firewall requests.
The visibility is very good. We have managers who are overseeing it, and they are approving things through it.
We find it to be flexible. If we have a change that needs to be done, it will go ahead and do it for all our devices, regardless of the manufacturer that we have associated with it.
The product streamlines our change management process.
The automation because it is saving a lot of work, time, and effort required to do all of our manual work. The change impact analysis is pretty good, and with the automation, it takes care of a lot of things which we would be doing manually.
We can get reports with Tufin at anytime. We can have automated reports, even with security and compliance.
Its ability to detect changes within our firewall.
We just got done with major audits. Tufin was able to provide information to give back to people, and say, "Hey, this is what I need to do, and what we're doing."
Tufin allows our say junior guys to learn how to view policies. It gives them a tool that will help them consolidate and optimize.
One of the main things is to look at what policies haven't been hit, so we can remove those remnant policies when people come in, use it, and it's still left on the Check Point. So when a couple of users say, "This is not needed anymore." We'll remove it.
We are able to stay compliant with many of the regulations.
It provides a great visibility around the roots: Root implementing which can be done, roots that have changed, and what has been done. So, it's pretty useful when you have an audit going on.
SecureChange makes our lives easier with automation.
The solution helps us meet our compliance needs.
It has helped us to meet our compliance mandates. We have some requirements that we need to provide more visibility on the risk levels of our firewall base and Tufin helped us with that requirement.
The change workflow process is flexible and customizable. We have one guy who has never logged into Tufin ever in his life. He sits down and in 30 minutes had written an automation routine, then went back and changed it. He did that with no training. For me, that is a major benefit.
My team uses it heavily to audit the changes made by junior engineers, going back and figuring out what they messed up, and correcting their mistakes. We generate reports for customer compliance and audits, as well as for regulatory audits.
We've scaled it to hundreds of firewalls.
The initial setup was straightforward.
Tufin has improved my organization with its configuration management. It has tremendously improved the operation's success and has made life easier.
The policy overview is valuable.
The designer gives the ability to know where to add a rule, or if the rule is already in place.
Valuable features include a central pane of management for all the firewalls and the ability to do queries on the rules and understand in which files the rules are configured.
We are able to discover firewall rules that are too broad and widen the security footprint.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.