IT Central Station is now PeerSpot: Here's why
ChristopherWalsh - PeerSpot reviewer
Vice President Head of Information Security at CorpBanca
Video Review
Real User
Top 20
Gives us the ability to dig down into details and work at a level above the skills that we already have
Pros and Cons
  • "The most valuable is helping us determine where our rules are too permissive. Based on previous human review of our rules, they are very cursory. We know why we do something, but we don't get into the details of whether the rule is nice and tight. What Firewall Analyzer lets us do is understand the risks presented by our rules. The tool does a calculation of all the traffic that could be allowed and we can match that to whether it should be allowed."
  • "We are using AlgoSec directly against our Cisco Firepower. At first, AlgoSec didn't work with Firepower. It didn't know how to read the logs. So, improvement has been made. Now, the feature that was available on the older generation firewall is available on the current one, but this is a problem which has already been dealt with."

What is our primary use case?

Our primary purpose right now is Firewall AlgoSec Analyzer so we can ensure that our rules are nice and tight. We also use the configuration report to make sure that the firewall configuration is nice and tight. 

We are starting to use modeling. AlgoSec Firewall Analyzer enables us to input details about what we would like to do to see what firewall changes would be required, if any. Also, if we are having problems with getting an application running across the network, then we can use that to establish what firewall rules might be giving us problems.

As a small branch office focused on wholesale banking, we have a very flat network that we are trying to improve upon. Over the course of last year, everything has been flat and accessible. Now, we are breaking into VLAN segmentation. That is where Firewall Analyzer will really come into good use, because it will help us to limit the traffic to only what is necessary. 

We have some cloud. Our core banking is with a different organization, which is in the cloud. We also have a couple of other treasury cloud applications in the cloud. However, a fair amount of our network is within our data center and office. So, we have a hybrid model.

How has it helped my organization?

We are very simple. The benefit of AlgoSec Firewall Analyzer right now is to give us skills that we don't already have with our people. Also, when we get into our periodic reviews, AlgoSec enables us to do it without adding additional staff. Something that we are not able to do because that is controlled in the Chilean head office. So, we need to make the best use of the best tools to secure our environment with a minimal number of people.

AlgoSec reduced the time it takes to implement firewall rules in our organization. Before, our firewall rule review was always done manually. When we installed the appliance and ran the report, we quickly found half a dozen areas where we were more exposed than we needed to be. The manual process used to go on for weeks. The AlgoSec process right now, as we develop and become better with it, takes only a matter of two or three days. We can have a good solid review, then we can get into very specific details about any rule or configuration with the objective of ensuring least privilege. Only the things that are needed to support business activities are allowed.

We are a regulated industry: financial services. We are obliged to at least annually review our firewall rules for risk. Are they too permissive? Are they not needed? Because we have this tool, we can now do that once a quarter. Before, we only did it once a year. 

We are a small branch of a much larger organization in Latin America. The rules that were set up allow free flow of information back and forth, i.e., network connections. Right now, with ransomware being what it is, we are starting to review those rules because they are too permissive. Another way that AlgoSec is helping us, internally, is working with our head office to make sure that they are treated with least privilege. Something that is not normal. Something that didn't happen, "Just because."

I have been with this organization for about two years. All the wide-openness of the network communications was just a bad event waiting to happen. AlgoSec Firewall Analyzer has given us the great ability to dig down into the details and work at a level above the skills that we already have, making sure that we are in a process. It started months ago and will continue for seven more months. That network traffic in and out of our perimeter is the least that it should be.

We work with multiple security vendors. For just IT alone, we have three primary vendors and a couple others that pitch in when needed. AlgoSec Firewall Analyzer helps us to make sure that we allow only what they need and that we keep them to the internal assets. They are external third-parties. We have high assurance that they are only able to access network assets that are part of the contract. Another vendor manages our firewall. The reason we have them do it is because we don't have the expertise amongst our people. So, the addition of the AlgoSec Firewall Analyzer enables us to have the intelligence of what is good and what is less than good. Thus, we can help keep that third-party on the rails, that they are doing good things for us, and we have the evidence to prove it.

We are getting into using AlgoSec to implement and manage micro-segmentation initiatives. One of our audit concerns was the flat network, and we started to work based on what we already know to create a test segment. However, AlgoSec is helping us to validate the traffic that will be allowed into that new segment, restricted to only that which we need. No sense in creating an isolated network if bad things can still flow back and forth between test and production. So, AlgoSec is a tool that is helping us make sure that we have all the isolation that we need. But, because of the syslog counters, we can also tell over time whether we did a good job in the first place and whether the remaining rules that we configured to be nice and tight are still needed for business purposes.

What is most valuable?

