AlgoSec Reviews

We utilize this solution to manage policies for our firewalls. At first, we used it to keep a record of our policies: Who changed something, when, and whether the policy is allowed or not. We now use it to map our traffic flows and to flag a policy that is not allowed by the criteria we have set for our different types of firewalls.

We used it initially to go through all of our policies on over 800 firewalls, to organize the policies and map out our policy flows to certain zones. That enabled us to know how to structure our policies.

We spent a year going through our firewall policies to clean them up because before, when we were on Cisco ASA firewalls, we had a very hard time regulating what types of firewall policies were being created, and it was even harder to review them. After we moved to Palo Alto firewalls, we decided that that was the best time to load our policies into AlgoSec and review them. That way we not only converted to a more capable next-generation firewall, we could also ensure the policies were strong.

AlgoSec has helped significantly with our firewall compliance. Before AlgoSec it was a very manual job to go through firewalls and look for risky rules. Now, we get alerts when a risky rule is created. This allows us to maintain compliance and run compliance checks monthly. As a result, we have saved many hours of work by our operations folks. They were the ones who had to manually review all of the firewall policies and create evidence of their review in a very scrappy fashion.

With AlgoSec, we can show a view of firewall compliance that is clean and easy to read and present. This also helps our business units ensure their policies are clean. With that data, we are able to show management that the firewalls connected to our network, but owned by other business units, meet our standards.

We like that we have been able to identify risky rules, based on the criteria we have set. We also like the ability to push policies from AlgoSec to the firewalls to ensure risky policies are never created in the first place. That's a feature that will help us in the future as well.

We are moving towards an automated environment so the ability to work with Ansible, ServiceNow, and Palo Alto gives us the ability to automate our firewall policy creation. And it does so in a manner where we do not have to worry about a policy being created that may put our organization at risk.

Support for Layer 7 policies, including User-ID and threat profiles with Palo Alto firewalls, has been a pain point from us. We would like to include the additional info specifically because we believe it changes the riskiness of the rule if it is only set for a specific user or a group of users. For example, if we have what looks like an "allow all" to a certain /24 network, but for only one user, we would give that a different score than if no user was identified.

AlgoSec has been very stable for us.

It scales well.

We have had our issues resolved very quickly.

We used Tufin. 

The initial setup was very simple. We just set up SNMP.

We used a vendor team and they were great.

The ROI for us is the great assurance we have in the security of our firewall policies.

Be sure to scale properly.

We evaluated Tufin.

This solution will help you significantly with compliance, the part of your job that may not be your favorite.

We are using AlogSec mainly for firewall compliance reporting as well analyzing and evaluating firewall policy. That, in turn, means we can actively work on firewall policy optimization and elimination of unused and risky rules. We also using it for compliance reporting. 

The solution has helped us a lot in improving our firewall security optimization as well in evaluating security policy to eliminate the risky rules or secure them. 

Its reporting modules solve all our monthly and quarterly compliance-related reporting requirements. 

Currently, we are using almost all the features of the product to take as much advantage as we can of what it offers. But our primary use is compliance reporting and the Firewall Analyzer helps us achieve our various IT compliance requirements, like ISO-27001.

There is huge scope for improvement in the level of support, especially around the issue of resolution time. That is the only negative point I find in the solution. I hope you guys will work on it and improve your resolution time which will help customers to keep their AlgoSec device healthy.

In the six years we have been using it, we have never seen an outage or failure of AlgoSec or any other software-related failure. 

The product is very scalable. We have never faced any issues related to the scalability of the product. 

As an individual, my experience has been good, but in terms of technical-issue resolution, I am not 100 percent satisfied because of time the AlgoSec team takes to fix issues, some of the time.

Previously, we were using Tufin but we found that solution more complicated when compared with AlgoSec. 

The initial setup was straightforward because of the well-defined GUI platform.

We implemented it in-house.

Given that we have been using this product for the last six years, there is no question about ROI. If we were not seeing ROI, per our expectations, we would not continue with the product. 

AlgoSec is not much more expensive compared to other products available in the market.

We evaluated FireMon but it was more complicated than AlgoSec and did not fulfill our basic requirements. 

Overall, AlgoSec is doing a good job.

We are using this product mainly for firewall and network management. It detects any firewall and network changes that are done manually and not within the change control time window. Finding out the traffic is blocked or not using BusinessFlow is really good.

