Just looking for some general feedback from others on what is being used for rule base and object cleanup. Are you using an external vendor products, or are there other tools/tricks out there.
We currently use the Tufin Secure Track product,(we did a comparison between Firemon, AlgoSec & Tufin as few years back).
But to be honest we have found that we are not really using most of the features of the Tufin product.
Currently the main feature(which I really, really like), is the reporting feature that is used for Rulebase & Object Cleanup. Where if you had a firewall rule with multiple hosts or multiple services in it, it would basically give you a hit count/ per object on the rule. So it was very easy to identify if a particular host or service was getting any hits over a period of time.
The point is that it makes it very easy to find an object that is unused per rule vs. just being an unused object for the entire policy which can be identified in Smart Console.
If there was an easy way to accomplish this same thing another way, I don't think we would even need Tufin.
Wondering what others are doing, and if there are maybe tools out there that I am not aware of for helping with policy cleanup tasks.