Tufin Customers Saw a 94% Reduction in Network Change Efforts, Driving Stronger Security Posture and Faster App Delivery, Finds Total Economic Impact Study.

Customers Realized Significant Additional Benefits in Audit Preparation, Reporting, and Risk Reduction, Achieving a Payback Period within 6 Months and an ROI of 144%

BOSTON – June 27, 2023 – Tufin®, the leader in network and cloud security policy automation, today announced the results of a recent Forrester Consulting Total Economic Impact™ (TEI) study. 

The modern network environment is constantly changing, with development teams moving at a rapid pace to bring new applications and innovations to market as quickly as possible. The need to support this agility forces network security teams to move just as fast, which can become a challenge, especially when security policies, rule changes and audits are managed manually.

With Tufin, customers can automate the application of security policies to new products, ensuring that delivery speed and security compliance don’t conflict with one another. This means that applications can be deployed faster because configuration and policy validation are automated, while incident response efforts can be accelerated because of a reduced attack surface and improved accuracy.

Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.

Key Findings
The TEI study identified the following benefits for the composite organization representative of interviewed customers using Tufin:

• 94% reduction in the effort needed to analyze and implement network changes
• 85% decrease in effort needed for ongoing rule maintenance
• 95% improvement in audit response and reporting efficiency
• 75% reduction in effort for application connectivity management
• 80% reduction in risk of a breach due to vulnerabilities

“Networks are evolving fast and security teams need to adapt quickly to protect both traditional infrastructure and the latest cloud systems,” said Jeff Wilmot, Chief Revenue Officer at Tufin. “Here at Tufin, we strongly believe that the only way to deliver a more stable, efficient and resilient network is to provide end-to-end visibility and automation that doesn't compromise performance. It's validating to see the results of this TEI highlight our success in doing so.”

The TEI study also noted that: “Prior to using Tufin…organizations relied on spreadsheets and manual processes to manage security policies and network change processes. Prior approaches left them with burdensome levels of manual work for security and network staff, lack of visibility into vulnerabilities and connectivity errors, and difficulty responding to audit and reporting requests. These limitations led to increased risk of breach and high costs to manage network security and compliance activities.”

Following the investment in Tufin, “...interviewees’ organizations automated network security policy management activities, enabling network changes to be analyzed and implemented faster, security policies to be applied consistently across network environments, connectivity management efficiencies, and easier response to audit and reporting requests. Key results from the investment include reduced risk of breach and noncompliance, security policy management labor savings, audit and reporting efficiencies, and acceleration of application and service provisioning.”

Customer Interviews
Several Tufin customers were interviewed by Forrester Consulting as a part of the TEI study. Some of their feedback included the following:

• “The top benefit we’ve experienced with Tufin is speed, which means that we fit into the company’s agile vision.  If they want to deploy any application, all they have to do is access Tufin and make a request. Then, we can implement it in hours instead of weeks.” - Technical lead, security, financial services
• “Before, we were always focused on getting the proper rules in place and not being able to do anything else. We would have to look into every environment and which firewall goes where, which was difficult due to the complexity of our environment. We would spend a large amount of time researching which enforcement points would need to be implemented and other security rules.” - Technical lead for security, financial services
• “We don’t have to write the code, we don’t have to have it approved by another team member, and we don’t have to schedule a change itself because provisioning has been taught and implemented into Tufin [SecureChange].” – Network security lead, financial services
• “With Tufin, we can keep track of rules and see when they haven’t been hit for three months so we can then instruct a junior engineer to submit a cleanup or rule decommission. It's all tracked within the system so we know what’s been disabled and what’s still active. It helped us to clean up the firewall rules.” - Technical lead for security, financial services
• “We were spending days of multiple engineers’ time trying to prove to auditors that we had policies in place. With Tufin, we can generate reports in minutes or a few hours if it’s a large amount of data.” – Technical lead for security, financial services
• “In the past, connectivity engineers would have to fulfill all of the connectivity information for the rulesets. But now, the application owners can directly log in to Tufin, find the application, and automate all of the objects in it. That means they can create their own connection and start the change workflow. We do not need security engineers to set it up. The business owners can do it on their own.” – Product owner for security orchestration, telecommunications
• “We can deploy the applications more quickly to the customers and they will work on all of the systems and buildup will be faster. We have a clear process, transparency on what’s going on, and can verify quality when something goes wrong.” - Product owner for security orchestration, telecommunications
• “We can refocus staff on what their job really is: posture analysis, attack vectors, efficiency, and flow. It’s allowed our staff to move from very low base rule writing up to a kind of engineering level of analysis, which is higher level and much more enjoyable.” - Director of cybersecurity engineering, financial services

This study was commissioned to examine the potential return on investment (ROI) enterprises may realize by deploying Tufin. Results are for a composite organization, and provide a framework for potential customers to evaluate the financial impact of a solution on their organizations. 

To download a copy of the Forrester Consulting case study commissioned by Tufin titled: “The Total Economic Impact™ Of Tufin, May 2023,” please click here.