What is our primary use case?
As an administrator, I ensure the platform works as well as possible. We are responsible for everything on the platform, such as onboarding and offboarding devices and managing the information on there, access, etc. AlgoSec has a good security component, but we primarily use it as a network and firewall appliance. It communicates with firewall and router vendors and integrates well with major vendors, such as Palo Alto, Check Point, and Cisco. However, it has some limitations with other vendors. It depends on the brand, but all the vendors we use work well with AlgoSec.
We use AlgoSec Firewall Analyzer, FireFlow, and AppViz. All of our AlgoSec devices are on-prem. We average about 15 users daily, at least. We divide AlgoSec users into requesters and actual users. Requesters have limited access to only FireFlow, where they can make a request. We have about 100 requesters and 20 direct users from the network, security, and other teams.
How has it helped my organization?
AlgoSec made troubleshooting much more manageable. For example, we can quickly determine the cause of routing issues and do traffic simulations to discover if something is open. It helps us perform analysis faster. That's one of the significant advantages.
AlgoSec simplifies the work of security engineers in two ways. First, it simplifies approvals. Every time a flow is requested, it goes to security for approval. The security team assesses the risk of each request and makes a decision based on that. Second, it made audits easier because analyzing firewalls and permitted traffic is effortless. All these little aspects don't seem like much, but they add up. We have lots of audits. The risk metrics help us to identify specific risks as long as we can define solid risk metrics. If that doesn't work, you can also use the API to gather much of that information.
FireFlow provides multiple ways to create tickets involving numerous teams. Our existing ticketing solutions are not as easily configurable. They have some more restrictions. AlgoSec is a significant improvement. It has considerably reduced the time we spend implementing firewall rules. For example, we had previously implemented some rules manually and others via FireFlow. We started to use FireFlow for all of them. Because even if the network review on FireFlow isn't as accurate, it's still a net reduction compared to the time it would take to implement everything manually. It's worth it to spend a little more time analyzing everything. We can select the firewall and let FireFlow take care of everything. It's not comparable because we can press a few buttons, and everything is done.
AlgoSec reduced human error and misconfigurations, especially in terms of firewall implementation. AlgoSec doesn't make many mistakes. Implementation errors are rare. For example, let's say that we are trying to analyze something. Creating things by hand requires us to look at a file with 25 lines. It's easy to forget something, but AlgoSec doesn't forget anything.
AlgoSec provides us with all the information, and we have to check to see if it's working correctly. Of course, it's not perfect. Sometimes there's some routing missing. When it doesn't implement something, AlgoSec usually informs people it's not going to.
My company is a massive enterprise with several DCs globally and various types of environments. In addition to those DCs, they also have several subsidiaries, so it's a giant network. We work on incorporating all these environments into a single pane of glass using AlgoSec. Previously, every DC had its own AlgoSec, but we're currently merging them all into a single global AlgoSec because it's best to have everything in one place managed by the same people. It will enable us to control and standardize everything. It's also better in terms of visibility.
We have integrated AlgoSec with Cisco ACI, but I wouldn't say it adds much. ACI is replacing our previous architecture, which was also Cisco. It's mostly the same. The way AlgoSec collects information hasn't changed much. ACI is good at organization, but it doesn't add much to AlgoSec's security functions. AlgoSec comes in handy during cloud migration.
When migrating to the cloud, we typically extract information from old servers and provide that to the migration technicians so they know what they need to open for the new server. If the migration goes well, we aren't usually too involved with it. Afterward, if they find issues, we can help detect them and understand why something is missing.
What is most valuable?
FireFlow is great. In a company that gets a large volume of requests to open firewall rules, it's helpful to have one place that summarizes the requests, enabling you to clearly understand why they need to be implemented and also implement them. Firewall Analyzer can help you identify missing routing or check information on the firewall without the need to log into a firewall or router to check the routing. We have all that access in three clicks.
