AlgoSec Reviews

AlgoSec provides a secure connection between applications and helps customers maintain regulatory compliance.

The benefit depends on the type of client. Our banking customers are impressed with the compliance features, automatic policy installation, and FireFlow. They also realize performance improvements of approximately 20 percent. 

AlgoSec has simplified the work of security engineers. If I had to give that a grade, I would give it a nine out of ten. We used the solution to implement and manage micro-segmentation initiatives. Still, it has been limited since this is a private cloud version, and many of our customers use regular firewalls. 

We deal with customers with a mixture of environments, including private cloud, public cloud, and on-premises. Many of them have on-premises and private cloud environments. AlgoSec provides a single pane of glass for managing these mixed environments, making management more effortless. 

The most valuable feature of AlgoSec is integration because it needs the be integrated with vendors' firewalls and other security products. AlgoSec has intelligent policy tuners. 

It's easy to integrate AlgoSec with solutions from other vendors. It's currently integrated with the products of three or four vendors. We integrate AlgoSec with AppViz and other products to get complete visibility into our network policies, and FireFlow helps us manage risks from firewall change requests. It has reduced the time it takes to implement firewall rules by about 20%, according to the ROI calculator on the AlgoSec website. It varies, depending on the structure of the customer's environment. 

AlgoSec also helps us audit complex environments to ensure firewalls are in compliance. The benefit is marginal if there is only one firewall and a few policies, but it's significant when you have three firewall clusters and 60 devices. 

The documentation could be better. 

I've been using AlgoSec for six years.

AlgoSec is stable.

It's a scalable solution but there is room for improvement in that area. It has a high-availability structure, but some features need to be distributed using a collector, for example.

I rate AlgoSec's support eight out of ten. I don't use it much, but it has improved greatly in the last two years. 

Positive

Setting up AlgoSec isn't complicated. You can install it in half an hour, but the configuration time depends on the environment. Sometimes, it takes a day, but it could take up to a week to analyze the files, etc. We have a two-person team responsible for deployment and maintenance, but we also have partners. In all, we have about 10 technicians supporting our customers.

I don't know about pricing because I'm a technical guy. I can say the licensing model is straightforward and should be in the future. It isn't an issue for our customers. 

I rate AlgoSec an eight out of ten. I would recommend AlgoSec, depending on the client's structure and requirements. It's a good solution for regulatory compliance and analytics. 

We use FireFlow, AppViz, and AppChange. We use them mainly to visualize our firewalls.

We have three data centers, but we are also providing the public cloud as well.

We implemented it to get a better, clearer view. It has supported us very well.

The solution provides us with full visibility into the risk involved in firewall change requests. This is very important for us because we are regulated according to the FDA. It shows us which changes have been made and why. So, it has worked very well for our compliance needs.

AlgoSec is a tool that really supports our work in compliance and our customers' requirements, fulfilling their FDA requirements.

Our security has been stronger due to AlgoSec. We don't have human errors.

The most valuable feature is its ease of use.

It provides a very good, clear view. I really love the product. 

Overall, it gives a better overview of our firewalls. This is a tool that we cannot live without because it is easy to view and maintain.

I have been using this solution for four years.

Overall, the stability is good. It supports our work. We are happy and our customers are happy.

It has very good scalability.

The technical support is fast and very good. I would rate the support as six or seven out of 10.

Neutral

We have seen ROI on time. AlgoSec has reduced the time it takes to implement firewall rules in our organization. It used to take around an hour, and we can now implement them in 20 minutes.

It is a good investment due to the losses that a customer will have if they are not aligning with the FDA. That would be in the millions, so it is a good investment from our side and the customer's side.

Quality has a price. 

We have tried other vendors. This is the best solution that we came up with due to our requirements and demands.

It is good for integrating with leading security vendors.

I would rate the solution as eight out of 10. If you have requirements with very strict alignment for firewall rule processes, then I would really recommend this product.

We use AlgoSec Firewall Analyzer and AppViz. We have bought the FireFlow license, but we do not use it currently. We plan to use it, but we are not using it right now. 

Firewall Analyzer is helpful for network assurance and meeting some requirements of PCI DSS. 

