When Tufin Co-founders Reuven Harrison and Ruvi Kitov first developed SecureTrack, the product was primarily focused on change tracking, in order to provide firewall administrators a way to gain visibility into their rule bases. At that time (around 2004), there were very few tools available to provide any sort of insight into a rule base beyond what you could see on a firewall management console, and they provided very basic configuration management.
A lot has changed since then. The market for firewall management solutions is mature - we have automated very granular and sophisticated policy, risk, compliance and change management capabilities, and the road map is only getting longer. However, despite all the cool and increasingly necessary additions, when it comes to firewall rules, administrators tend to make the same mistakes, and have the same challenges. The main difference is that the environments they are making the mistakes in are much more complex. As a result, the potential fallout from those mistakes may be more severe, and likely impossible to resolve without automation.
I encourage you to take a look at my recent article on firewall metrics. I came up with these benchmarks based on my own experience as an administrator, and from extensive interaction with Tufin customers. Did I get them right? Did I leave something off that is essential to your organization? If you are using Next Generation firewalls, have they changed what we should measure and why? We'd love to hear from you, so let us know!