AlgoSec Reviews

We have deployed the first brick of AlgoSec solution suite, Algosec Firewall Analyzer (AFA).

We wanted to get a live Network Mapping and to directly be able to check if a flow is allowed or not, without needing to test and then check the logs. We also need to check for compliance, baselines, and risks over our network.

This solution provides visibility and comprehension of the network in our organization. It assists us in network security reviews and audits. In the end, a lot of time, we add context and build a security matrix matching our own standards. The optimization tools are much appreciated by the network operators.

The What-if analysis allows us to check the security rating under hypothetical rules that may be implemented on our firewalls.

Baseline compliance allows you to run and check the results of commands on the Firewalls and Routers. This solution is perfect for checking compliance against best practices, as proposed by the CIS.

The user interface is better than some competitors, but it is starting to get old. Space is not always fully used, especially for the risk and compliance part. As example today, Excel file should be used to deal with network segment definition and risk matrix, it is hard to do it directly from user interface and there is no way to organize, order a set of test.

Priority should be to improve the user interface for the risk and compliance part, making it more responsive and user-friendly.

We have had no problem with stability to this point. We have High Availability and have tested it correctly. Disaster recovery mode is also available.

Scalability seems to be one of the strongest points of this solution. Worldwide architecture with remote agents, or slave master architecture. Be careful in terms of how you will deal with the log management as to not impact your network. A distributed architecture can help.

We have one ongoing ticket to solve an issue with SSO. They are working on it seriously.

We did not use another solution prior to this one.

The initial setup is long. The more knowledge you have of your network, the faster it will be.

We implemented with the help of Orange Cyberdefense.

Their expert is very good, and honest with respect to the solution's capabilities.

Licenses are provided by firewall and routers. Do not underestimate the number of routers because the price can be significantly reduced as you buy more licenses. Same if you go for more than one product (i.e. FireFlow, BusinessFlow)

Before choosing this solution we evaluated FireMon and Tufin.

We have been using AlgoSec mainly to review/filter duplicate firewall rules and policies.

It helped us clear out almost half the work by identifying the rules automatically with no manual work, which is very cool.

The analysis and visualization part has given us a great insight into our perimeter security architecture. Also, the top 100 policy report usage is a pretty cool feature that I like the most. It also helps us from an auditing standpoint as well to make sure we meet our compliance demands.

I think the product is great from an overall observation, sometimes speed is an issue but I think it could be improved a little bit from a parsing perspective.

• It can identify the policy rules in the firewall that have a high risk and could have an impact on network infrastructure.
• It suggests solutions to these issues, and provide compliance reports by standardizing PCI-DSS, ISO 27001, SOX and more.
• It can monitor policy changes, and who made those changes.
• It generates a topology of the network when it has scanned the network.
• Using the network mapping, it identifies bottlenecks.

We have improved the performance of the firewall to handle requests and responses to/from clients as reduces the number of policies that are needed when the network is exposed to high risk.

They need to improve auditing of IP tables, as only monitoring them does not reduce their vulnerabilities.

I used it for nine to ten months.

No issues encountered.

It is quite stable for 24-hour network monitoring.

There is no problem in the process of scanning and monitoring firewalls, and IP tables in
considerable quantities.

8/10 as they were quite fast in responding to my issues.

10/10 as the technical support provide assistance if there is a problem via both email and telephone.

I have not used a different solution previously.

The initial set up is a bit complicated, because you have to open special ports in the firewall, and give open access to be able to read the configuration topology mapping in the firewall. This means that the process of scanning and monitoring AlgoSec can run smoothly.
Unlike the case with the initial setup for monitoring IP tables, you must use the root access serve (sudo su) so that the process of scanning and monitoring AFA could run smoothly.

We implemented this in-house.

The advantage is that it can really optimise configuring firewall policy rules, and can
reduce the configuration that is vulnerable. It can provide solutions to make policy rules more simple and efficient.

If you want to conduct an audit of firewall and want to optimize the configuration, you can try and use AlgoSec.

I didn't evaluate other options.

Be patient and careful when doing the initial configuration of the firewall with AFA, but after the process is completed, everything has to run smoothly.

An example screenshot of network mapping results from AFA. Network mapping can
be useful also to detect if there is a connection network traffic is interrupted and can assist in documenting the topology that is owned.

The following screenshot shows an example of the policy rules that need to optimized, so you can improve the performance of firewall and its security level.

The following screenshot shows the result of scanning AFA reports that compliance with ISO 27001.

We've been using Algosec as our reference tool to clean our policies from old unused rules and objects and to assess rules that are categorized as risky so that we can fix those risks.