We use it to manage only our on-prem environment. Our network environment is mostly on-prem. We do not use cloud networking. We have an internal cloud, which is hosted in the Netherlands, but it is like a private cloud.

It gives us a pretty good understanding of what's going on in our network in terms of network security policies. In terms of the overall visibility that it gives into our network security policies, I would rate it a nine out of 10.

For preparing for audits and ensuring that our firewalls are in compliance, Firewall Analyzer gives a great overview of what's going on with the firewalls in terms of rules, etc. It offers a great input for auditors or for reporting to auditors.

We use Firewall Analyzer in order to monitor the PCI DSS network area. It is helpful for meeting some requirements of PCI DSS.

We work with multiple security vendors. It works when it comes to integrating it with the leading vendors. We didn't have any problems integrating with the solutions of our top three vendors.

Firewall Analyzer and AppViz are the most important features because they provide a lot of information regarding network segmentation. For us, this is a valuable input in order to provide network segmentation for various applications that we have developed in-house or that we bought from vendors. Our network is not properly segmented right now, but we plan to do it using AlgoSec. This is the most important feature for us right now. We also plan to use FireFlow in order to automate the firewall change management.

The Firewall Analyzer module can be improved to implement a vulnerability management solution, or they can link Firewall Analyzer with a vulnerability management solution in order to get a better overview of what's going on in our network in terms of vulnerabilities.

We started implementing AlgoSec in April this year.

So far, so good. We didn't have any problems. It is pretty stable.

From what I've heard and what I've read on their portal, it is pretty scalable. There are no issues around this.

We have not opened any tickets on the portal. We have a dedicated support person who assists us in the deployment. They are pretty fast to react. If I ask them a question today, they will respond very quickly.

We didn't have a different solution.

It was pretty straightforward. We started implementing AlgoSec in April this year. We are not fully into production, but we have been using it since May. Technically, it took less than a month, but we still have to do some paperwork in terms of security procedures, security monitoring, etc. So, it has been all paperwork from May till today.

The patching process of this solution is also pretty straightforward. They provide monthly patches, and it doesn't take a whole bunch of people to maintain it. Just one or two people can do the job.

Even though we had a reseller involved in this process, we did it on our own but with a little help from AlgoSec.

We have not yet seen an ROI. We are currently at the beginning of implementing the solution, and there is still a lot of time before we see a return on investment.

Price is not my concern. If a tool does its job, it is not my concern to obtain a good price for it. If a tool is needed, we are going to buy it.

We evaluated other solutions such as Skybox, Tufin. We found the graphical user interface of AlgoSec to be very user-friendly. It provides the information that you need. The information that you need is very well organized as compared to other solutions.

It depends on your needs. If you want to have a better overview of your network, AlgoSec is a tool that you can rely on. You can have an overview of your network by using your own equipment, but you have to dig in deeper. AlgoSec provides better visibility with a little amount of effort.

We haven't had any breaches in the past. We have not used it to implement and manage microsegmentation initiatives. We use it for network segmentation, which is done at the network level which includes firewalls, switches routers, and so on. Network segmentation is an ongoing process. 

I would rate it a nine out of 10.

I mainly use AFA and FireFlow. The majority of the network is internal. We have a very limited footprint in the cloud right now. But what we do have in the cloud is private. Being a financial institution, everything is very secure. So we don't have anything in the public cloud.

We're primarily using AlgoSec for firewall management and change validation. So we use it for monitoring all the firewall changes and security ratings. Any kind of firewall change is monitored and we have our own process that we use AlgoSec for to validate that changes are implemented according to the requests and go through all of the change approval processes.

We are using it for the firewall change auditing process for our department. They are one of the leaders that we found in this area. There is a very limited group of vendors that provide this kind of functionality and we've gone through the majority of them. AlgoSec still stands out as the leader, in our opinion.

We primarily use AFA for the change management portion of it. But the security ratings also are used by our security group to ensure compliance and validate that nothing is being configured that is not in our best interest.

The overall visibility AlgoSec gives into our network security policies has been very good. We are happy with the way the application works. It is very intuitive and easy to use. I would give that a very high rating.

