Buy the book at
Today's blog is actully a glowing review from SC Magazine fron 11/2016.
If there is an interest in the product, please contact Tabula Rosa:
November 01, 2016 scmagazine.com
Tufin Orchestration Suite
Strengths: Very good visibility of the enterprise and the policy-related activity on it. Tight integration of the three core modules is a big plus. We really liked the web portal – lots of good support features there.
Weaknesses: A lot of manual setup and management is necessary giving the product a bit of an old-school feel.
Verdict: We would like to see some form of auto discovery beyond what is available currently. Verdict This one is well worth your time, but be sure that you have everything on your enterprise identified so that the Suite can access it and collect data.
SC Lab Reviews
Reviews from our expert team
Value for Money:
Ease of Use:
The Orchestration Suite actually comprises three products: SecureTrack dashboard (change tracking, risk analysis, etc.), SecureChange (change automation-ticketing) and SecureApp. It provides end-to-end, policy-based change automation that provides necessary security and compliance checks for each change, boosts agility and security of application migration with automated provisioning and built-in security and compliance, supplies risk analysis against the enterprise security policy baseline and provides automated change design.
Basically, the Suite orchestrates the management, application and change control for security policies across networks. It integrates cleanly with third-party products and supports compliance with most regulatory requirements. Although it is housed in a physical appliance supplied by Tufin, it can support cloud-based environments, such as Amazon Web Services. The appliance can be installed in a virtual environment but it must be on premises to enable poling the devices on the network.
One of the product's most valuable functions is doing comparisons to show what has changed on the enterprise. However, because it does not do auto discovery, this can be a tedious process and may not be completely reliable. Change discovery is only as reliable as the system's knowledge of what devices on the enterprise may be subject to change. While the Suite consumes data from third-party tools - certainly an acceptable approach - the data on enterprise devices are only as accurate and complete as what is provided by the third-party tool.
A key benefit of Orchestration Suite is users gaining visibility of what is going on in the enterprise presented under a single pane of glass. The SecureTrack module is, actually, that pane of glass, at least as a starting point. It proved an excellent dashboard and it was where we landed when we began the evaluation. We were presented with a high-level view of the enterprise and, grossly, what was going on in it. From the gross view we could tune down to a finer view using excellent drill down.
There is a solid policy generator that helps select the level of permissiveness of rules. The product has a unified security policy and the user can create matrices that help put various findings in context. Although Tufin provides rule templates, you will need to map the network into zones. We found this tedious - mapping usually is - but we know of no way around it given the architecture of the product.
However, Tufin does not provide any policies. You will need to create your own (e.g., PCI). The setup seems to us to be very tedious. For example, the tool does not do auto discovery. Devices must be added manually or through a third-party tool. Manual configuration of enterprise devices can be accomplished in a number of ways. For example, you can use a CSV file generated by some other tool. This semi-automates the process, but you are at the mercy of the third-party tool's accuracy and completeness.
The good news is that a topology map is created by mapping devices that the user adds manually. Since a lot of risk is generated by reachability, working from a topology map is a distinct advantage. Of course, all of the tools must have read-access passwords. But that can be scripted. There is a proprietary algorithm to do all of this, but in some regards this feels very tedious and old school to us.
SecureChange is the change automation module and it is based on workflows. We really liked this because this type of product can succeed or fail on the basis of how complete its workflows are. Policy and risk management tools can be extremely tedious to manage because of their size (in a large enterprise, anyway) and the precision required for regulatory compliance.
Workflows must be created and entered manually and, given that all organizations are different, Tufin supplies templates. However, because large enterprises have their own workflows, organizations can develop their own templates if they wish. The tool integrates with ticketing systems, such as Remedy or Service Now. The workflows automate the ticketing process for violations of policies.
===========================================================================================Tabula Rosa Systems - Tabula Rosa Systems (TRS) is dedicated to providing Best of Breed Technology and Best of Class Professional Services to our Clients. We have a portfolio of products which we have selected for their capabilities, viability and value. TRS provides product, design, implementation and support services on all products that we represent. Additionally, TRS provides expertise in Network Analysis, eBusiness Application Profiling, ePolicy and eBusiness Troubleshooting. We can be contacted at:
firstname.lastname@example.org or 609 818 1802.
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
Anyone who would like to review the book and have it posted on my blog or website, please contact me email@example.com.
In addition to this blog, I maintain a radio show on BlogtalkRadio online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahooa member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
Additionally, I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.