Firewall Analyzer from Algosec is our main tool for Firewall auditing and it makes our external auditors very confident on the way our policies are managed.

Fireflow from Algosec also helps us identifying which firewalls are on the way from source to destination when we need to open flows and it saves us a lot of time. We are still on our path to implement full automation of firewall policy creation with Algosec's Fireflow but the goal is to achieve it soon.

Since we deployed Algosec our Firewall policies which didn't have much maintenance over more than 15 years had their policies reduced to less than half the rules by using Algosec's Firewall Analyzer to remove unused rules, unused objects withing rules, compacting several firewall rules in one rule, etc.

We were also able with Firewall Analyzer to get risk reports of our firewall policies and start tackling them to close them or at least to be aware of its existance.

Firewall Analyzer is amazon in Policy Optimization and we feel we are much more secure since we have this product. If we add a rule that poses a risk we get an alert from Firewall Analyzer which is very important to us.

We are also starting to use Fireflow and our goal is to have the policy creation automated soon. For now we are already able to identify which firewalls are on the path between point A and point B and we are on the path to full automation which will reduce a lot the workload of our team.

The feature we find the most valuable is the Firewall Analyzer for the firewall policy audits and to show external auditors we have a process to identify risks and to tackle them. It's also very important for policy clean maintenance. 

This helps us know which devices are between the source and destination on the flows that we need to open for the business. The audit tools are also very important to us because we can easily have everything that needs to be presented to the security auditors.

We are in the process of implementing FireFlow for full automation which will save us time for more important things we need to to on daily basis that are not creating firewall rules. We aim to achieve the full automation soon.

In our case it would be very important to improve support to Dell switches and also some Juniper switches, which we have a lot of in our company network. This has been our difficulty for the full automation on the Fireflow. If all our network devices were Cisco I'm sure we would have the network map complete very easily and the full automation working with much less effort.

We already asked Algosec for the support of the switches we have that are not natively supported for the future versions and we expect that we are lucky enough for them to be supported on the next releases, although there are some ways of working around non-natively supported switches to complete the network map.

We have been using Algosec solution for more than 5 years now.

We never had issues so far in terms of stability.

The solution is very scalable and allows you to add all the firewalls and devices you need.

It is also scalable on the licensing as you can start by buying only the Firewall Analyzer license with which you can start onboarding all the devices and completing the network diagram so that Algosec's has the whole picture and know all the paths from network A to B.

After that you are ready to start using FireFlow and you can buy the license only when you are ready to start deploying it.

Sometimes it takes more time than expected to have answers for support tickets, but in general the customer service is good.

Positive

Not in our case.

The initial setup has been easy. The only difficult thing was the part in which we needed to onboard non natively supported switches. That part is a bit more complex.

We implemented with a mix of external company and in-house. The external team was helpful and had a good expertise level.

The time we save on our daily operations is very important. We could reduce the team size with this tool as we had a trainee almost fully working on opening flows.

It also allows us to detect risks on firewall rules and fix them, keeping the company network safe.

The price for the solution is not cheap but if you use it fully it will compensate in terms of securitization and in terms of time gained on the daily operations. It is also very helpful if your company is audited on the security part.

We heard about Tufin and Algosec, and after going through the specs we decided to go on a POC with Algosec and ended up buying it as it fitted our needs. We followed our Firewall integrator advice, who also recommended Algosec for our Firewall's park which is basically Fortinet and Check Point.

We recommend trying fully automation in a controlled environment before widely deploying it to the production firewalls. It's important to gain confidence on the product.

We planned to start with AlgoSec Firewall Analyzer and later procured FireFlow as well.

We deployed Fireflow as we have been migrating the Infrastructure to SaaS, increasing in multi-vendor engagements on multiple Network and Security layers and handling requests from roaming users ends.

AlgoBot has been enabled to few users to validate their requirements and requests on their own, which has helped them to understand their current access and to create requests that are very accurate and relevant.

With respect to the environment, it's distributed with various network and security solutions, with multiple zones and a maintenance team.

Over the period of two years, we integrated the AlgoSec Firewall Analyzer and FireFlow on multiple solutions including next-generation firewalls, web security, proxies, and other network devices.

On the improvement part, we enabled the common set of policies across firewalls and proxies. This tool helped us eliminate the requirement to have L3 engineer in our other data centers and our Tier 1 and 2 engineers utilize the solution well from the configuration and maintenance areas.

We simply pass over three to four external agency audits on various particulars which we spent more time on before onboarding the solution.

One of the most valuable parts for us is to achieve the compliance standards without ample strain and burden. Defined templates assisted us to make effective on following the internal processes and the industry standard.

It enhanced the complete workflow system within six months of deployment. We eventually onboarded by integrating with multiple solutions.

