AlgoSec alternatives and competitors

I am a contractor and I work on security. At this company, we primarily use FireMon for firewall rule analysis and as part of our firewall rule certification process.

Our environment is on-premises using VM hosts.

With respect to compliance management, this product does cover some of the compliance factors, although not all of them. For example, in terms of accountability, it has all of the data available for third-party rules and auditing. It can produce a comprehensive report. However, compliance has its own set of requirements.

We planned on having divisions for about 400 days but at 700 gigabytes, the file size was too large and it was interfering with our database backups. Consequently, we had to cut it down to 100 days, which means that we're missing 300 days of divisions. The fact that we no longer had a complete view of 400 days of data was a setback for us. Otherwise, the metadata has been pretty handy.

We do not run assessments on new firewall rules before they are deployed, but we can set it up in such a way that compliance can be checked automatically once we push a rule to the firewall. If there is a problem then the new rule will be flagged. As it is now, we do all of the compliance assessments manually. The reason that we don't use the compliance module in FireMon is that it creates a heavy load on our CPU.

Prior to FireMon being implemented, the company had Tufin running to conduct assessments. They were flagging some rules, based on the subnet categorization that is defined in Tufin. However, those kinds of assessments were not really accurate. They also weren't making any changes to the rules that were problematic.

When they brought in FireMon, we started to run reports that are pretty precise. They were more accurate, and based on the firewall zone definitions. We began to flag rules that made sense and we also started to analyze them. Afterward, we were able to get rid of a lot of risky rules. There were a lot of shadow rules identified that we cleaned up. The agenda was to make sure that the security compound or security footprint within the company is safe.

For this task, FireMon has been very helpful in terms of flagging such rules so we can drop them and improve the security of the infrastructure.

FireMon has improved our compliance process in terms of the time and effort required to create compliance reports. As far as the rule recertification is concerned, it's made it easier for us because it's just one click to explore the metadata of each firewall rule and its information. For example, we use owner fields, technical descriptions, review dates, next review dates, and exceptions, if there are any exceptions. With all of the metadata in place, it can be given to the compliance team.

This solution has helped us to decrease errors and misconfiguration that increased risk in our environment. By using the system that we did to flag risky rules, we were able to identify problems and mediate or eliminate them. We are still working on this but at this point, we have completed 80% of our cleanup. It has been helpful.

FireMon helps to identify and prioritize fixes, although we do the repairs manually. This is something that is necessary when you consider our network and how our firewalls are configured. FireMon does provide suggestions and we make use of them, but we conduct our own manual analysis in addition to the reports. This acts as a valuable double-check for us, which is very important for our security posture.

The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, hit counts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule.

The logs product documentation and metadata that is very useful for compliance purposes.

Usage reporting, including hit counts, is helpful for analysis. It comes in very handy when we can see how the firewall rules are being used because it can help us clean them up.

Fireman has helped us in terms of being able to clean up firewall rules in a large environment, first of all, by helping to identify the risky rules. Rules are flagged using the filters, based on the zone metric definitions. We then refer to the object usage reports that we get within a group, along with the traffic analysis that we get from Splunk, and all of this is considered when it comes to making a decision. The rule might stay the same, be modified, or be dropped. FireMon has given us the extra ability to be able to do this.

We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless.

We have been using FireMon since the start of 2019.

Stability-wise, we did not have any issues.

There are no issues with scalability.

We have different business units in different countries. For example, we have users in Hungary and they're a different business unit. They're not given access to the firewalls or Panorama, although they were given access to FireMon where they can view the policies related to the Hungarian firewalls. There are between 10 and 15 people in the Hungarian business unit that use FireMon on a regular basis and their role is to view the policies.

We have a few people from the NetOps team and the network technical center team that use the rule certification process, and they collect statistics on rule usage. These teams have mid-level privileges on the system.

I have superuser privileges, and there is one other person that has the same access I do. He uses it for documentation on the firewalls for our offices in the Netherlands and Poland. Aside from these, we have other people who use it more generally for things like viewing rules.

FireMon is being extensively used within the company and we have a few new users being onboarded next week. They are part of a third-party contract and the user count will increase, although I don't think that any new modules will be added.

I would rate the support a nine and a half out of ten.

They were really proactive and helpful in terms of support when we had issues. The servers have been pretty good and we haven't had any problems with them. There will be minor bugs and all of that, but they're always helpful and things get fixed with the next release.

Prior to FireMon, the company was using Tufin.

The reason that we switched is that somebody in the company decided that they wanted to have a one-stop solution for pushing the policies to the firewall, and for automation of policies to facilitate compliance. FireMon had the capability, which was proven with a PoC.