It didn't improve in my organization. There is a lack of documentation when communicating between the AlgoSec appliance and the other appliance. When we raised these concerns to their support, they were not able to help us with the issues.

We loved the automatic policy or network topology change features in the AlgoSec appliance. It detects the changes and alerts when someone is trying to make changes in the firewalls or network devices during abnormal change-time windows.

It detects if the requested network and ports are getting blocked by the network or firewalls by a simple query, which helps to identify the network blocking firewalls in the topology.

1. AlgoSec support needs improvement, and support needs training to better understand customer issues. ( Support team repeatedly fails to understand the customer issues, Response to the support ticket based on the severity is very poor, support team responses to severity 1 or 2 tickets are very very slow. Customer support representative need training on how to handle severity 1 or 2 tickets)
2. Integration with other appliances needs improvement. ( AlgoSec integration with other ticketing systems like Service Manager / Service now is not good, It needs to have better integration with ticketing systems like Service Now and Atlassian JIRA)  
3. Documentation needs improvement. ( There is lack of documentation integration with other ticketing systems like HP service manager, Rest APIs, SOAP)
4. There are limited sets of Python API calls, so they need to add more features in the API.
5. The FireFlow template does not allow the user to perform external actions like sending an email or triggering a specific action. It needs improvement there.

AlgoSec support is very, very poor. Their support engineers do not even understand the problem or the severity of cases. AlgoSec is pretty bad with handling hardware appliance failure.

This is the first solution we used.

My advice is to please make sure that you evaluate other competitive products before choosing this solution.

The price is high but the support is extremely poor, so keep that in mind before choosing this product.

We evaluated FireMon before choosing this solution.

We use this solution for the management of firewalls on a client with a multi-vendor landscape and a low maturity level in terms of security operations and mechanisms. The AlgoSec tool supported the necessary transformation we were helping the client with, centralizing and simplifying the management of all firewalls in several sites across the globe.

AlgoSec is a powerful firewall management tool. I have supported a client implementing the firewall analyzer in an environment with several firewall vendors and poor management. The implementation went smoothly, with good support from the AlgoSec team. However, the configuration was tricky due to the maturity of the client and the ‘messy’ situation, and the internal know-how available regarding what was implemented on the multiple sites.

The most valuable feature is that the tool is capable of simplifying firewall management and configuration in an automated fashion. Additionally, the fact that it is also possible to implement a FW management workflow clearly supports the improvement of the 'way of working' and operation of the FW environment.

The network mapping interface could be improved in the next version. In a complex landscape, with several nodes/equipment, it can be somewhat more difficult to properly visualize the network map. It requires several zoom-in and zoom-out operations, and it is not so visually appealing. Nevertheless, it is still a valuable feature and was highly used by my team.

We evaluated other options before choosing this solution including Skybox and Palo Alto Panorama.

Do not underestimate the configuration effort, especially on a more complex landscape.

We have deployed the first brick of AlgoSec solution suite, Algosec Firewall Analyzer (AFA).

We wanted to get a live Network Mapping and to directly be able to check if a flow is allowed or not, without needing to test and then check the logs. We also need to check for compliance, baselines, and risks over our network.

This solution provides visibility and comprehension of the network in our organization. It assists us in network security reviews and audits. In the end, a lot of time, we add context and build a security matrix matching our own standards. The optimization tools are much appreciated by the network operators.

The What-if analysis allows us to check the security rating under hypothetical rules that may be implemented on our firewalls.

Baseline compliance allows you to run and check the results of commands on the Firewalls and Routers. This solution is perfect for checking compliance against best practices, as proposed by the CIS.

The user interface is better than some competitors, but it is starting to get old. Space is not always fully used, especially for the risk and compliance part. As example today, Excel file should be used to deal with network segment definition and risk matrix, it is hard to do it directly from user interface and there is no way to organize, order a set of test.

Priority should be to improve the user interface for the risk and compliance part, making it more responsive and user-friendly.

We have had no problem with stability to this point. We have High Availability and have tested it correctly. Disaster recovery mode is also available.

Scalability seems to be one of the strongest points of this solution. Worldwide architecture with remote agents, or slave master architecture. Be careful in terms of how you will deal with the log management as to not impact your network. A distributed architecture can help.

We have one ongoing ticket to solve an issue with SSO. They are working on it seriously.

We did not use another solution prior to this one.