The most valuable is helping us determine where our rules are too permissive. Based on previous human review of our rules, they are very cursory. We know why we do something, but we don't get into the details of whether the rule is nice and tight. What Firewall Analyzer lets us do is understand the risks presented by our rules. The tool does a calculation of all the traffic that could be allowed and we can match that to whether it should be allowed. Another thing that we have recently started to do, but only about 100 days ago, is collect syslog events from the firewall that now tell us whether the rules that might be well-configured are actually being used by people or traffic. Our next step will be to start eliminating well-formed rules that just aren't needed.

The overall visibility that AlgoSec gives me into our network security policies is perfect. We think about separation of duties. As the information security officer, I shouldn't be logging into the firewall and playing around. What AlgoSec does is give me the ability to see everything about the firewall: its rules, configurations, and usage patterns. It gives me all the visibility that I need to make sure that we are doing what we should do to keep it tight. There is no perimeter anymore. We have to be very careful what we are letting in and out, and Firewall Analyzer helps us to do that.

Another very useful feature of the AlgoSec Firewall Analyzer is it will alert us to changes in firewall rules and configuration. So, we have a third-party who manages our firewall. AlgoSec gives us notification, if they go in and make changes either to the configuration or rules, so we can keep track and make sure that only authorized changes are occurring.

What needs improvement?

We are using AlgoSec directly against our Cisco Firepower. At first, AlgoSec didn't work with Firepower. It didn't know how to read the logs. So, improvement has been made. Now, the feature that was available on the older generation firewall is available on the current one, but this is a problem which has already been dealt with.

For how long have I used the solution?

I became familiar with AlgoSec Firewall Analyzer way back in 2004. I was trying to do some independent consulting, and part of that is a good firewall review. So, I started to look for tools. That is when I had my first discussion with AlgoSec. Since then, I have used it a couple at different organizations, including the one where I work now. It has been quite helpful with making sure that our firewall configuration is all that it should be.

What do I think about the stability of the solution?

It is set and forget. I don't have a lot of Linux or Unix experience, at least not in the last 20 years. So, that has been removed from me. The appliance comes and we connect to the command line. Anything I need to do is menu-driven. So, it is easily maintained by people whose skill set changed from hands-on to management quite awhile ago.

What do I think about the scalability of the solution?

Scalability is not something that I have had to concern myself with right now.

Currently, we have five people who use it to either tune the rules or find out answers to questions about the network and flows.

How are customer service and support?

We have a customer success manager, Matt, who is terrific, very responsive, and always there for us when we need it, providing quick answers. This also applies to the support desk if we raise a ticket. I did have a problem after we installed the A32 version, where I was getting some errors in the email. The engineers got into the code and found some code that needed to be corrected. I don't remember exactly what the problem was, but it took less than two hours to find and correct it. So, the support has been superb.

Which solution did I use previously and why did I switch?

At this bank, it replaced the manual solution, where if you were not a Tier 3 Network Engineer, then you were probably not going to be able to get into the details and nuances of any of the rules and configurations. So, they get glossed over. The firewall review done manually is more of a sanity check. "Do we need the rule at all?" is really the question that gets asked, not whether the rule is done correctly to support privilege and least access.

How was the initial setup?

The setup was quite easy. 

if I were to take out the fits and starts that were our responsibility, the installation was less than four hours. Then, the upgrade was done because we went from version A30 to A32. That took about an hour and a half. It was very simple and straightforward. Now, when I need to do regular releases, i.e., patches, I can do them myself. It is menu-driven. It's pretty easy.

What about the implementation team?

AlgoSec's support was there for us. We worked with them. They did all the heavy-lifting. It was easy to schedule as well as very flexible, as we got our act together. Organization is important. 

One staff member would have been sufficient for deployment and upgrades, but I made sure that our IT staff population representation was there so they understood the tool, where it was going, and how it would be used. However, it easily could have been done with only one person on our end.

What was our ROI?

In the end, I did a calculation. When I think about the number of people, when we did the manual way, who had to be involved, and how long did it go? Did we risk being out of compliance with regulations? There is a big cost to that. It is cheaper operationally to work with AlgoSec than to try to do this manually.

AlgoSec has absolutely helped to simplify the job of our security engineers. It gives us a level of expertise that we didn't have within our own staff. AlgoSec showed us that what our staff could do wasn't good enough. So, it is a force multiplier. It enables us to have the expertise that we don't have, but it also gives us the cycles, e.g., the actual ability to extract the rules, evaluate them, and then assemble them into a form that we can present to auditors and regulators, if needed. This greatly helps us. As a tool that has so many features, there are certainly more that we can grow into, but the ones that we are using right now have been of a substantial value to us. This is even being commented by our auditors from one review period into another.