Everybody liked the solution and that's why it was implemented. Ultimately, the one-stop solution was not used because, with our Palo Alto firewalls, it has been decided that Panorama will push the rules, rather than FireMon. At this point, I can't see that changing in the future. Panorama is not going anywhere because that is how the firewalls are managed. At the same time, they wouldn't want to rely on FireMon to push rules to Panorama, so this is why the system will stay as it is.

Overall, however, the capabilities are better compared to other similar products.

The basic implementation was straightforward but when you're talking about configuring the servers and all of the other steps, for a tool of this size, it's never straightforward.

For example, when configuring the servers, you will still have minor or major issues that you have to tackle or have to fix during the initial implementation. It may be straightforward to do so, but fixing problems will always lead to other problems in the process.

Overall, it was an easy implementation, but at the same time, it was ongoing. Our deployment did not take more than a month to complete. This included adding the firewalls from Check Point, which was done in advance of setting up FireMon. We had to set up the CPMI log collectors and then configure the Check Point dashboard to forward all of the logs to FireMon. Although it was time-consuming, I think it took less than 20 days in total.

With respect to our implementation strategy, we followed a basic approach. We started with installing all of the servers, and then we had to move all of the devices from Tufin to FireMon. We had three vendors including Cisco, Check Point, and Palo Alto.

We added each firewall vendor separately and we made sure that all of the logs were being forwarded to the data collector. This is where we get all of the log data hit counts, and we have to make sure that all of the devices are being retrieved successfully, without any issues. We also had to ensure that nothing was impacting the performance of the servers and there were instances where we had to wait for the specifications of the server just so they could meet all of the performance requirements. For example, the retrievals and all of the log data had to work properly.

All in all, there were a lot of steps and we had to get support tickets throughout. Thankfully, the support was great. They were very helpful during the initial implementation stage.

I was part of the implementation, testing, and onboarding processes. I have been part of the day-to-day operations, as well. I am the only person doing the maintenance and taking care of the tool.

Maintenance involves upgrading the servers, and we have to make sure that all of the backup files are generated on time. Also, we have to check that they are being transferred via SFTP to our backup server. Basically, we have to make sure that the servers are healthy and nothing's causing any problems.

This is an expensive solution. The cost of three modules for three years was approximately one million. There are no costs in addition to the standard licensing fees.

The company evaluated AlgoSec and a few other tools, ultimately zooming in on FireMon. It was after the initial evaluation that the PoC was done.

The latest release is version 9.4.2 but we only upgrade to the version behind the most recent release. This is so that we are more aware of what the issues with it are.

We have a module called Policy Planner that facilitates the automation of firewall policies across large multi-vendor enterprise environments, but we never use it in practice. We bought the module and we tested it. In fact, we had plans to integrate with ServiceNow for the automatic policy portion, but the organizational policy here is to make changes only within the Panorama. Essentially, we have the technology, but we can't make use of it.

This is definitely a product that I recommend, based primarily on how it compares with other similar tools. 

I would rate this solution a nine out of ten.

We have a lot of ASA firewalls. We primarily use the product in order to lay down the rules and try to find out if there are any duplicate rules that need to be cleaned up, et cetera. It is mostly tasks like that.

The solution is very straightforward to use. It makes doing our work easy. The product is very good at helping us clean up rules.

We've found the stability to be quite good.

The solution is quite scalable.

The older version that we have doesn't support some newer firewall vendors. I'm not sure what the status of integration is right now on the latest version, however, it would be nice if they updated the older versions to allow for better integrations with firewalls. 

Sometimes the solution does take a bit of time to load. That said, it is a pretty old version, and that may be the main reason this is the case. It's possible that if we just upgraded to the latest version everything would go faster. 

Everybody wants to implement some kind of standard rules, however, it's difficult to standardize everything due to the fact that each company is unique. That said, if there was some sort of universal guide to ensuring firewall rules were compliant, that would be helpful. 

I've been using the solution for a year and a half to two years at this point. It's been a while. I've definitely used it over the last 12 months or so.

The stability has been good. I haven't experienced any bugs or glitches. It doesn't crash or freeze. The stability has been reliable in terms of performance.

I find the product to be easy to scale. Adding new firewalls is pretty straightforward and it handles the process well. If a company needs to expand and add more firewalls it shouldn't be a problem at all.

I would say six or seven people are using it and they're network operation people who have to deal with day-to-day firewall management, putting in new firewall rules, et cetera.

I've never had an opportunity to reach out to technical support. I can't speak to how knowledgeable or responsive they are. I have no experience.

