Skip to main content
TrustRadius
Tufin Orchestration Suite

Tufin Orchestration Suite

Overview

What is Tufin Orchestration Suite?

Israeli company Tufin offers a firewall security management offering via the Tufin Orchestration Suite, including SecureApp for managing network connectivity, SecureChange network change automation, and SecureTrack multi-vendor and next-generation firewall management.

Read more
Recent Reviews

TrustRadius Insights

Intuitive and Easy to Navigate: Many users have praised Tufin's user interface, stating that it is intuitive and easy to navigate. This …
Continue reading
Read all reviews
Return to navigation

Product Details

What is Tufin Orchestration Suite?

Tufin Orchestration Suite Video

Tufin Orchestration Suite and VMware NSX

Tufin Orchestration Suite Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(14)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Intuitive and Easy to Navigate: Many users have praised Tufin's user interface, stating that it is intuitive and easy to navigate. This makes tasks easier for them as they can quickly find the features they need without any confusion.

Wide Range of Firewall Support: The fact that Tufin supports a wide range of firewalls and network devices has been highly beneficial for users. They appreciate the flexibility and convenience of being able to manage different brand network devices in a single platform.

Helpful Compliance Guides and Suggestions: Users have found Tufin's compliance guides and suggestions extremely helpful in resolving conflicts and ensuring system check. These resources provide valuable insights into best practices, allowing users to maintain a compliant infrastructure.

  1. Manual setup and policy management: Several users have found that Tufin requires a significant amount of manual setup for tracking and policy management, which can be time-consuming. This has been mentioned by multiple reviewers who expressed frustration with the amount of manual work involved.

  2. Limited support for other brands: Some users have mentioned that Tufin does not support a wide range of other brands, which poses challenges in managing diverse network environments. They believe it would be better if Tufin had broader compatibility with different firewall vendors.

  3. Complex licensing system: The complexity of Tufin's licensing system has been brought up by several users, who feel that it could be more flexible and streamlined, especially for smaller customers. This feedback suggests that simplifying the licensing process would improve the overall user experience.

Users have highlighted several recommendations for Tufin based on their experiences. The three most common recommendations are as follows:

  1. Users advise exploring other products in the market, such as PALO ALTO XSOAR and FireMon, to consider alternative solutions that may better meet specific needs or offer additional features.

  2. When choosing Tufin ProServ, it is important to ensure they deliver on their promises and take ownership of tasks, planning, and implementation.

  3. There is a need for improvement in Tufin Support in terms of flexibility and promptness. Users express a desire for more responsive and adaptable support services.

These recommendations provide valuable insights from users about their experiences with Tufin, offering suggestions for exploring alternative options, ensuring accountability from Tufin ProServ, and enhancing customer support services.