We performed regular audits internally to standardize and to pass the external audits effortlessly.

In simple words, this process empowered us to define a metrics among our industry and set the development goals clearly.

Support tickets and engineer assignments are one of the few concerns we are facing these days. Initially, they were hard to co-ordinate with the technical support team and the AlgoSec management team helped us to follow the defined Service Level Agreements.

We needed to directly communicate with the integrated solution TAC Teams, let say of Palo Alto or Checkpoint, and we needed to co-ordinate jointly for addressing an issue.

The AlgoSec support team came on a joint call to address the issue on time without saying "this is not my cup of tea" and by then we were happy about the support. This happened during one of our major migrations.

Our management is expecting us to set up a CXO/CISO dashboard from AlgoSec. It would be great for us if the AlgoSec team could assist in setting up the new benchmark.

We have been using this solution for more than two years.

Over the period of two years, we have seen multiple enhancements being made available inside the product. One of the new requirements is on containers/Docker/Kubernetes where AlgoSec really needs to focus. I am not sure about the availability of the latest support release, however, these are booming technologies and we require solutions like AlgoSec to support them.

Earlier it was good. Possibly due to the pandemic, we faced a couple of challenges in getting the support on time. That said, now it's getting better.

Neutral

Earlier we used to manage everything with our internal and vendor team, where lots of coordination was required. It was a long time-consuming process of gathering requirements and defining the best possible solution.

Since few of the solutions were being managed by outsourced team, it was challenging to make the solutions ready to integrate with AlgoSec during the deployment phase.

Some delays happened due to the lack of support by the external party. There were some delays due to upgrading products to make everything compatible with AlgoSec Analyzer and FireFlow.

Initially, we found this as a complex deployment. Later, it was easier than anticipated. We referred to the technical documents and AlgoPedia portal to understand more and deployed successfully within the proposed timelines.

Our in-house team took care of almost everything and the AlgoSec team did the governance.

We'd like the solution to share the complete Infrastructure details along with the business use cases with AlgoSec SE to evaluate and propose the best fit deployments and licensing.

Pricing-wise, AlgoSec still needs to support the customers.

We evaluated Skybox and Tuffin as well. Our internal team showed interest in AlgoSec right away, however, Skybox was a real challenge to differentiate.

Technical documentation and readily available solution blogs helped us to deploy the solution in a better way

AlgoPedia helped us in many ways - including sharing information on the new vulnerabilities, management of appliances, and maintaining the workflows (by providing enough insights to explore and understand).

I use AlgoSec for my firewall rule optimisation, compliance baseline auditing, firewall change reviews, etc.

AlgoSec has helped tighten the rules on my firewalls, reduce the risks or exposure, and also meet regulatory compliance.

I have found the firewall optimisation feature to be very valuable because most developers don't know the ports or services their applications are running. After running the rules on any services for a short while, AlgoSec helps get the right service ports and IP addresses.

The product or service could be improved by orchestration or automation that will help in changing the rule sets on the firewalls based on the detected used services/ports and IP addresses. 

AlgoSec has been very stable compared with its pairs.

The solution's scalability is impressive.

Service/technical support are good at their job and responsive.

No, I didn't.

It is quite easy to deploy and manage.

Implemented through a vendor and their level of expertise is high.

Worth every penny, and the value realisation is great.

AlgoSec is worth every penny for the value or return of investment. 

No evaluations. AlgoSec was recommended, and we got a trial version for a period.

None.

We used AlgoSec during a migration between firewall vendors. We needed a tool that could help evaluate the effectiveness of our existing rule base and inventory network objects.

Running AlgoSec helped us clean up years worth of obsolete rules and objects. This left us with a clean and up-to-date policy on our new firewalls.

• Policy risk mitigation identifies and helps tighten risky rules rendering the policy more secure. 
• The change management feature is great for environments with multiple firewall engineers.

The only thing I had slight issues with is the web UI which is a bit tricky to navigate. It can be difficult to find what you're looking for without having to click around for a bit, but once you get to know where things are, it's not bad.

This is the first solution of this kind I have used.

Setup is a breeze.

I did not evaluate any other solutions.

No.

• Firewall rule monitoring
• Consolidated report on unused objects and rules

We use this tool for rule monitoring and cleaning up the unused objects to improve performance. The risk team uses this tool to validate the existing traffic flow for their approval.

It is currently unable to export the report to a CSV file, and I look forward to seeing it in the next version/release.

I have used it for more than four years.

Deployment was very easy; the vendor-provided documentation was good.

Technical support is 8/10.

I was able to implement it on my own.

It's a very useful product and I highly recommend everyone having this product in place on their security infrastructure.