The initial setup happened before my tenure with the company. I was not present when it was set up, and therefore I can't directly speak to my experiences with any implementation. I do not have a sense of if it was difficult or straightforward, and I can't say how long the deployment took. 

There is a bit of maintenance required, in terms of adding new rules, et cetera. We have individuals on staff that can handle that.

I don't have any issue with the pricing, however, I was not the purchaser. I can't speak to the exact cost for our company.

While I was using Tuffin, I did want to evaluate AlgoSec. I wanted to compare the two to see which was better. In the end, I've decided I would stick with this product.

We are just a customer and an end-user.

We are not using the most up-to-date version of the product. We are using one of the previous versions. I cannot at this time remember the version number, however, it was pretty old. We had a plan to upgrade, and then unfortunately ended up not doing that.

I'd rate the solution at a nine out of ten as it helps us do our work. We're mostly quite happy with its capabilities.

We haven't deployed the solution with any company yet; we're thinking about it. As a product, I know it from a previous organization. The only features that I like about it are its simplicity and its ease of use. 

Overall the solution does a good job.

The solution lacks a lot of features that other products have in the marketplace.

The solution needs better visual representation and better reporting. The reports sometimes are not as good as what is offered by other competitors.

The dashboard is sufficient, but it's not as intuitive as many competitor dashboards.

The solution needs a better graphical visualization so that you can see the rules.

Just generally, the solution needs to have the ability to do much more granular level visualizations. This is especially necessary around the policy engines. Users should be able to create network segmentation zones and then do what-if scenarios so that they can understand the impact and do more fine-grain impact analysis of new rules before deploying them.

I've been using the solution for about four years.

We haven't deployed the solution yet, so I can't speak to how stable the solution is.

We haven't deployed the solution yet. In my past organization, it was used for a very small deployment. I have no experience of how good it is in terms of scalability. We will need it to scale if we do use it.  That feature will be something that would be important for us if it's effective.

I don't deal with technical support or handle technical issues related to the product.

We haven't attempted deployment of the solution, so I can't speak to the implementation process.

My job is to evaluate other products in the marketplace against our company's requirements. I've looked at AlgoCircle, Twofin and Skybox. Many of these are more suited for enterprise-level organizations and have far more features than ManageEngine.

We're not personally using the solution. We provide services for it and consider using it for our clients.

I can speak about the product, however, I cannot discuss how the solution is deployed or anything around that.

My job is to evaluate platforms and technologies.

It's a good product, but I'd advise those considering the solution to also evaluate other products in the marketplace against their requirements and then decide that if they want something quick and fast and relatively cheap or not. For quick and cheap, ManageEngine ticks those boxes. If they want something that's more feature-rich and more capable, then they probably need to go to something, like AlgoCircle, or Twofin or Skybox.

I'd rate the solution six out of ten. I'm looking for much more advanced capabilities that ManageEngine hasn't quite got yet for basic deployment. For a small enterprise of maybe 10, 20, 50 firewalls, it's fine. When you're in an environment where you have over half a million rules in the environment, it's not as good.

We primarily used the solution for model sites, on the configuration side of things. We also used it to review certain port services, etc.

The port division management was the solution's most valuable aspect for our organization.

The solution was quite technical. It would be easier to manage if the solution was more specific about certain aspects and provided more advisory around how to use it effectively. It would help users a lot if they were more clear about everything.

The solution requires more integration in terms of automation features.

It would be great to have proxies, IDs, IPs, firewalls, certain network centers, etc. on the solution. If more of that can be looked at or reviewed from a Skybox standpoint it would be helpful. The solution needs to expand its scope.

We had been using the solution for about a year. It hadn't been too long.

For us, the stability of the solution was okay. Our organization managed to use it just fine.

The solution isn't great at scalability. I'm not saying it is not scalable, but then, of course, companies have to test and see. For us, when it came to scalability, there were always question marks as to if it could be done effectively. We were never 100% confident in its capabilities. For us, and the environment we worked in, we were somewhat sensitive to scaling with this solution.

There were two types of users for this solution in our organization. One type of user had full access to the tool and they were the leadership team, IT and security. The other type of user had access to automated reports. There were about 200 people who had access to this.

We were never in touch with technical support. I can't speak to how helpful they were. We had a team that dealt with technical support, but I don't recall ever hearing from them about how good or bad the service was.

We've since moved from Skybox to another solution, therefore, we aren't using it anymore. About four to six months ago, we migrated from Skybox to another tool called AlgoSec.

I'd advise other companies to scan the solution from time to time and be mindful of it. It's also important to make sure the services of the tool are enabled for the actions a company will need to handle or monitor.

I'd rate the solution seven out of ten.