Tufin Orchestration Suite

Tufin Orchestration Suite

Score 8.1 out of 10
Tufin Orchestration Suite

Overview

What is Tufin Orchestration Suite?

Israeli company Tufin offers a firewall security management offering via the Tufin Orchestration Suite, including SecureApp for managing network connectivity, SecureChange network change automation, and SecureTrack multi-vendor and next-generation firewall management.
Read more

Recent Reviews

Read all reviews
Return to navigation

Product Demos

Tufin Orchestration Suite and VMware NSX
03:19
Return to navigation

Product Details

What is Tufin Orchestration Suite?

Israeli company Tufin offers a firewall security management offering via the Tufin Orchestration Suite, including SecureApp for managing network connectivity, SecureChange network change automation, and SecureTrack multi-vendor and next-generation firewall management.

Tufin Orchestration Suite Video

Tufin Orchestration Suite and VMware NSX

Tufin Orchestration Suite Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (14)

Reviews

(1-4 of 4)
Companies can't remove reviews or game the system. Here's why
Score 6 out of 10
Vetted Review
Verified User
We use Tufin Orchestration Suite products for various clients and for US EST biggie Insurance company. We implement/proposed it to the client to solve the problem of Firewall Audit / Firewall rule reviews, recertifying FW rules, identifying UNUSED rules with no hits. It helps our clients in managing FW rulesets / and keeping security posture of the ruleset intact. We also integrated it with Service NOW / ITSM solution
  • Firewall Policy Management
  • Workflows and its integration with Firewall change process
  • Capturing LAST_HITS data for FW rules
  • Tufin SecureChange needs to be more agnostic, easy to integrate with Service NOW
  • JSON payload identification for Tufin SecureChange while integrating it with SNOW
  • customization should be made more easy, like custom dashboarding
  • Tufin Orchestration Suite Professional services experience could be also improved overall - Taking more ownership
  • API calls to 3rd party tools should be more flexible
Well suited scenarios -
1) Firewall Policy / Ruleset management
2) Where all the products are from Tufin like TOS ST, SC, SecureApp etc
3) Where customer focuses on ruleset compliance - USP violations, and other features
Less suited -
1) Agnostic/distributed environment - Tough with integrate with 3rd party like CyberArk
2) FW recertification processes / exception process when complex process is included
Firewall Security Management (8)
53.75%
5.4
Policy planning and rule management
90%
9.0
Automated Policy Orchestration
70%
7.0
Device Discovery
60%
6.0
Policy Compliance Auditing
80%
8.0
Attack Path Simulation Testing
40%
4.0
Anomalous Event or Behavior Deviation
N/A
N/A
Vulnerability Scans
N/A
N/A
Firewall Rule Cleanup
90%
9.0
  • 35,000 USD/Grand extra client had to pay for add-on licensing (HA)
  • Good FW policy management feature overall ( LAST_HITS)
  • Tufin Orchestration Suite again asking for OS upgrade to TOS Aurora
  • FireMon, AlgoSec and Palo Alto Networks Cortex XSOAR (formerly Demisto)
1) Fairly okay overall but definitely needs improvement overall Vs the other products available in the market like Palo Alto XSOAR
2) Cost wise okay at the beginning but when client demands add-ons/ more features/customization tailored to their needs, Tufin Orchestration Suite recommends RFE / custom costs/development costs
3) USP feature is cool to use overall Vs FireMon
4) Tufin ProServ needs to buckle-up/Support compared to other competitors in the market
Cisco ASA, Checkpoint Halo, Splunk Application Performance Monitoring (APM), FireMon
Binita Kharbanda | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
We were having Firewall solutions from different vendors and whenever we needed to change any policy/ rules, it seemed a humongous task until we got the Tufin Orchestration Suite. With Tufin solution, we are able to push the policies according to our need on all the relevant firewalls in one go to allow/block the traffic.
  • Firewall management
  • Compliance reports
  • Unused rules and optimization
  • Policy Automation
  • Cost is too high
  • Documentation not available easily
  • Customer Support
If there is any organization who is having more then 10-15 firewalls and from different vendors, Tufin Orchestration Suite can be best suited there as it can manage all the firewalls from one single pane of glass and push the policy, and get the Standard based compliance reports for the rules created on the firewalls.
Firewall Security Management (8)
95%
9.5
Policy planning and rule management
100%
10.0
Automated Policy Orchestration
100%
10.0
Device Discovery
90%
9.0
Policy Compliance Auditing
100%
10.0
Attack Path Simulation Testing
90%
9.0
Anomalous Event or Behavior Deviation
90%
9.0
Vulnerability Scans
90%
9.0
Firewall Rule Cleanup
100%
10.0
  • Single Platform to manage all firewalls
  • Industry based standard compliance reports like HIPAA, ISO, GDPR
  • Firewall Rules Clean-up
  • Customization is bit limited
  • Troubleshooting is difficult with limited commands
  • CLI not user friendly
  • Cisco Secure Firewall Management Center (formerly Firepower Management Center)
If I talk about the customizations and automations I think Cisco product lacks here as we get the full customization option with Tufin Orchestration Suite as per organization requirement. We can provide the Tufin Access to users as per their need only. If one user needs to see one particular firewall's report only, that can also be achieved with Tufin with its granular control.
Score 4 out of 10
Vetted Review
Verified User
We collect all firewall changelogs via Tufin. Our firewall vendors are Fortinet, Palo Alto, Juniper, and Checkpoint.
  • If you set your zones correctly Tufin will create your network topology map.
  • You can find which object or rule you want easily for all firewalls in the network.
  • Tufin provides more features for Checkpoint.
  • It doesn't run correctly with Fortinet firewalls
  • Support team does not have enough ideas for solving cases
If you have checkpoint firewalls Tufin will work fine but for the Fortinet firewalls you have to stay away.
  • I think if you correctly configure your SIEM, you don't need Tufin. You can correlate a lot of things for firewalls.
Alex Waitkus, CISSP-ISSAP, OSCP | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Tufin is used to help with config audit and review of security policies/ACLs for multiple firewalls. We are working to implement the secure change feature.
  • Security Policy/ACL overview showing hit count and shadow policies
  • Configuration change tracking by user
  • Detailed reports on the firewall configuration
  • Palo Alto Networks Integration
  • Better/more user friendly api for integration with ticketing systems
  • Web UI structure is not user-friendly
Tufin is great for reviewing firewall policy and changes, it makes tracking access down and auditing policy a breeze. We are replacing firewalls and Tufin has been a great help to review/audit/create new policies. We are finding that Tufin is lacking for use with Palo Alto. You can either work through Panorama and lose a lot of reporting or the firewall and lose the security policy. Tufin has stated they are working on this but it is the biggest issue we are facing.
  • Tufin has helped increase firewall migration time letting us build new policies instead of migrating garbage in
  • Tufin helps to identify who changed what when so if a change impacts access Tufin can help find what change was made from a single location
  • Tufin has a great reporting feature - except for Palo Alto right now - that helps to review and audit policy, flagging overly permissive and shadow or partially shadow policies.
Tufin and AlgoSec both provide a lot of the same features. I would say the choice of the two depend on your overall objective and use case. Both tools have features to accomplish different things. For firewall policy review, they are about the same in my opinion. We are currently evaluating RedSeal and don't have enough data to compare. RedSeal may lack some of the change features but appears to give the same level of reporting functionality.
Return to navigation