AlgoSec Reviews

We use the AFA to accurately determine rule use and where we can make improvements across our checkpoint estate. We have around 17 clusters of firewalls that are in constant use and frequently change rules.

AlgoSec has given us the confidence to remove unused rules, consolidate where appropriate, and prove reachability prior to searching a rule base to check access for an application or user. Breaking down a rule to specify used objects within groups and protocols used has proved invaluable for us to narrow exposure to potential threats.

A number of features are used more than others. We use the policy optimiser to search out unused objects in rules and determine when the rule was last hit accurately.

The risk and compliance area is key to ensuring we conform to company regulation. Having a number of compliance options to baseline ensures that we get the basics right before looking at advanced risks and remediation.

Finally, the traffic simulator can be used to check if a request from a user or project is already a function enabled or we have a full access change to implement.

• The maps are a little clunky and could be made easier with some automatic layout technology which assists in spacing out the devices for easier viewing.

It runs well with little intervention.

Good, it has the ability to add more devices anytime.

We use Bytes to escalate, and this has proved effective.

No. 

Straightforward, it needs to run for a period to ensure accuracy.

We used Bytes Security to assist in setup and initial optimization. 

Not really applicable.

Setup is easy; we use a VM to run it. Having knowledge in Linux is not a requirement but helps when required to update the software. Also, ensure the reseller has the ability to escalate any issues in case they can't fix it for you. Your licensing should cover the support of the product.

Yes, we looked at Tufin and FireMon.

Put it in, let it collect for up to 12 months and ensure you run regular reports. Only then can you be sure that you don't use rules. Remember, DR testing and failovers sometimes happen on a 6 or 12-month basis, and removing rules covering this will cause issues when you least expect it.

I use AlgoSec for my firewall rule optimisation, compliance baseline auditing, firewall change reviews, etc.

AlgoSec has helped tighten the rules on my firewalls, reduce the risks or exposure, and also meet regulatory compliance.

I have found the firewall optimisation feature to be very valuable because most developers don't know the ports or services their applications are running. After running the rules on any services for a short while, AlgoSec helps get the right service ports and IP addresses.

The product or service could be improved by orchestration or automation that will help in changing the rule sets on the firewalls based on the detected used services/ports and IP addresses. 

AlgoSec has been very stable compared with its pairs.

The solution's scalability is impressive.

Service/technical support are good at their job and responsive.

No, I didn't.

It is quite easy to deploy and manage.

Implemented through a vendor and their level of expertise is high.

Worth every penny, and the value realisation is great.

AlgoSec is worth every penny for the value or return of investment. 

No evaluations. AlgoSec was recommended, and we got a trial version for a period.

None.

• To change management of the rules
• History of changes
• Risk analysis and evolution of the risk factors over time.

• Transparency over the actions made in the rulebase by the different firewall operators
• Documentation of the rules.

The traffic simulation query helps to understand which rules match or don't match for a specific traffic pattern, helping troubleshoot application issues.

We use the "rules change notification" feature to inform the different firewall managers when someone made a change. The actual change comes in a PDF file attached to the e-mail, while it would be faster to have it directly embedded in the notification mail.

Depending on your network topology, the traffic simulator might have some hard time tracing the traffic path between your devices correctly. This has already been improved in the past but could still be enhanced.

The solution is very stable. Some caution is required when you do major upgrades on your firewalls to ensure that AlgoSec can still work with the new software release of the firewall.

The setup is very easy, as it comes as a virtual appliance you deploy in your own virtual environment. The setup is straightforward, and you can very quickly add your firewalls and start tracking changes, query the traffic simulator, and so on.

We used AlgoSec during a migration between firewall vendors. We needed a tool that could help evaluate the effectiveness of our existing rule base and inventory network objects.

Running AlgoSec helped us clean up years worth of obsolete rules and objects. This left us with a clean and up-to-date policy on our new firewalls.

• Policy risk mitigation identifies and helps tighten risky rules rendering the policy more secure. 
• The change management feature is great for environments with multiple firewall engineers.

The only thing I had slight issues with is the web UI which is a bit tricky to navigate. It can be difficult to find what you're looking for without having to click around for a bit, but once you get to know where things are, it's not bad.

This is the first solution of this kind I have used.

Setup is a breeze.

I did not evaluate any other solutions.

No.

I mainly use this application to check the flows. I work for a big company in the network team which needs to check the flows every day.

This application is very nice. We save a lot of time with troubleshooting the flows and we can detect in a few seconds what flows are right or wrong.

The AlgoSec Firewall Analyzer is for me the most valuable thing in this application. I don't know how much time we saved with this application, but I now know that without it, we would lose several hours every day solving networks incidents.

We also use the AlgoSec FireFlow to generate and manage the tickets concerning the flows.

I think that AlgoSec could improve the application by improving the treatment speed.

If AlgoSec could make few seconds less to analyze research, theses few seconds will be used by my team to be more efficient.

I mean, in the Traffic Simulation Query, it will be wonderful if Algosec could find a way to make the research faster than now. In fact, we are often waiting arround 1,30 min to see the results.

Maybe something can be done to make this reasearch faster?

No, it is my first application for this kind of work.

It was not my work to choose this solution; a project team did it.

Our primary use case is to clean up firewall rules of migration from Cisco ASA to another firewall vendor. We try to get rid of old rules and get these converted into new rules which apply better to our environment.

It tremendously improved the security of our organization with much better and efficient firewall rules. We saved a lot of time using this tool to get the rules clean. Also, the overview of the network topology map is a very good thing to get a clear view of every single region in your network.

The best feature is, in my opinion, the firewall analyzer. Just let the tool analyze the traffic for a few days or weeks, and you will get perfect ideas on how to improve your rules and which rules are just unnecessary or too spacious. So getting a better security level by better firewall rules is just what you want to have if you're using a firewall. Otherwise, it would not make sense to have a firewall, right?

A nice feature as well is that it gives a compliance report on each of your security devices. This helps a lot to get an overview of every single security device in your network and its status.

The versioning is a bit weird. We used to use version 2017 which is quite current, but it looks like it is a 2017 version. As far as I know, they want to have this changed soon. Nevertheless, this is something which definitely needs to be improved.

We use AlgoSec to manage our firewalls and to manage our firewall ACL change workflow. We also use AlgoSec to get better visibility into our traffic flows, to optimize our firewalls rules, and to analyze risks.

AlgoSec has greatly improved the time and resources spent on creating and deploying our firewall rules. Our network and security teams can now smartly research our ACLs and implement them with confidence.

We found the traffic simulation query, active change, policy optimization, FireFlow, and map features to be especially helpful. All the other application features are valuable as well. We have yet to fully unleash its full potential.

The tech support and ticketing system could use some improvement and need more of a personal touch.