The staff enjoy it. There is always that dynamic between security and IT. IT has projects to do and serve the business. Security isn't quite seen in that same light. So, they enjoy it because they don't have to spend the time to go through the rules, trying to reverse-engineer what is going on, and it takes care of a lot of the documentation for them. It keeps them in the zone that they are used to working with the correspondence that belongs to the rule, allowing them to understand the details. This has helped us understand ourselves better, how we operate on the network layer, and saved us the time of actually doing the rules. So, we are much better with our compliance, audits, and regulatory requirements, but we are also better in our security. Two things that an ISO always has to be concerned with - compliance and actual security. This tool acts like another person on staff, increasing our ability to be very fine-tuned on rules. We will be using it for a while to come.

What's my experience with pricing, setup cost, and licensing?

I am a fan of AlgoSec for its pricing. As a small branch, getting any amount of money, is very difficult. Less than a thousand dollars, that will take some effort for two reasons:

  1. Asking for money.
  2. It wasn't in the budget. 

The price came in where we really didn't even need to have much of a discussion. That was very good. There are also options regarding what you want to pay for. It wasn't really pushed on me that I have to get all of it or else I can't be an AlgoSec customer. 

There are training and support levels that come in beyond the product itself, and we did subscribe to the training. We also have the support. The pricing has been very approachable, and that is why we have it here.

Which other solutions did I evaluate?

I have looked at other options along the way, like Skybox. AlgoSec came to the market before the alternatives did. When I become aware of it and something is good, I stick with it. Why change? 

I went to the Gartner page and looked at who the competitors were. I looked at customer reviews and things like that. However, because I have had such a good experience with AlgoSec Firewall Analyzer, I continue to use it. I have found no reason to go with any of the other alternatives.

Our local policy is that I have to be able to compare at least three products when I go to management to ask for money. I did exactly that. I took three alternatives and brought them to our management team. I explained the whys and wherefores for why I was promoting AlgoSec. Now, we have it here in our environment.

What other advice do I have?

I would recommend, "Do it," in regards to implementing AlgoSec. I wouldn't have been with it since 2004 if it wasn't among the best tools. I have tools in vulnerability scanning and SIEM/SOC as well as tools for authentication. There are a lot of tools. As a security guy, I have been doing this since 1997. When you find a product that delivers, you stick with it, and AlgoSec is that type of product.

I have been so pleased with the tool. It sounds cliché, but I haven't gotten to a point yet where the tool hasn't provided for me. This is why I always come back to it. For an organization as small as ours, it gives us a tool that is affordable, easy to implement, and the expertise that we were lacking.

When I need it, it is there. If I have a question about an endpoint or protocol, I am trying to resolve audit points about what ports are listening and why, or I have to figure out how to isolate something more than it already is, AlgoSec is the tool that I go to first to get information and answer some of these questions. In most cases, all the details and rules are all right there. It has been great.

I have seen the capability for AlgoSec to enable us to manage multiple or dispersed environments in a single pane of glass. Because I am such a supporter and have seen the value that AlgoSec can bring to more than one organization, I invited the CSO office in Chile to attend a work session with us so they can start to see everything that AlgoSec might do for them. I knew that it was on their task list, and they have a need to get into the same area. The potential is there that our head office will begin to use the tool, having seen how it has been helping us in just our local office. They need it more because they do have a broader array of firewalls, connections, and things like that. So, I'm looking forward to that.

I know for a fact we are not getting all the value out of the appliance that we can. I know for a fact we are getting more value out of the appliance than we intended when we licensed it. Those are good things. The visualization of our network is helping me. There are diagrams that can be drilled into which help me. When you are small, going over to IT all the time and asking questions isn't always the best thing. It is disruptive. Then, I have to worry whether I got the right answer or not. AlgoSec removes those things. I see what is happening and I know that it is based on the facts. There are five of us using it. I am sure that we use it every week, probably not every day to answer questions, and we are running monthly reports, which are automated, so we have a good history. So, we have the opportunity at any point to identify problems and resolve them.

What we have learned from using AlgoSec Firewall Analyzer: We didn't understand our risk with our firewall. It is good that we relied on a credible third-party, but what we saw was rules could be better configured. These are our protection to the outside world between the bad world outside and inside, between our head office and us. I worked for a Wall Street firm, and we didn't trust anybody. It is a big deal now with zero trust. This tool will help us to get there, dialing things down.

For the AlgoSec experience (the company, product, support, and people), I want to give it 10 (out of 10). Nobody trusts that, but they have been very good to me. The boss who didn't like spending money is very happy with the results. I brought it back to him and showed him what we have been able to do past our manual efforts, and it resonates with him. It makes sense to him. He reads the paper. He sees how quickly ransomware can spread across a network. One of the things that we can do to help protect against that is make sure that we have good segmentation and only the endpoints which really need to talk to each other are allowed to do so.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Chandan-Singh - PeerSpot reviewer
Sr Technical Consultant at a tech services company with 51-200 employees
Real User
Top 5
Very powerful and useful tool; reduces operating costs by enabling access to all firewalls
Pros and Cons
  • "Rather than logging in on separate firewalls, AlgoSec enables you to make changes on all firewalls from one pane of glass."
  • "Lacking in support of other platforms."