AlgoSec provides full visibility into the risk involved in firewall change requests as well. It definitely allows us to drill down to the level where we can see the actual policy rule that's affecting the risk ratings. If there are any changes in ratings, it'll show you exactly how to determine what's changed in the network that will affect it. It's been very clear and intuitive as far as that.

I don't know if it has reduced the time it takes to implement firewall rules in our company. We don't use it for implementing changes because our network is very in-depth and we're very particular with our security on that, that we do manually make all of our firewall changes. So we're not using the automated functionality of AlgoSec to do that for us. But I think that's more because of the restrictions that we have in our own network.

AlgoSec is very good when it comes to preparing for audits and ensuring our firewalls are in compliance. The security ratings are a major factor in that lately, as well as being able to show the configurations and how they affect the risk ratings. Whenever we do need to address any issues, it's very clear to show us exactly what the effects of the ratings are, as tied into the firewall policies.

We work with multiple security vendors. I'm not on the security team any longer. I went from network group to security and then back again. But our security group does work with AlgoSec and they use it very intimately for different functions.

Some of the auditing functionality needs improvement. Our major focus is the firewall validation process and tracking and verifying that changes are implemented correctly. We are actually doing parts of the auditing process manually. And getting any one of the vendors to bring out a good auditing process has been very difficult. AlgoSec does a good job of showing us the changes, but we're doing a manual process to actually audit it and do documentation that we can provide to our auditors that shows we're validating everything, and on top of it, that nothing gets implemented without being caught. Part of that could be improved upon.

I have been using AlgoSec since 2016, so it's been around five and a half years. 

The stability has been great. We had a minor bug with the latest version and development. I did work with support to get that ironed out. They resolved it so right now, it looks to be very stable. And we are looking to put that into production shortly.

The scalability seems very good. I haven't seen any restrictions if we were to bring in other hardware or other devices in terms of how to scale it out, either size-wise or vendor-wise.

We have our network group, which we use AlgoSec for, for investigating the risks, configuration issues and things like that. The security group uses it for risk ratings and compliance verification. Then we have a separate group, which is a different group of security that uses it for the firewall validation process. They're the ones that use it on a daily basis to investigate any firewall changes and tie those back to the original request and validate that they were implemented properly.

The support has been very good. They're very responsive, very quick to get back to you, and very helpful. They bring in developers very quickly and easily to get into the details. Our last issue we had seemed to be very unusual, and with their support, they brought in the actual developers that were working on this software and resolved it very quickly.

We used a couple of different solutions and they all have their problems. We thought we had a good solution at one point until we found out that it wasn't working properly. When you trust in an application like this and you believe in the numbers that it's giving you, you go with that as gospel until you find out that it's wrong. That vendor's support was just not on the level that we wanted. We were getting no response from them for a long time. So we finally gave up on them until we went to AlgoSec, and it was a much better solution for us.

The initial setup is very straightforward. It is very easy to integrate network devices into AlgoSec and manage them. It's even getting easier with the latest version. We integrated Palo Alto devices into AlgoSec and it is very simple to bring it in. We have a development server that we're testing out the latest version on, and that came in in minutes. It brought it all in automatically.

The earlier versions of AlgoSec, especially when they came out originally, would not integrate properly with Panorama. So at that point, we had to integrate AlgoSec to actually reach out to every firewall individually for configurations and change status. The current releases are now integrating directly into Panorama. It's just basically one connection into Panorama and it pulls in all of the configurations from there. It's much more simplified.

I don't really get involved in ROI. But I definitely think it's valuable to us and I think it is a good solution for us.

I don't get into the pricing aspect of it that much. But from my beliefs of it, I believe it is very cost-efficient compared to other vendors. Their licensing is very straightforward and they're easy to work with.

There were three main players at the time, we went through proof of concepts with each of them, and AlgoSec was definitely the strongest vendor in that group and we don't regret it at all. I think it is a good solution.

The other vendors were promising a lot more than they were actually delivering on when it came time to actually putting it onto our network and evaluating it. We were finding that things that they were telling us that they supported and were part of their packages were not actually functional at the time. So we did not go forward with them because of that. AlgoSec actually had everything working properly. It was very easy to set up and use and it did what they promised.