AlgoSec provides excellent visibility. We can easily see our devices, how they're connected, and what information is on them. AlgoSec allows you to define your own risk metrics based on a set of rules. It gives you a report based on that, so it's highly customizable.
What needs improvement?
A few features could be more customizable. For example, one of our issues is related to the comments. When using FireFlow and ActiveChange, the comments by AlgoSec can be changed, but they always have the FireFlow number first. That's mandatory. It can be a bit bothersome because that's sometimes not exactly what we want. The templates we use have some scripts running in the background that aren't easy to change or remake.
These options could be improved. Some features take time to learn and understand. It would be hard to figure out without AlgoSec support. Every bug or every problem we encounter is challenging to understand and fix without them. We try to solve our own issues, but sometimes we can't, and we need AlgoSec support.
For how long have I used the solution?
I've been using AlgoSec for a year and a half.
What do I think about the stability of the solution?
I think the solution is pretty stable. There has rarely been an instance when we needed to reboot to fix something. It has happened, but it's uncommon. Overall, I would say it's highly stable.
What do I think about the scalability of the solution?
The scalability is excellent. We are changing the architecture, including the remote agent. It has been easy to scale like this.
How are customer service and support?
I rate AlgoSec support a six out of ten. Our experience has been inconsistent. Sometimes, support is fast and clean; other times, not so much. Occasionally, they take a while to respond or provide an inadequate workaround instead of a solution. It also depends on the support we purchase because AlgoSec has different levels. The premium levels have 24-hour support.
How would you rate customer service and support?
How was the initial setup?
I wasn't involved in the initial setup, but we had a migration in which we changed the server where it was hosted and changed the architecture a bit. It was pretty simple. We had the support of AlgoSec engineers, so it went smoothly and quickly. We have two platform administrators and a third person who is the product owner. He helps us a lot, especially with the bureaucracy and everything, but we can primarily manage the solution well with two people.
What was our ROI?
We've seen a return on investment. We continue to use AlgoSec a bit more each day. We're not investing more in AlgoSec monetarily, but we're investing time into learning its features so we can use it to the fullest extent.
It comes down to the amount of work AlgoSec reduces. The volume of flow implemented monthly would be challenging to handle manually. It would take much longer to analyze and execute. Not counting security, one guy using FireFlow is enough to implement requests these days. One member of the network team and one person from security can implement all the requests within our SLAs. I'm unsure how many people we would need to do that manually. It would probably take five times as many people to do the same work. That's not even counting all the security and troubleshooting benefits AlgoSec provides.
What's my experience with pricing, setup cost, and licensing?
I know AlgoSec can be expensive. I've heard from some of the platform users who worked at other companies that wanted to use AlgoSec, but it wasn't within their budget. Large enterprises can use it if they have a huge network with several devices. It's worth the cost if they spend a lot of time auditing and dealing with security concerns. It pays off in the long run.
You must pay for the basic AlgoSec license and the number of devices onboarded. There are licenses per firewall and network device. I believe you also must pay extra for firewalls with ActiveChange. I don't know the precise figures because I don't work with them, but I think they change.
What other advice do I have?
I rate AlgoSec a nine out of ten. It makes life easier. Without AlgoSec, you need to deal with one or two layers of extra work, doing tasks manually and logging into devices to run commands. It simplifies a lot of daily work. I've grown accustomed to the ease of use, so it'll be hard to adapt if I get a new job at a place without it.
The solution is excellent, but you need to customize it for your own purpose. Before I joined this company, the previous administrators worked closely with AlgoSec support to build the platform to their specifications. They were the ones that customized what we needed. After that, everything is straightforward. There are a few tweaks here and there, and everything is good to go. The biggest hurdle is getting started. It's good to work with support. If not, we'll constantly be dealing with modifications, bugs, errors, and stuff that doesn't work. Getting the platform right in the beginning makes it a lot easier.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.