What is our primary use case?

We are security consultants based in India. We provide solutions to our customers and implement for them. We deploy AlgoSec on cloud and on-premise, depending on the customer. The use case is generally for companies that have multiple firewall vendors. If you have FireEye, for example, you can create the rules according to your environment. But if you have four different kinds of firewalls, and you want to allow or block something, you need the configuration on all the firewalls. AlgoSec simplifies that process. Many of our clients in India use this solution. We are official partners of AlgoSec. 

How has it helped my organization?

This solution will cut down operating costs in any company. 

What is most valuable?

It's a bit difficult for a network engineer to login on the firewall and make the changes and in that sense, AlgoSec is a lifesaver. You don't need to log in on each separate firewall, you just login on AlgoSec and make changes on all the firewalls from one single pane of glass. You can get the logs from all the firewalls to your AlgoSec as well. And if you see any blocked traffic, you can delete it at the point it gets blocked. If you have five firewalls, it will show which firewall is getting blocked and that can be automated. It's a very powerful and useful tool that can be customized to your requirements. One of the main features is that you can configure all the rules in one place. It also provides a complete report of Euro firewall rules that complies with security authorities such as GDPR.

What needs improvement?

If we talk about Cloud and SDN Platforms it support AWS, Azure etc.... 

I'd like to see this solution support some other Cloud platforms as well such as Alibaba and a GCP to give the customer flexibility. 

Buyer's Guide
AlgoSec
August 2022
Learn what your peers think about AlgoSec. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
620,600 professionals have used our research since 2012.

What do I think about the stability of the solution?

It's a very reliable and stable product because it's not dependent on any hardware, and is installed on a one-to-one machine. 

What do I think about the scalability of the solution?

Scalability in this case really depends on whether the customer is able to provide the resources or not. It requires resources including memory, RAM, and those sorts of things. From a software point of view, I'd say it is very scalable. 

How are customer service and support?

I haven't needed to access technical support because their documentation was so clean and in such a format that I was able to implement without any issues. My customers use it and they are pretty happy with it, because there is good customer support available in India.

How was the initial setup?

The initial setup is very straightforward. You just find the resources on the virtual machine and download.

What's my experience with pricing, setup cost, and licensing?

Licensing is on an annual basis. The best part is that if you have two or three firewalls, but you are using them in a cluster, it's counted as one. This is a basic aspect of the licensing with AlgoSec. I think the licensing is pretty good because they now have all the compliance issues sorted. 

What other advice do I have?

If any user or customer has firewalls, maybe 15 or 20 plus, definitely go for this product. It cuts down operating costs. The benefit of AlgoSec is that you only need one engineer to do all the configurating, rather than separate engineers for the different firewalls. Not only that but you can automate as well. Obviously you have to integrate a texting management tool, but you can integrate and follow the focus.

I rate this solution a 10 out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Managed Security Services Product Manager at a comms service provider with 10,001+ employees
Real User
Top 20
Easy to navigate with good technical support and an easy initial setup
Pros and Cons
  • "The solution is easy to navigate."
  • "AlgoSec can probably do better at introducing features for the cloud firewall scenarios. This is something that will probably help customers. It needs a hybrid scenario that includes private cloud, public cloud, and on-prem things. If a feature could cover all three different types of deployment, that could probably make it even more desirable for clients."

What is our primary use case?

We primarily use AlgoSec to just have a check on what firewall rule sets have been configured over a period of time, and if there are any redundancies within those rules, that we can eliminate without any confusion within the ruleset. It allows us to have the optimum support and effectiveness of the firewalls.

What is most valuable?

Doing the analysis of rule sets is very useful for us.

Being able to make and implement changes within a timeline is a very valuable aspect of the solution.

The solution is easy to navigate.

The initial setup is straightforward.

What needs improvement?

AlgoSec can probably do better at introducing features for the cloud firewall scenarios. This is something that will probably help customers. It needs a hybrid scenario that includes private cloud, public cloud, and on-prem things. If a feature could cover all three different types of deployment, that could probably make it even more desirable for clients.

For how long have I used the solution?

I've been dealing with the solution for two and a half years at this point.

What do I think about the stability of the solution?

We've not received any complaints so far when it comes to stability. So far, our capabilities mapped with AlgoSec has always achieved the best of results for our customers. There don't seem to be bugs or glitches. It doesn't crash or freeze.

What do I think about the scalability of the solution?

We haven't heard anything from clients that would lead us to believe they couldn't scale the solution if they needed to.

How are customer service and technical support?

The technical support is quite good. I would rate them eight or nine out of ten.

There are some points wherein when it comes to support, my engineer may not have gotten direct support immediately. In the past, my engineer might have to wait half an hour or one hour to get an answer, and then, of course, the customer is also waiting. That slightly impacts my customer experience. Due to that aspect, I am reducing one or two points for that. However, overall, we're pretty satisfied with the solution.

