AlgoSec Reviews

I mainly use AlgoSec for policy change management and to intercept dangerous changes to firewall rules.

In the past, policy changes were applied, but not always with the correct approval. Because of this, we ended up with huge holes in the rule base.

Multi-vendor feature in a multi-vendor environment is a must. Ensures changes adhere to internal and regulatory standards.

Today, we don't dare push the new policy automatically, We don't have confidence in this feature.

No.

Yes, Tufin.

• Centrally manage firewall flow requests
• Approval/implementation and validation
• We can easily make our firewall flow change requests using the web interface.

It would be great if the product could be more simplified when defining the rules.

Documentation could be added to the tools, then generate documentation and send it to the relevant people.

• Workflow: Users utilize this tool to make their change requests, then once it is approved by a security team assessment, the network team will implement the changes.
• Troubleshooting: Tracks the flow and sees where it is blocked.

Automate the change documentation in MS Word format. Therefore, we can customize it, if needed.

This solution was implemented to provide risk analyse, audit on rules, and changes, as well as giving visibility to the application or project manager on firewall rules that are linked to their servers for a massive datacenter migration. 

For a massive migration, it permits project/application owners to estimate and anticipate changes which are needed autonomously and only involve the security administrator for implementation of the rules. This permits us to save a lot of time and make some firewall policy clean up. Then, when we add firewall change requests to management through this tool, it decreases the time for design and implementation significantly.

The Firewall Analyser feature is the most important and valuable part of this tool. This provides quick and simple visibility on the firewall's risk assessment in regards to compliance's referential that can be also customised to fit our organisation's requirements. 

Improve the dashboarding capability for FireFlow which is currently very limited in terms of presentation and customisation. 

Not really. Sometime after the version upgrade, a few bugs appeared. 

Not yet. 

At the beginning, support was good. 

Now as support is composed of several levels, default standard support at Level 1 is to answer by upgrading to the latest released version, if you are not using it yet.

We did not have such a tool before installing AlgoSec for a firewall policy audit with reports. We had a homemade tool for change management.  

Find a good integrator.

We went through a vendor team. His expertise was medium.

We evaluated differents solution when launching the project, like Tufin. This one was the most mature.

We use AlgoSec FireFlow and AFA modules for risk analysis, audit, and change management to enforce appropriate security compliance.

It has streamlined our processes for access and firewall management. It is used by all the IT user community internally and by our service provider who is in charge of our IT run activities.

AFA and FireFlow modules are the one that we use. 

• AFA provides project teams with a simplified way to obtain the status on their current rule set. 
• Fireflow is used for our change management process and is linked to our CP FW. 

Integration to cloud ITSM tools, such ServiceNow.

Be able to automatically analyze application traffic with machine learning capabilities and propose simplification for rule set optimization.

• Templates
• For baselines PCI-DSS

We now have baseline and rules checking.

It would be nice if it was more variable when checking virtual domain baseline in the same way as Fortigate's firewalls do.

I've used it for one and a half years.

We had issues with the clusters.

It's slow to synchronize a database that is not synchronized.

No issues encountered.

It's good.

It's good.

No previous solution was used.

There were some issues when setting up the cluster and getting it to synchronize properly.

I did it myself.

You need to be able to script and have skills using Linux.

• Traffic simulation queries allow an engineer to simply find all firewalls involved in the path between a source and a destination on a given service. AlgoSec allows an engineer to issue their own traffic simulation query to be tested against a single device's policy, or against a group of devices. When running a traffic simulation query on a group, AFA finds the devices in the path of the traffic and queries all these devices. Querying the policy or a group of policies produces an AFA report that shows whether traffic of the given service is allowed between the source and destination. If traffic is blocked by the device, you can then find out which rules block it.
• The change history feature provides detailed information about changes to the device, over the entire history of AFA reports for the device. The information is divided into policy changes and risk profile changes.
• The optimize policy feature allows an engineer to find out which rules are redundant, unused or already covered by other, more general rules. We can find:
  
  • Unused rules
  • Covered rules
  • Redundant special case rules
  • Consolidate rules
  • Disabled rules
  • Time-inactive rules
  • Rules without logging
  • Rules with empty comments
  • Duplicate objects
  • Unused objects within rules
  • VPN cleanup
  • VPN analysis report
  • Unused rules
  • Unused objects within rules

We can optimize and produce reports for 744 firewalls from different vendors (Check Point, Juniper, FortiGate, and Cisco) with one application.

We have requested improvement to VRF functionality on Cisco IOS and Nexus L3 devices and to support Juniper routers.

We have discovered that AlgoSec doesn’t work with loopback interfaces. We use OSPF and BGP, which run over multiple Virtual Routing and Forwarding (VRF-Lite) instances and, in some cases, distributors are connected to the core via loopbacks routed by an OSPF instance and a BGP address family. AlgoSec doesn’t recognize those loopbacks as a route, so it doesn’t find a route to the destination. This behaviour makes the “traffic simulation query” feature unusable in our environment.

3 years

I have not encountered any stability issues.

I have not encountered any scalability issues at all.

7

The level of technical support is good.

I did not previously use a different solution; we have been using this solution since 2012.

I don’t know if they evaluated other options before choosing this product.

This product only supports L3 devices such as Cisco IOS and Cisco Nexus, so if your primary network is based on a different technology, AFA wouldn’t be the best choice.

FireFlow, because you cannot override policies.

We have been able to add more vendors to support.

Validation: Many times I have to generate a report to validate tickets. When I try to verify an AlgoSec ticket that has been implemented, I have an option to validate the work I did. Many times, it has not worked immediately. I have to generate a report based on which I can check my work.

After implementation new rules on firewall algosec is not immediately aware about it. I have to make synchronization between algosec and firewall. In algosec is called analyze firewall. It is possible schedule this analyze more often but it consuming a lot of device resources like CPU, memory etc so I have this analyses one per day. After this analyze I am able make validation of implementation which I did because algosec can see rule which I added.

I have been using it for five years.

Technical support is quite OK.

AlgoSec provides different types and levels of support. I recommend asking about 24/7 support and being careful when deciding which support to buy.

Initial setup was straightforward because we got support from vendor.

If you are implementing it for the first time, it is good to ask vendor for help.

It is a good product to use.