AlgoSec Reviews

Firewall analyzer and traffic simulation based on configuration analyzer of all rules on the firewall. Implementation of new rules without the need for manual configuration of rules on all firewalls in the traffic path.

It helped to improve our automation and simplified the configuration of new access rules.

In our experience, AlgoSec need to improve the integration of firewall vendors, because at the moment they don't support all vendors that are out there. 

Algosec Firewall Analyzer has a feature called 'Implement on device' which automatically creates access rules based on your request and sends it to the appropriate device. At the moment, this feature can not be implemented on Fortigate firewalls or Juniper EX switches which act as a layer three device with ACL's etc. I mean they need to improve interoperability with more vendors in order to automate access rules modification on these unsupported yet equipment.

I've used this solution for approximately five months.

According to my colleagues who implemented it, there were some problems during the implementation. They contacted their support team who provided us with good support and we were able to get it implemented.

We had no issues with the performance.

It's been able to scale for our needs.

I wasn't involved in the original implementation.

It's an amazing product for those admins who have huge variety of firewall vendors and would like to be able to automate the implementation of new firewall rules for access across the network.

• Firewall rule monitoring
• Consolidated report on unused objects and rules

We use this tool for rule monitoring and cleaning up the unused objects to improve performance. The risk team uses this tool to validate the existing traffic flow for their approval.

It is currently unable to export the report to a CSV file, and I look forward to seeing it in the next version/release.

I have used it for more than four years.

Deployment was very easy; the vendor-provided documentation was good.

Technical support is 8/10.

I was able to implement it on my own.

It's a very useful product and I highly recommend everyone having this product in place on their security infrastructure.

The reports for the policy optimization are the product’s most valuable feature.

It provides better performance on our firewalls.

• Filtering in the reports
• Adjusting parameters for reports
• To be able to generate custom-made reports

For example, it would be nice if you could define a report to show the unused objects for a specific timeframe. Now, it’s for the whole log period. Or, another example would be: deny rules that have been adjusted in the last 90 days.

I have used it for about two years.

I have not encounter any deployment, stability or scalability issues. It runs very smoothly.

Technical support is very good, providing fast responses and good knowledge of their product.

Initial setup is very straightforward and it is easy to implement.

We did it in-house, as it’s easy to install on your own.

Just try it and you’ll see where the problems are in your firewall. You can easily request trial licenses.

With a network like ours - more than 100 routing points with around 6 VRF on each - traffic simulation query is one of the most valuable feature on AFA.

For FireFlow, workflow customization and active change are the best features.

In BusinessFlow, the ability to simulate documented flow against configuration by AFA is the best feature to limit differences between documentation and production.

This product allowed us to identify unused rules more easily and doing this simplifies policies in our firewall. We now have documentation of our application with objects sync with real configuration. Our approval in change management has been improve through FireFlow and errors have been reduced through change advised and active change. We also save time by identifying earlier than usual routing issues associated to a change request.

A lot of areas have room for improvement!! This product is still young and in constant development. Interaction with a lot of vendors generates a lot of firewall options (specifically, a timer on services, application control, and so on...). This interaction also generates a lot of bugs in the product. Every new version contains about 10 to 20 bugs for our environment. This is partially explained by the fact it has to understand all of the architecture and specificity associated with all of the supported vendors.

A few of the bugs are:

• Services composed with something else other than TCP or UDP are not well-handled and not working in simulation queries. (For example, AH or ESP or EthernetOverIP.)
• Traffic with same objects in source and destination are not working.
• When NAS is used to store reports, we have had a lot of bugs associated with wrong URL encoding.
• Role assignment with multiple LDAP issues.
• Some file cleanup not working as expected.
• Active change is available for only a few vendors.
• BusinessFlow doesn't offer auditing regarding object management and with a lot of application and managers, it quickly becomes an issue with duplicated objects and so on.
• There are also gaps in access right management.

I have been using it nearly two years.

Every version came with its bug bundle... In two years, we opened 50 cases and about 40 of them escalated to development for resolution. This situation is also explained by complexity of our architecture.

I have not encountered any scalability issues. Each version usually improves performance and the amount of required disk space.

Technical support is 7/10; quick to give a new version solving the issue but long to identify the issue, even when it seems to be identified from the beginning.

For example, more than a month ago, we identified a wrong link associated to NAS configuration. We can clearly see that the wrong link was being generated, pointing from the NAS directly to the NAS repository, instead of a symlink. It took more than a month for support to accept this and to escalate the case to dev. After dev escalation, we are expecting a fix on Monday. So, it took four weeks to acknowledge the issue and two weeks to be fixed by development.

We did not previously use a different solution.