Their sales engineers have really been very helpful and very good at working with us. I have nothing bad to say about them. They were excellent and I have a good relationship with them. If I ever need anything, I'll reach out to either our sales executive or our SE anytime and they respond immediately to us.

I would say the biggest thing we've learned with it is how much information it does give you. It is a nice platform. It definitely drills in a lot of layers of security and efficiencies that you can do. We're not using it to its full potential for cleaning up policy rules. As most companies are now, they are short-staffed and overworked. But it definitely can be used a lot more than we are using it for. Overall, it's a great solution and I have not seen another vendor in this marketplace that does any better than this.

I would rate AlgoSec a nine out of ten. We would like to see the auditing functionality improved. But that would be the only shortcoming at this point. I do think that they are top of the marketplace for this.

AlgoSec is a very helpful product in carrying out security operations effectively.

It has a user-friendly interface, and we don't encounter any problems during or after installing updates.

We can get quick support from the manufacturer in case of problems.

The ability to automate policy analysis, optimize configurations, and visualize security risks allows organizations to mitigate threats and reduce the risk of security breaches proactively. 

By providing visibility into security risks, compliance gaps, and application connectivity requirements, AlgoSec helps organizations strengthen their security posture.

This product has had many benefits in improving my security posture by fixing many vulnerabilities.

Lack of sufficient resources or expertise to leverage AlgoSec's capabilities to their full potential might hinder the expected improvements.

The ability to automate policy analysis, optimize configurations, and visualize security risks allows organizations to mitigate threats and reduce the risk of security breaches proactively. AlgoSec's reporting and compliance features help organizations meet regulatory requirements more effectively.

AlgoSec offers a centralized platform for managing complex network security policies across heterogeneous environments. This feature enables users to visualize, analyze, and manage policies from a single interface, enhancing efficiency and reducing errors associated with manual policy management. 

AlgoSec's ability to integrate with various security and networking solutions enhances its overall value. Integration with firewalls, cloud platforms, SIEM tools, and other security devices ensures a cohesive security ecosystem and enables better threat response and mitigation.

Enhancements that allow for more automated policy management, change workflows, and orchestration can significantly streamline network security operations. 

Advanced analytics and reporting capabilities that provide deeper insights into network traffic, security policy effectiveness, compliance, and risk management can be beneficial. 

Features that allow security policies to be defined and managed based on specific applications' needs would be ideal.

I've been using the solution for two years. 

My main use case is as a firewall analyzer module where it can be further broken down as follow: 

1) Network topology visualization: visualizes a network traffic path during troubleshooting

2) Policy optimization: uses optimization and clean-up recommendations to perform annual housekeeping of the firewall

3) PCI DSS compliance: follow the out-of-the-box checklist to prepare for a PCI DSS audit

4) Risk reduction: uses the recommendation of the risky rules to address all the critical and high-risk rules

5) Monitor changes:  monitor for firewall-config changes in real-time via email alerts

The solution has improved our organization in multiple ways. We can:

• Easily understand and provision application connectivity to accelerate application delivery and minimize outages

• Process firewall changes 4x faster, and eliminate misconfigurations and rework

• Proactively assess the impact of network changes to ensure security and continuous compliance

• Simplify and automate internal and regulatory firewall audits, and reduce time and costs

• Streamline communication across the application, network and security teams

• Deliver a tighter security policy that provides better protection against cyber-attacks

The product is great for:

1) Network topology visualization: reduces network troubleshooting effort which contributes to quickly restoring network or application outage.

2) Policy optimization: reduce/consolidate the number of rules created prior to the existence of AlgoSec Firewall Analyzer in order to free up hundreds of rule capacity before reaching the max rule limit of the firewall.

3) PCI DSS compliance: helps to highlight the area which firewall admin need to take note and address in a streamlined and structured manner.

4) Risk reduction: helps to quickly identify the risk that exists in existing rules and provide useful recommendations that help the firewall admin to remediate with ease.

5) Monitor changes: helps firewall admin to comply with security requirements of providing real-time security alert whenever a change is made, with detailed info on what was the value before and after.