Which solution did I use previously and why did I switch?

I use a few other solutions as well. More often, I would advise clients to go with AlgoSec. Of course, as a secondary option, if our customers personally had some other preference, my experience is that they tend to go for Tufin rather than Skybox.

How was the initial setup?

The initial setup is pretty straightforward. It's not complex. We don't face any challenges on that front.

What about the implementation team?

We both deploy the solution and manage the solution for our customers.

What's my experience with pricing, setup cost, and licensing?

In terms of pricing, it would be useful if they could be a bit more aggressive to their competition in the market. They need more aggressive pricing. That would be certainly more helpful to the market overall.

What other advice do I have?

We have relationships with AlgoSec, Skybox, and Tufin. We are resellers as well as value-added service partners of all three solutions.

Our experience is across the board. What we advise depends on our customers' requirements and preferences. Based on that, we suggest select solutions.

We have a cloud model that we have worked out with AlgoSec. We are their managed security service partners. Along with that, we also do the on-prem deployment, especially in the Indian government sector.

Overall, I'd rate the solution a nine out of ten. I've had a fantastic experience with it so far.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
AlgoSec
August 2022
Learn what your peers think about AlgoSec. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
620,600 professionals have used our research since 2012.
reviewer1433391 - PeerSpot reviewer
Network and Security Engineer at Inmarsat
Real User
Top 20
End-to-end visibility and analysis of the rule base facilitates securing and streamlining of our environment
Pros and Cons
  • "The complete and end-to-end visibility and analysis it provides of the policy rule base is invaluable and saves countless time and effort."
  • "In terms of additional features in the next release, more integration with SD-WAN would be valuable."

What is our primary use case?

We primarily use AlgoSec for Firewall Security Management, Firewall Policy Automation, and Auditing. Our firewall estate environment is complex, multi-vendor, and across many sites, so we needed a product that would integrate seamlessly, encompassing all sites and platforms.

It's an ongoing process and we are constantly learning about new features of the product that would be beneficial in terms of helping secure, consolidate, and streamline our environment.

We are well on the road to achieving this with the help of their Professional Services team.

How has it helped my organization?

It has saved us much time, helping us work smarter and more efficiently with regards to policy/ruleset management, automation, and consolidation. This product has saved us numerous person-hours in terms of automation and consolidation.

The various elements of the product have allowed us to cover all aspects of Firewall Security Management, Firewall Policy Automation, and Auditing, which all help to leverage the product's full potential.

Having learned more about the product, going forward we believe it will allow us to benefit in additional areas of Firewall security management. 

What is most valuable?

We have found the Firewall analyzer to be most valuable in terms of policy ruleset management. However, policy ruleset management, automation, and auditing are all good features.

The complete and end-to-end visibility and analysis it provides of the policy rule base is invaluable and saves countless time and effort.

The automation possibilities the FireFlow product provides will also be very useful going forward in terms of time and effort saved, as well as reliability and efficiency.

Overall, the Firewall Analyzer is hugely beneficial in terms of policy ruleset management.

What needs improvement?

Nothing comes to mind in terms of things that need to be improved.

In terms of additional features in the next release, more integration with SD-WAN would be valuable.

I would also like to see more integration with Cloud security products and services but overall, the product compatibility and integration with multi-vendor and differing platforms/environments is pretty comprehensive. That said, with the fast-moving nature of SD-wan and Cloud Security, product features and enhancements will need to keep pace because clearly, Cloud Security is where the industry will be focusing. 

For how long have I used the solution?

We have been using AlgoSec for nearly a year.

What do I think about the stability of the solution?

AlgoSec is as stable as can be expected.

What do I think about the scalability of the solution?

It is highly scalable and more than meets the requirements for our environment.

How are customer service and technical support?

They were very good, responsive, knowledgeable, and usually resolved issues quickly.

Which solution did I use previously and why did I switch?

We did not use another product prior to AlgoSec for the same purpose.

How was the initial setup?

The initial setup was fairly straightforward; however, with the usual initial setup niggles and teething issues.

What about the implementation team?

The Professional Services team assisted us and had a very good level of expertise.

What was our ROI?

ROI is very well leveraged.

What's my experience with pricing, setup cost, and licensing?

Setup cost and pricing were reasonable and the licensing was straightforward.

Which other solutions did I evaluate?

We didn't evaluate other products as we had a previous, much smaller deployment of AlgoSec that we were happy with.

What other advice do I have?

Overall, I am happy with the product; it meets and even exceeds our expectations and ticks all the boxes in terms of reasons for purchasing it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Level 3 Security Engineer at a tech services company with 10,001+ employees
Real User
Great reporting, reduces audit work, and helps accurately identify risks
Pros and Cons
  • "AlgoSec has definitely helped to improve the process of auditing all firewall rules and access."
  • "AlgoSec license usage is handled differently between firewall vendors. It may be a bit challenging to properly size the purchase of a new license - especially if a client is running multiple vendor firewalls in the environment."