Initial setup is straightforward; some custom options can be tricky to set up, but will not be used by most customers.

Be careful with VRFs. One router with two VRFs consumes two licenses. So a new VRF configured on all routers will double the number of licenses required on routing elements.

We benchmarked Tufin before choosing AlgoSec. We chose AlgoSec over Tufin for its capacity to be more customized and its support for MPLS and VRF.

Offer me a job. ;) I will help you set it up.

More seriously, test it with caution through a POC to be sure that all your architecture specifics are addressed. If not all of them are addressed, ask for a commitment regarding support of missing features and ask for those commitments to be written down before ordering.

* Network map - to see how firewalls and routers are connected.

* Traffic simulation - to emulate traffic through the rule-base and see if you need to open additional ports/services.

* FireFlow - to order new firewall openings.

* Less overhead on the network security department since the user can verify the rules themselves.

* Risk profiles helps find disallowed traffic.

* Policy cleanup feature is really good for removing unused rules, etc.

* More unified UI

Since 2013

AlgoSec AFA provides visibility and enhancement opportunities on the firewalls. You can observe risk trends, regulatory and baseline compliance, as well as live changes and change history.

AlgoSec improved our firewall visibility and related control points.

Needs continuous improvements in all areas since firewall vendors are improving their products and the IT security industry is definitely improving itself.

3 years

Deployment is easy, no issues at all.

No issues so far.

8/10

8/10

No previous solution

Initial setup and deployment was straightforward.

We got help from a partner, 8/10

We evaluated two other vendors in addition to AlgoSec.

The firewall analyzer allows for a quick and consistent method of reviewing your firewalls ruleset for security, compliance, and peace of mind. The ability to review and understand your firewall topology, run reports and have the ability for practitioners and auditors to review our security posture, gives us a sense of calm within this area of security.

Adding AlgoSec as a process into our network, compliance, security, and audit teams allowed for quick turnaround on any issues that arise regarding security rulesets. We often find these issues before they are pointed out to us, which leads to a quicker turnaround from compliance, but more importantly from a security mindset. This tool is used as part of the M&A process to analyze any new companies looking to incorporate our network. It's become one of the indispensable products we can't live without.

I would say cloud is an area for improvement, but AlgoSec in is that market now, too. I do want to see, however, the ability to set up an instance within the cloud instead of having to use physical appliances.

I've had no issues with deployment.

It's been stable for me.

It's able to hit all the devices that I've put it up against and it was able to find rules that put our organization at risk.

The technical support is standard. They do a good job and understand the product.

It's head and shoulders above all the competitors in the field. They're the ones pushing the boundaries of the market.

• It can identify the policy rules in the firewall that have a high risk and could have an impact on network infrastructure.
• It suggests solutions to these issues, and provide compliance reports by standardizing PCI-DSS, ISO 27001, SOX and more.
• It can monitor policy changes, and who made those changes.
• It generates a topology of the network when it has scanned the network.
• Using the network mapping, it identifies bottlenecks.

We have improved the performance of the firewall to handle requests and responses to/from clients as reduces the number of policies that are needed when the network is exposed to high risk.

They need to improve auditing of IP tables, as only monitoring them does not reduce their vulnerabilities.

I used it for nine to ten months.

No issues encountered.

It is quite stable for 24-hour network monitoring.

There is no problem in the process of scanning and monitoring firewalls, and IP tables in
considerable quantities.

8/10 as they were quite fast in responding to my issues.

10/10 as the technical support provide assistance if there is a problem via both email and telephone.

I have not used a different solution previously.

The initial set up is a bit complicated, because you have to open special ports in the firewall, and give open access to be able to read the configuration topology mapping in the firewall. This means that the process of scanning and monitoring AlgoSec can run smoothly.
Unlike the case with the initial setup for monitoring IP tables, you must use the root access serve (sudo su) so that the process of scanning and monitoring AFA could run smoothly.

We implemented this in-house.

The advantage is that it can really optimise configuring firewall policy rules, and can
reduce the configuration that is vulnerable. It can provide solutions to make policy rules more simple and efficient.

If you want to conduct an audit of firewall and want to optimize the configuration, you can try and use AlgoSec.

I didn't evaluate other options.

Be patient and careful when doing the initial configuration of the firewall with AFA, but after the process is completed, everything has to run smoothly.

An example screenshot of network mapping results from AFA. Network mapping can
be useful also to detect if there is a connection network traffic is interrupted and can assist in documenting the topology that is owned.

The following screenshot shows an example of the policy rules that need to optimized, so you can improve the performance of firewall and its security level.

The following screenshot shows the result of scanning AFA reports that compliance with ISO 27001.