Reviews

(1-4 of 4)
Companies can't remove reviews or game the system. Here's why
Score 6 out of 10
Vetted Review
Verified User
Incentivized
We use Tufin Orchestration Suite products for various clients and for US EST biggie Insurance company. We implement/proposed it to the client to solve the problem of Firewall Audit / Firewall rule reviews, recertifying FW rules, identifying UNUSED rules with no hits. It helps our clients in managing FW rulesets / and keeping security posture of the ruleset intact. We also integrated it with Service NOW / ITSM solution
  • Firewall Policy Management
  • Workflows and its integration with Firewall change process
  • Capturing LAST_HITS data for FW rules
  • Tufin SecureChange needs to be more agnostic, easy to integrate with Service NOW
  • JSON payload identification for Tufin SecureChange while integrating it with SNOW
  • customization should be made more easy, like custom dashboarding
  • Tufin Orchestration Suite Professional services experience could be also improved overall - Taking more ownership
  • API calls to 3rd party tools should be more flexible
Well suited scenarios -
1) Firewall Policy / Ruleset management
2) Where all the products are from Tufin like TOS ST, SC, SecureApp etc
3) Where customer focuses on ruleset compliance - USP violations, and other features
Less suited -
1) Agnostic/distributed environment - Tough with integrate with 3rd party like CyberArk
2) FW recertification processes / exception process when complex process is included
Firewall Security Management (8)
53.75%
5.4
Policy planning and rule management
90%
9.0
Automated Policy Orchestration
70%
7.0
Device Discovery
60%
6.0
Policy Compliance Auditing
80%
8.0
Attack Path Simulation Testing
40%
4.0
Anomalous Event or Behavior Deviation
N/A
N/A
Vulnerability Scans
N/A
N/A
Firewall Rule Cleanup
90%
9.0
  • 35,000 USD/Grand extra client had to pay for add-on licensing (HA)
  • Good FW policy management feature overall ( LAST_HITS)
  • Tufin Orchestration Suite again asking for OS upgrade to TOS Aurora
  • FireMon, AlgoSec and Palo Alto Networks Cortex XSOAR (formerly Demisto)
1) Fairly okay overall but definitely needs improvement overall Vs the other products available in the market like Palo Alto XSOAR
2) Cost wise okay at the beginning but when client demands add-ons/ more features/customization tailored to their needs, Tufin Orchestration Suite recommends RFE / custom costs/development costs
3) USP feature is cool to use overall Vs FireMon
4) Tufin ProServ needs to buckle-up/Support compared to other competitors in the market
Cisco ASA, Checkpoint Halo, Splunk Application Performance Monitoring (APM), FireMon
Binita Kharbanda | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We were having Firewall solutions from different vendors and whenever we needed to change any policy/ rules, it seemed a humongous task until we got the Tufin Orchestration Suite. With Tufin solution, we are able to push the policies according to our need on all the relevant firewalls in one go to allow/block the traffic.
  • Firewall management
  • Compliance reports
  • Unused rules and optimization
  • Policy Automation
  • Cost is too high
  • Documentation not available easily
  • Customer Support
If there is any organization who is having more then 10-15 firewalls and from different vendors, Tufin Orchestration Suite can be best suited there as it can manage all the firewalls from one single pane of glass and push the policy, and get the Standard based compliance reports for the rules created on the firewalls.
Firewall Security Management (8)
95%
9.5
Policy planning and rule management
100%
10.0
Automated Policy Orchestration
100%
10.0
Device Discovery
90%
9.0
Policy Compliance Auditing
100%
10.0
Attack Path Simulation Testing
90%
9.0
Anomalous Event or Behavior Deviation
90%
9.0
Vulnerability Scans
90%
9.0
Firewall Rule Cleanup
100%
10.0
  • Single Platform to manage all firewalls
  • Industry based standard compliance reports like HIPAA, ISO, GDPR
  • Firewall Rules Clean-up
  • Customization is bit limited
  • Troubleshooting is difficult with limited commands
  • CLI not user friendly
  • Cisco Secure Firewall Management Center (formerly Firepower Management Center)
If I talk about the customizations and automations I think Cisco product lacks here as we get the full customization option with Tufin Orchestration Suite as per organization requirement. We can provide the Tufin Access to users as per their need only. If one user needs to see one particular firewall's report only, that can also be achieved with Tufin with its granular control.
Score 4 out of 10
Vetted Review
Verified User
Incentivized
We collect all firewall changelogs via Tufin. Our firewall vendors are Fortinet, Palo Alto, Juniper, and Checkpoint.
  • If you set your zones correctly Tufin will create your network topology map.
  • You can find which object or rule you want easily for all firewalls in the network.
  • Tufin provides more features for Checkpoint.
  • It doesn't run correctly with Fortinet firewalls
  • Support team does not have enough ideas for solving cases
If you have checkpoint firewalls Tufin will work fine but for the Fortinet firewalls you have to stay away.
  • I think if you correctly configure your SIEM, you don't need Tufin. You can correlate a lot of things for firewalls.
Alex Waitkus, CISSP-ISSAP, OSCP | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Tufin is used to help with config audit and review of security policies/ACLs for multiple firewalls. We are working to implement the secure change feature.
  • Security Policy/ACL overview showing hit count and shadow policies
  • Configuration change tracking by user
  • Detailed reports on the firewall configuration
  • Palo Alto Networks Integration
  • Better/more user friendly api for integration with ticketing systems
  • Web UI structure is not user-friendly
Tufin is great for reviewing firewall policy and changes, it makes tracking access down and auditing policy a breeze. We are replacing firewalls and Tufin has been a great help to review/audit/create new policies. We are finding that Tufin is lacking for use with Palo Alto. You can either work through Panorama and lose a lot of reporting or the firewall and lose the security policy. Tufin has stated they are working on this but it is the biggest issue we are facing.
  • Tufin has helped increase firewall migration time letting us build new policies instead of migrating garbage in
  • Tufin helps to identify who changed what when so if a change impacts access Tufin can help find what change was made from a single location
  • Tufin has a great reporting feature - except for Palo Alto right now - that helps to review and audit policy, flagging overly permissive and shadow or partially shadow policies.
Tufin and AlgoSec both provide a lot of the same features. I would say the choice of the two depend on your overall objective and use case. Both tools have features to accomplish different things. For firewall policy review, they are about the same in my opinion. We are currently evaluating RedSeal and don't have enough data to compare. RedSeal may lack some of the change features but appears to give the same level of reporting functionality.
Return to navigation