What is our primary use case?

The solution is mainly used for auditing firewall rules and inter-zone connectivity within the client environment. 

Another use case we have at the moment is to audit all changes done on the firewalls across the environment. We are also using Fireflow which significantly reduces the administration effort and time required to analyze, plan, and implement firewall changes on a day to day basis. 

Compliance reports are a big help and ensure that the client environment is up to date in terms of their security standing.

How has it helped my organization?

AlgoSec has definitely helped to improve the process of auditing all firewall rules and access. 

From a security standpoint, it has significantly improved an organization's standing from identifying all risky items in a given firewall policy as well as change audits, among others. 

Using Fireflow has also significantly reduced the amount of effort and time required to analyze and plan firewall changes that normally happen on a near-daily basis. 

Change audit has also reduced the effort during audit season especially when clients are running multiple-vendor firewalls.

What is most valuable?

Risky rules and compliance profiles are very valuable. With these reports, we are able to identify gaps in the client's firewall policy and this allows us to effectively remediate such gaps. 

The time and effort saved by using these compliance reports or profiles are definitely welcome. Another feature that we would use on a near-daily basis is the Fireflow and simulation query functionality. With the simulation query, one would not need to log into a specific firewall vendor console to verify if access is allowed or not; we run it through the simulation which saves us a lot of effort.

What needs improvement?

Support could be improved. Support of the KB database is extensive but still does not cover all subjects, at least from my experience. 

Another area of concern that I think could be improved is the licensing system. With the version we are currently running, it is a bit confusing since, for some reason, AlgoSec license usage is handled differently between firewall vendors. It may be a bit challenging to properly size the purchase of a new license - especially if a client is running multiple vendor firewalls in the environment.

For how long have I used the solution?

I've been personally been using AlgoSec for more than ten years now.

What do I think about the stability of the solution?

The solution is very reliable. No issues encountered during daily operations.

What do I think about the scalability of the solution?

I haven't personally done a lot of scaling projects with this product.

How are customer service and support?

The technical support is all right, however, it can be improved.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We did not previously use a different solution. 

How was the initial setup?

The setup is pretty straightforward and AlgoSec did provide support during the process.

What about the implementation team?

We worked in-house, with AlgoSec, and with a vendor found that both are highly knowledgeable.

What was our ROI?

I'm not part of the business team and do not analyze this aspect.

What's my experience with pricing, setup cost, and licensing?

I am not part of the team in charge of licensing. 

Which other solutions did I evaluate?

We also looked into FireMon and Tufin.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Paulo Ataides - PeerSpot reviewer
Senior Information Technology Security Analyst at a integrator with 1,001-5,000 employees
MSP
Top 20
Speeds time required for compliance audits and provides a safer environment
Pros and Cons
  • "Optimizing the operation making it possible to focus on other improvements."
  • "In an environment that is very large, with many firewalls and routers, it is sometimes impossible to buy all of the licenses."

What is our primary use case?

Increase the visibility of CyberSec and the area of compliance (audit) of the environment, with the AFA increasing the visibility of vulnerabilities in the environment caused by extensive configurations, and with the AFF optimizing the operation, allowing to focus on improvements.

We implemented in an environment with more than 280 Firewalls from different manufacturers and the AlgoSec solution enabled a more detailed analysis of the environment, ensuring greater security.

It made it possible to reduce the performance of the operating team in the reactive combat of threats, making the operation more active and focused on quality.

How has it helped my organization?

Reducing operational costs and decreasing the cat's time with rework and unproductive audits.

We find that the traffic simulation query, active change, policy optimization, FireFlow, and map features are especially useful. All other features of the app are also valuable.

The time spent on auditing before AlgoSec was very heavy, at least one analyst dedicated for a week for small audits, and for most, we lost an analyst for weeks.

After implementing AlgoSec, we reduced the audit time to three days.

The environment is much safer with more active configurations.

What is most valuable?

Analysis of the environment to optimize the use of the solution (firewall) and obtain a greater view of compliance.

Optimizing the operation making it possible to focus on other improvements.

The possibility for the end-user to request their rule and ensure that policies are complied with using AlgoSec adds greater security, and it also speeds up the request process. It also makes it possible to automate the implementation of rules.

The user receives the information if his request is within the policies and can continue the request, or if it is denied, the applicant must adjust their request to stay within the policies. The time spent for this without AlgoSec is up to one week, whereas with AlgoSec, in a maximum of 15 minutes we have the request analyzed.

What needs improvement?

I would like to see support more technologies, but I know that AlgoSec is always in the process of evolution.

