[REVIEW] Firewall Monitoring: Comparing Tufin to Firemon

[deanwebb]

As we're about to expand the number of firewalls we monitor by a significant amount, management wanted me to look at another vendor besides Tufin, which we use, to make sure we've got the right tool for firewall management in place. So, we called Firemon and they set me up with access to their online demo and I got to have an hour with an SE today to look over the product and ask questions.

EXECUTIVE SUMMARY: Firemon has lots of dashboards, with pretty colors. Tufin has better operational functions. Between the two, I feel Tufin is the stronger product.

FINDINGS: I wanted to have an open mind, going into the Firemon demo. Yes, I'm used to the Tufin GUI, but what if a new hire got dropped down in front of these products? Which one would he prefer? Which one made things easier to do?

Firemon's GUI kept taking a while to load, and there was lots of clicking to get at good info. Lots of tabs, sub-tabs, and hunting in the GUI.

Tufin uses a left pane with device info and a split-panel display in the main section, kind of like Outlook or ASDM. Made getting to info much easier.

Firemon showed changes between configs with color codes only. Tufin uses colors and shows configs side-by-side when comparing. The side-by-side is much easier to read.

Searching for objects or rules in Firemon uses a SQL-like search syntax, which they call SIQL. Tufin uses straight-up search boxes. While I could see where having SIQL would allow for some sophisticated queries, most of what we have to do when working a firewall ticket is pretty simple - IE, determining if objects or rules already exist or which firewall controls access to the 10.75.210.0/24 network. Tufin delivers those results faster and in a more readable way.

Both have add-ons that allow for a ticket creation/workflow procedure, but Tufin's allows for configuration out of the box. Firemon requires pro service engagements to customize workflows. Firemon plans to have code provisioning on its roadmap while Tufin can provision code to major vendors' firewalls.

Neither currently has support for Sourcefire modules in ASA firewalls.

Finally, when displaying rules, groups, and objects, Firemon has its own proprietary layout that takes some getting used to. Tufin shows them the way they appear in the GUI for that type of firewall. Both support hovering over objects for more details, such as IP addresses, ports, things like that.

Tufin wins out for me primarily for the speed of its response and the clarity of its responses. Those two things make it the most usable of the two products.

[Reggle]

Thanks for the info - Maybe you should turn these sort of forum posts into proper 'reviews'. I'm thinking tag or "[Review]" in the title.

[deanwebb]

Good suggestion. Done!

And if anyone else wants to compare products, please do so! Comparing one vendor to another is good, as would be comparing different offerings from the same vendor.