The FireFlow's out-of-the-box workflow configuration/customization wizard could be improved to be more user-friendly and have a shorter learning curve. The current configuration wizard is quite complex and complicated, which will result in the need to engage with an AlgoSec professional services team to perform even the simplest workflow adjustment.

I had tried AlgoSec's direct competitor's workflow configuration wizard and found it to suit most organization requirements even though the customization capability may not be as advanced as AlgoSec.

I've used the solution for six years. 

The setup is fairly straightforward.

We did also consider Tufin.

We have actually played around quite a bit with the network flow piece of it (with the routers). That has helped us troubleshoot a few things with data flow and where it might be stopped or redirected to an incorrect location.

We use the following components of AlgoSec: AlgoSec Firewall Analyzer (AFA), FireFlow, and AppViz. We have a very limited cloud deployment at the moment.

We have a very complex network environment. It requires very specific compliance protocols to be put in place, including HIPAA compliance, PCI compliance, and HITRUST compliance. Therefore, we have very specific rules that we have to adhere to. We have 13 sites with very complex setups at each site to allow for redundancy and security, utilizing multiple vendors and technologies to achieve that. 

We are currently developing and going to have a hybrid deployment for the cloud and on-prem. Right now, 98% of our stuff is on-prem, and that will change. We are probably going to be about 75% on-prem and 25% in the cloud, which is very complex. This will allow our external vendors and external clients in as well as all our internal resources.

They have compliance rules built right into the system. Right out-of-the-box, you can run a compliance check against your environment that tells you exactly what needs to be fixed and why. Their compliance check is phenomenal. They even have a base compliance check. So, you can set your own standards to make sure that all your equipment meets those base compliances that you have for internal standards.

AlgoSec has reduced the time it takes to implement firewall rules in our organization. While our usage of it has been fairly limited to what we have tested so far, it has probably reduced the time by about 30%.

It gives us 100% visibility into our network security policies. It has given us a couple of surprises. Over the years, the network that we are administrating has been subject to people who have an idea of how a network should be set up. That differs from technician to technician or engineer to engineer. So, we are finding little pockets of hidden little self-engineered configurations and the way things were done that nobody knew about. Once the engineer left, the knowledge of that setup disappeared. You don't know about those until something either goes wrong, or you get something like AlgoSec to discover it for you, and it says, "Hey, there is this going on over here." 

It has helped us figure out how it was set up and why it was set up that way, then allowed us to engineer it so it fits a little better into our standards. We found a couple of secrets in our network that nobody would have known about. If we had an outage on those, nobody would have been able to figure them out without a tool like AlgoSec. This would have been a complete outage for our organization. Since we are healthcare insurance, that is a significant amount of money.

It has helped to simplify the job of our security engineers. We have a snapshot of where we are at with the correct data that we need to be able to fix the issues that we have. We keep finding little secret pockets of out-of-standard configurations that need to be addressed.

AlgoSec absolutely provides us with full visibility into the risk involved in firewall change requests. There is a risk analysis piece of it that allows us to go in and run that risk analysis against it, figuring out what rules we need to be able to change, then make our environment a little more secure. This is incredibly important for compliance and security of our clients. We deal a lot with patient health information that needs to be secure for physicians who are dealing with it and the patients themselves.

The most valuable for us so far has been the firewall rule analysis. Just to be able to get to a point where our infrastructure is secure and stable. The analysis runs everything that we actually need. When we run a report, we need to look at the report, then go back to the analysis because the analysis has all the information for us. We just have to match up the analysis to the report.

We have a security vendor who runs an analysis on the logs that we send them. We have multiple vendors who come in and do an annual security assessment. We have multiple vendors who come in and do an annual penetration test. We have vendors who deal with the end clients as well as vendors who deal with the servers for security, in addition to our firewalls, routers, and public interfaces. AlgoSec takes all of the information on our network, puts it into one single pane of glass where we can go and request what we need from the vendors. Plus, there are reports in AlgoSec that we can run and send out to our vendors so they have an eye into what we are looking at.

The reports are lacking information when they come out. They will not pull the URL or application information from Cisco FTDs. I know this works for Palo Alto Firewalls, which we currently do not have. If they could improve the integration with Cisco FTDs as a whole, that would be immensely helpful.