Perhaps a better financial option would allow customers to choose the complete solution. In an environment that is very large, with many firewalls and routers, it is sometimes impossible to buy all of the licenses. This makes the AFF solution impossible.

What do I think about the stability of the solution?

This product is stable. There have been a few problems, but when there is some instability the support is always available.

What do I think about the scalability of the solution?

Scalability-wise, this product is good. You can increase capacity simply by buying more licenses.

How are customer service and technical support?

We had a few cases where we needed support, but whenever we did, it was available, and with the information needed to solve the problems.

How was the initial setup?

The initial setup is easy and simple.

What about the implementation team?

Always by supplier, highly qualified work with positive results.

What was our ROI?

The solution has a high cost, but the reduction in operation pays the investment.

What's my experience with pricing, setup cost, and licensing?

For the AFF solution, it is necessary to purchase a license for each network asset so that the solution is complete, depending on the size of the environment. 

Which other solutions did I evaluate?

Before choosing this product, we evaluated SolarWinds and FireMon.

What other advice do I have?

Overall, this is a good product and it meets the needs of customers.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Renato Marques Dos Reis Paula - PeerSpot reviewer
Senior Security Analyst at Compugraf
Real User
Top 10
Helps to manage large and complex environments, promoting efficiency and facilitating compliance
Pros and Cons
  • "In my opinion, the most valuable features are the network map, unused rules reports (IPT), and active change."
  • "Environments with many devices need a lot of hardware resources to avoid slowdowns."

What is our primary use case?

We use this solution for device changes auditing, device compliance, network mapping, active change, clean-up of the rule base, and a ticket system.

The device changes audit is a quick identification when changing the configuration on devices. Device compliance gives us the ability to generate device compliance reports. The network map is the method for locating the devices that are related to the communication of origin and destination.

Active change is used to centralize the creation of rules in AlgoSec without the need to access other devices. Cleaning up the rule base means that AlgoSec reports and helps remove unused rules and even unused objects within a rule.

In terms of the ticket system, FireFlow helps to record user requests.

How has it helped my organization?

AlgoSec products help to manage complex environments with many devices, so we can deliver requests more quickly.

Environments with many devices are difficult to identify problems, especially when there are new analysts on the team. AlgoSec helps in troubleshooting and streamlines the analysis.

AlgoSec helps in the agility of the analysis, speed in the delivery of compliance reports, automation in the request to create rules in firewalls, removal of unused rules, and optimization of the rule base.

What is most valuable?

In my opinion, the most valuable features are the network map, unused rules reports (IPT), and active change. They are features that help with automation and reduce the analyst's time spent troubleshooting.

The unused rules reports (IPT) help remove unused rules and even unused objects within a rule.

What needs improvement?

I would like an analysis to be created for user group rules (Check Point - identity awareness). 

Current versions of AlgoSec do not perform analysis of Identity awareness (Check Point). It would be important for the user to be able to request a rule by an access role group and then AlgoSec would create this rule automatically in the firewall.

An improvement in tool performance would be important. Environments with many devices need a lot of hardware resources to avoid slowdowns. Memory consumption of the server is very high.

For how long have I used the solution?

I have been working with AlgoSec for five years.

What do I think about the stability of the solution?

The tool is very stable and does not present many problems.

What do I think about the scalability of the solution?

Currently, the tool works well with large environments.

It may be necessary to create a distributed solution of the product on different servers (WEB / DB).

Which solution did I use previously and why did I switch?

We did use another solution prior to AlgoSec and the change was due to the reports having more information and easy customization.

How was the initial setup?

The initial setup is simple.

After that, it is possible to make customizations to adapt the tool as desired.

What's my experience with pricing, setup cost, and licensing?

The cost of the tool can be recovered with AlgoSec automations.

Which other solutions did I evaluate?

We evaluated Tufin and FireMon before choosing AlgoSec.

What other advice do I have?

AlgoSec is the best tool on the market.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
erdemerdag - PeerSpot reviewer
Cybersecurity Operations Engineer at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
Useful, lightweight, and affordable
Pros and Cons
  • "The rule checks and shadow rule detection are my favorite aspects and the most valuable feature of Algosec."
  • "I mostly have problems with the integration process."

What is our primary use case?

It is a firewall analyzer and risk management solution. It is web-based and very useful. 

It assesses the firewalls and other networks/security devices according to compliance standarts such as NIST, PCI-DSS, etc. We, as a service provider, are responsible to make the customer's risk score minimal. Therefore, we need a kind of solution that is skilled, user-friendly, and simple (but not simpler!). AlgoSec is a very useful solution for us to use and we also recommend it to customers as well.

How has it helped my organization?

The product can give very helpful reports to harden the configuration of firewalls. It gives remediation recommendations by checking the rule configurations, security risks, etc. It is like a Swiss Army Knife - every firm has to have one!