The initial setup is long. The more knowledge you have of your network, the faster it will be.

We implemented with the help of Orange Cyberdefense.

Their expert is very good, and honest with respect to the solution's capabilities.

Licenses are provided by firewall and routers. Do not underestimate the number of routers because the price can be significantly reduced as you buy more licenses. Same if you go for more than one product (i.e. FireFlow, BusinessFlow)

Before choosing this solution we evaluated FireMon and Tufin.

The solution helps us to accurately determine rule use and where we can make improvements across our checkpoint firewall products. We had originally designed a few dozen clusters of firewalls that experience a heavy network flow with a multitude of rules, and it has been a doddle to harness the power of AFA to get the ball rolling.

AlgoSec has highlighted to us a huge number of unused rules and restored the confidence in us to remove them where appropriate. At the same time, it enables us to consolidate and enforce the point of reach prior to searching a rule base to check access for an application or user. Breaking down a rule to specify used objects within groups and protocols has proven invaluable for us because we are able to narrow exposure to potential threats, and more generally, areas in which we are exposed.

Reporting features are a godsend when it comes to executive review and monthly directorship calls.

Most of the features proved to be very useful within our massive setup, with some getting additional airtime during production changes. Our perimeter team uses the policy optimizer to search out unused objects in rules and determine when the rule was most recently hit accurately.

From my personal experience, the traffic simulator can be used to check if a request from a user or project is already a function enabled, or instead, we have an access change to implement. This saves an enormous amount of time during CAB calls.

The risk and compliance area is key to ensuring we conform to company regulation and our perimeter detection policy. Having a number of compliance options to baseline ensures that we get the basics right before looking at advanced risks and remediation.

Some UI experience is a little clunky (for e.g. MAPS module) and could be made more user-friendly.

We experienced some initial challenges with technical support, although this considerably improved once the teams got to know one another.

The API support isn't as versatile as we would like it to be. It needs more integration.

The product and appliances have been very stable.

This solution has no problem with scalability and is easily able to integrate with firewalls in their thousands.

We had some initial struggles due to communication, but once ironed out it was smooth sailing.

Straightforward initially, and versatile well into production.

We implemented this solution through our vendor.

I use this solution to have full visibility of the network, to simulate traffic queries, and to generate security reports according to the security policies of my company. We also use AlgoSec to perform audits concerning Firewalls and Network compliance.

AlgoSec AFA and AFF automate lots of things for my organization. The products are really useful for both security and network teams. It had also provided more control over the network. After Firewalls are boarded into AlgoSec, the first results appear quickly.

AlgoSec is not completely deployed inside my organization, so for the moment the most valuable features are the network map, which provides the full visibility of the network, and the security reports. The AFF module is really valuable for different teams.

The risk matrix implementation is not easy from an Excel file, so it would be nice to have a solution for creating it directly within the web interface. This would be an improvement.

This was the first solution I chose.

The price is adapted to the product's utilization for each company.

We also did a PoC with Tufin and FireMon.

The product is a very good tool to manage network traffic and devices.

AlgoSec is used on a daily basis by both our IT and IS groups to manage BAU and FW change requests. It integrates with ServiceNow, PaloAlto, and our SIEM tool. It helps to perform FW cleanup, regulations requirement, FW migration projects, etc.

AlgoSec has helped me in the last three companies that I have worked for. I was working to do Firewall migration projects, FW cleanups of risky rules (FW policy optimization), process def between IT and IS, audit, SOC reports, GRC support, and Cloud support in both native and Hybrid environments that we use. 

The features that I have found most valuable are:

• Great visibility for High-risk firewall rules
• Mapping business risks
• Mapping risky applications
• Informative regulation reports for PCI-DSS, ISO 27001 and many more
• FW cleanup recommendation
• Easy logging capabilities with leading SIEM products in both LEEF and Syslog formats

I would like to see Bi-Directional API support in order to integrate with SOAR platforms that provide SOC automation and IRR.

Integration with CISO dashboards would be an improvement.

It would be nice to have support for IaaS, CASB, and DLP tools, which will allow full life cycle management of security incidents.

It would be nice to have an out of the box "best practices recommendation" with the relevant "what-ifs". 

This solution scaled to our entire enterprise in a seamless way.

We also used Tufin, but AlgoSec provided us better visibility and ease of use.

My advice is that you must do a POC and show value.

We did not evaluate options other than AlgoSec and Tufin.