We are actually in the process of purchasing AlgoSec. We have gone through a proof of concept with them. Right off the bat, running through that proof of concept with them was absolutely fantastic. Usually, they have an offsite proof of concept server that you connect up to, then kind of take a look at their technology to see how everything works and if you like it. However, we have a different setup onsite for some of our firewall rules. We wanted to make sure that their application/appliance worked on our internal environment. They were more than willing to set up an onsite PoC for us so we could make sure everything did work.

The stability is fantastic. We haven't had an issue with stability at all.

Two people are needed for maintenance (someone for backup plus me). Maintenance on it is fairly limited. It is very automated in the way that it handles all our data and firewall needs.

The scalability is easy, just add more licenses if needed, then turn up another virtual machine. It is pretty straightforward.

There will probably be a dozen of us actually utilizing AlgoSec. This will mainly be the network and security team, then the security team themselves.

During deployment, the technical support fixed our issue within 30 minutes of the phone call.

We are in the process of doing microsegmentation right now. That is one of the reasons why we started looking into a utility like this because we needed to get that current snapshot of where we are at and where we need to go. AlgoSec is beyond phenomenal for helping to create and manage this type of initiative. With the automation piece and the fact that we can take a look at the traffic that is currently running through our firewalls and automate the rules being created for that. This will take a lot of manual work off of our shoulders that would have taken many man-hours to be able to implement.

We ran into some errors/issues, so it probably took us a week to fully deploy it. The process was straightforward except for the typos that we had in the programming. Without those typos, it would have been up within half a day.

We had an implementation strategy that we laid out beforehand and went forward with that.

James, the AlgoSec engineer who was working with me, spent about two weeks on and off with me trying to get the solution up and running, and he was successful at it. This was so we could utilize their proof of concept in our environment to make sure that it would fit our needs.

Because we went from having no unified tool to having AlgoSec, it has improved our security platform by probably 80% in just the short time that we have had and used it. It is invaluable. There is no question in my mind that it is a tool for anybody who has multiple sites, firewalls, and routers. It is something that everybody needs to look into getting because it is invaluable.

Even if we were to pay the first quote that we got, AlgoSec would be worth it. Just having the automation and that overall look into your security platform, you can't be without it.

We are working with our finance department right now to be able to purchase it. The AlgoSec team is doing everything that they can in their power to get the costs down to where our budget is. They have worked a lot on it. They have cut the cost in half for us so far by questioning, "This is in the quote. Is this something that is actually needed?" They have pulled some stuff out and cut our costs down by 50% for the product itself.

There were four of us involved in the evaluation of the product.

We compared this tool to two other different tools. Even with their higher-end solution, when we had the full budget for this, AlgoSec was less expensive than some of the other top tools. We looked at FireMon and Tufin. The reason why we said, "No," when we had budget to FireMon and Tufin is because they were not pulling in the application data or URL data. 

AlgoSec actually pulls application data and URL data in. AlgoSec is a little easier to use than the other solutions. Cisco recommended AlgoSec to us.

Don't trust what you think you know about your network. There are surprises everywhere, and sometimes it takes a utility like this to find those.

Don't don't hesitate. Go get it. If somebody came and asked me for an analysis tool, AlgoSec would be at the top of my list.

The integration is fine.

Migration to the cloud is on our roadmap. 

We have not set up any automation quite yet, but that is on the roadmap. That will make the tool even better.

I would rate this solution as a nine (out of 10).

We use AlgoSec Firewall Analyzer and FireFlow. 

Our primary infrastructure is all on-premise. We tend to leverage only SaaS components of the public cloud. We have over ninety sites including branch offices and Data Centers.

We have over on hundred firewalls and we are a PCI compliant organization. So, we use it for all of our change control around all of our firewall ACL deployments, as well as our risk profiling. We use Fireflow for the change management and audit control. The IT security department uses it for ACL reviews and ACL change requests.

Specifically, with FireFlow, we've managed to integrate that into our overall change advisory and request for change control process: requests flow through a ticket, through AlgoSec Fireflow, through our IT security department for approvals. We've taken advantage of all that. We generally do not have any out-of-band changes and those that happen are logged, tracked and reported on.