On the customer side, one of the biggest problems is managing firewalls. More than one administrator is managing one firewall. Every administrator has his/her own habits, standards, disciplines, and different point of view. Every administrator also has a different level of security knowledge. That's why the firewall rules can be messed up. AlgoSec is a very useful solution that fixes this problem. It's able to increase the security level of the firm.

What is most valuable?

The rule checks and shadow rule detection are my favorite aspects and the most valuable feature of Algosec.

As a security solution, time matters. For example, a company can have a penetration test. After that, the administrators have a very detailed, very unuseful report. On the reports, there are lists of CVEs, risk scores, assets, etc. In order to fix these problems, administrators have to work at least 2 to 3 months to fix all critical and high-risk problems. However, the medium problems are still problematic! After that long of a time period, a new pentest time arrives. Therefore, they need to open a fresh page on their working systems with lots of new vulnerabilities.

At that point, AlgoSec is an extremely useful solution as it helps administrators to fix big problems in the appropriate amount of time.

What needs improvement?

It is already one of the best solutions in its category. Honestly, I have nothing to recommend. However, I am waiting for the R&D team develops new features.

I mostly have problems with the integration process. Maybe, an integration manual document can be released by AlgoSec and also by the vendors as well if it is not directly related to AlgoSec. They need to have firewall configuration recommendations. While they do offer some, it is sometimes very hard to convince the guys from the firewall vendor side. They should publish these recommendations on the vendor webpage or internal documentation as well, as an example of best practice or best configuration recommendations.

For how long have I used the solution?

I've used the solution for almost three years.

Which solution did I use previously and why did I switch?

I use Skybox as well.

What's my experience with pricing, setup cost, and licensing?

This kind of solution has to be useful, lightweight, and easy to afford for the customers.

Which other solutions did I evaluate?

I also use Skybox. Skybox is one of the most preferred solutions.

Disclosure: My company has a business relationship with this vendor other than being a customer: We, as Barikat, are the partner of Algosec. I am a responsible security senior specialist in risk assesment team in our company.
Flag as inappropriate
PeerSpot user
reviewer1432929 - PeerSpot reviewer
Network Security Engineer III at Choctaw Nation of Oklahoma
Real User
Gives us confidence in our firewall configuration and facilitates compliance
Pros and Cons
  • "The firewall analyzer is great if you deploy a new firewall platform and need to see if it provides an adequate level of protection, where you don't have any dangerous rules."
  • "I like the training available as it is very informative, but, I wish it was just available from YouTube and I could easily play it from my cell phone without additional logins."

What is our primary use case?

We use AlgoSec to see where our firewalls stand, configuration-wise, and where we can make the policies safer for the environment. We are a large Government organization that provides critical services to the community.

We have a mix of ASA and Firepower that we use in the environment. The tempo is pretty high and there is a large amount of opportunity for error due to the size of the team and sometimes lacking in technical experience with configuring the firewall platforms.

This tool allows us to check the config really easily.

How has it helped my organization?

Our pen testers were constantly using AlgoSec for the firewall assessments, even when going with different vendors. We decided to buy the product in order to check the policy in real-time and ensure there were not miss-configurations that would linger until next year's pen test.

We also get an automated email of firewall changes in addition to being able to see if there are any rules that are poorly configured.

I am less stressed thinking there could be a glaring misconfiguration that could cause an incident.

What is most valuable?

We primarily use the firewall analyzer feature. It is really great for looking at stuff like PCI, HIPPA, etc. There are sometimes false positives but I don't know of a product out there that does not have false positives.

The firewall analyzer is great if you deploy a new firewall platform and need to see if it provides an adequate level of protection, where you don't have any dangerous rules.

I like the peace of mind that we get from seeing what our overall score is for the configs. I also like that I can check against PCI requirements.

What needs improvement?

This is a tough one because it has a lot of good features.

I think that the rate of false positives can be improved. I would like a FireFlow or packet-tracer-like capability at a lower licensing level.

I liked the additional capabilities for an analyst or lower-level network admin or service desk tech to be able to check the rules to see if there is something blocking the traffic. However, I was not able to get the licensing approved above just FA.

I like the training available as it is very informative, but, I wish it was just available from YouTube and I could easily play it from my cell phone without additional logins.

For how long have I used the solution?

I have been using AlgoSec for a few years.

Which solution did I use previously and why did I switch?

We just relied on tech skills and pen tests. This way led us to be reactionary instead of getting ahead of problems.

How was the initial setup?

Setup was not too difficult.

What's my experience with pricing, setup cost, and licensing?

The cost is kind of high but I really did not check any other vendors.

Which other solutions did I evaluate?

I did not evaluate other options. I do like NetBrain's Path tool. This gives us a similar capability to FireFlow and has some other really great tools. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free AlgoSec Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2022
Buyer's Guide
Download our free AlgoSec Report and get advice and tips from experienced pros sharing their opinions.