The Active Change component has helped reduce human error and given people more confidence the ACL changes have been applied as they requested.

AlgoSec has helped to simplify the job of our security auditors. Primarily, from an audit perspective, it's much faster than it ever was because they can review the ACLs all in one tool now, as opposed to asking for plain text CSV dumps of firewall rules. They can also respond a lot faster now to requests for ACLs as to whether or not they're valid or required because they can review the traffic simulator.

AlgoSec enables us to manage our dispersed environments in a single pane of glass for the firewalls. Seeing all of those firewalls in one view, we no longer need to use things like the Cisco ASDM for day-to-day ACL management. 

AlgoSec gives us a high level of confidence that our ACLs and our risk components are actually in line with our expectations. Because we run a lot of our firewalls as an internal change control boundary, we rely on them heavily to segregate security zones. It gives us a high level of confidence that things like third-party networks that ride on the backbone are segregated and appropriately defined.

The features I find the most valuable are the:

• Duplicate objects
• Unused rules
• Duplicate rules.

The traffic simulation has been really valuable, especially with other business units that aren't familiar with the firewalls but are looking to see whether or not traffic they're using or going to be putting on the network through projects is going to be impacted.

The overall visibility that AlgoSec gives into our network security policies is high. Our firewalls are our primary control boundary on the LAN. They give us the most amount of visibility we can get at that layer without microsegmentation.

AlgoSec provides us with full visibility into the risk involved in firewall change requests. That feature is important to us because we're a heavily risk-averse organization when it comes to IT control and changes, It allows us to verify, for the most part, that the controls that IT security is putting in place are being maintained and tracked at the security boundaries.

It has reduced the time it takes to implement firewall rules. We can sometimes do 20 to 30 ACL either adds, removes, or changes in a week. In some cases those changes are now down to minutes. Prior to AlgoSec, we would have to do all the manual verification which meant potentially logging into every related firewall, checking every ACL, and making sure that we got the placement correct.

We have a fairly complex routing environment that AlgoSec struggled with. The initial period when we were doing an installation with their support desk was fairly challenging.

I have been using AlgoSec for about a year and a half to two years.

We have not had any issues with stability.

So far, we haven't had any issues with scalability. We're at 100+ firewalls, all of them logging directly to the product without issue, and we're using it daily.

We've had a mixed experience with their support. It's swung the gamut from someone who will just reference their own publicly available knowledge base right up to someone going directly to the developers. That process has felt inconsistent. I never know which one I'm getting.

We were not previously using another solution. We chose AlgoSec because we knew that we were going to be managing ACLs globally at a rapid rate going forward and we needed a solution for that.

For our implementation strategy, we used their JumpStart process where they actually had an AlgoSec representative come to us and get us through the implementation. That resource was here for about a week. By the end of the week, it was up and running enough for us to complete the more organization specific components of the implementation.

We had three staff involved in the deployment and there's typically a team of about five of us involved in the daily maintenance and operations. We were all part of the JumpStart. 

About a dozen people now use the tool regularly and that number continues to increase.

For us, on the network team specifically, we're a small team relative to the number of devices that we manage. Having so many firewall rule changes come in on a regular basis, we were likely going to lose a body if not two, just to managing ACL adds and changes.

Initially, the licensing was a little bit unclear. We run a of our firewalls with high availability solutions and how licenses got presented and accounted for was unclear. Overall though, the licensing is pretty straightforward.

The licensing and support cost is fairly significant, likely out of reach for any small and most medium sized businesses without a significant security requirement.

We looked at Tufin and FireMon. At the time, FireMon was cloud-based and we had a policy that didn't allow us to use it.

We had met with AlgoSec a couple of times over the years at Cisco Live. We were familiar with their platform.

My advice would be to be ready to find out the things you probably didn't know. For us, there were a lot of rules that were implemented that weren't being used, a lot of objects that were duplicates.  We were unknowingly hoarding all kinds of configuration data that was no longer relevant.

Overall, I would rate AlgoSec a solid eight out of 10.