AlgoSec Reviews

We have a large setup of multi-vendor firewalls with large in numbers of policies and rules. Handling rules and policy visibility manually are very difficult for clients multi platform firewalls. AlgoSec AFA has eased day-to-day operation, firewalls rules optimization, clean-up for unused policies and reporting, and visibility on policy and rules. All of this improves the firewall performance.

AlgoSec FireFlow workflow change tracking in environment makes it easy to have a central repository also multiple stakeholder approved change management.   

The AFA workflow has helped us to manage firewall rules implementation using multiple stakeholders' approval with an end-to-end lifecycle of change management and tracking. 

Reporting helps us with deliverables, areas of focus for improvement, and much more. Algosec AFA is useful for policy optimization and clean-up and can measure capacity management. 

AFA provides greatly extended support for firewall rule review for risky rules, optimization, and clean-up for unused rules. 

Firewall rule automation for implementation also makes support easy for support firewall administrators.

AlgoSec currently has two useful features: AFA and AFF. 

The AFA workflow helped us to manage firewall rules implementation using multiple stakeholders' approval with an end-to-end lifecycle of change management and tracking. 

Algosec AFA is useful for policy optimization, cleanup, and measuring capacity management. 

AFA provides greatly extended support for firewall rule review for risky rules, optimization, and clean-up for unused rules. Firewall rule automation for implementation also makes support easy for support firewall administrators.

There could be certain improvements such as supporting secure email. We have some cases where the client SMTP /POP email system is discarded, which is very important factor change notifications.

Fireflow workflow rule/change implementation for time-based rules is not currently supported. 

These improvements in upcoming code will definitely help with end-to-end firewall rule implementation. 

NAT rule implementations were in the roadmap. We are expecting this soon. 

Certain optimization of AFA/AFF SMS resources would ease daily operations.

I've used the solution for four years.

While stability is good, further improvement is needed.

The scalability is good.

Technical support is good.

We did not use a different solution previously.

Some changes in setup are ongoing as we are growing.

I am a vendor partner of AlgoSec.

The licensing is commendable.

We evaluated a few other options before positioning this solution. 

The solution could use improved support.

We planned to start with AlgoSec Firewall Analyzer and later procured FireFlow as well.

We deployed Fireflow as we have been migrating the Infrastructure to SaaS, increasing in multi-vendor engagements on multiple Network and Security layers and handling requests from roaming users ends.

AlgoBot has been enabled to few users to validate their requirements and requests on their own, which has helped them to understand their current access and to create requests that are very accurate and relevant.

With respect to the environment, it's distributed with various network and security solutions, with multiple zones and a maintenance team.

Over the period of two years, we integrated the AlgoSec Firewall Analyzer and FireFlow on multiple solutions including next-generation firewalls, web security, proxies, and other network devices.

On the improvement part, we enabled the common set of policies across firewalls and proxies. This tool helped us eliminate the requirement to have L3 engineer in our other data centers and our Tier 1 and 2 engineers utilize the solution well from the configuration and maintenance areas.

We simply pass over three to four external agency audits on various particulars which we spent more time on before onboarding the solution.

One of the most valuable parts for us is to achieve the compliance standards without ample strain and burden. Defined templates assisted us to make effective on following the internal processes and the industry standard.

It enhanced the complete workflow system within six months of deployment. We eventually onboarded by integrating with multiple solutions.

We performed regular audits internally to standardize and to pass the external audits effortlessly.

In simple words, this process empowered us to define a metrics among our industry and set the development goals clearly.

Support tickets and engineer assignments are one of the few concerns we are facing these days. Initially, they were hard to co-ordinate with the technical support team and the AlgoSec management team helped us to follow the defined Service Level Agreements.

We needed to directly communicate with the integrated solution TAC Teams, let say of Palo Alto or Checkpoint, and we needed to co-ordinate jointly for addressing an issue.

The AlgoSec support team came on a joint call to address the issue on time without saying "this is not my cup of tea" and by then we were happy about the support. This happened during one of our major migrations.

Our management is expecting us to set up a CXO/CISO dashboard from AlgoSec. It would be great for us if the AlgoSec team could assist in setting up the new benchmark.

We have been using this solution for more than two years.

Over the period of two years, we have seen multiple enhancements being made available inside the product. One of the new requirements is on containers/Docker/Kubernetes where AlgoSec really needs to focus. I am not sure about the availability of the latest support release, however, these are booming technologies and we require solutions like AlgoSec to support them.

Earlier it was good. Possibly due to the pandemic, we faced a couple of challenges in getting the support on time. That said, now it's getting better.

Neutral

Earlier we used to manage everything with our internal and vendor team, where lots of coordination was required. It was a long time-consuming process of gathering requirements and defining the best possible solution.

Since few of the solutions were being managed by outsourced team, it was challenging to make the solutions ready to integrate with AlgoSec during the deployment phase.

Some delays happened due to the lack of support by the external party. There were some delays due to upgrading products to make everything compatible with AlgoSec Analyzer and FireFlow.

Initially, we found this as a complex deployment. Later, it was easier than anticipated. We referred to the technical documents and AlgoPedia portal to understand more and deployed successfully within the proposed timelines.

Our in-house team took care of almost everything and the AlgoSec team did the governance.

We'd like the solution to share the complete Infrastructure details along with the business use cases with AlgoSec SE to evaluate and propose the best fit deployments and licensing.

Pricing-wise, AlgoSec still needs to support the customers.

We evaluated Skybox and Tuffin as well. Our internal team showed interest in AlgoSec right away, however, Skybox was a real challenge to differentiate.

Technical documentation and readily available solution blogs helped us to deploy the solution in a better way

AlgoPedia helped us in many ways - including sharing information on the new vulnerabilities, management of appliances, and maintaining the workflows (by providing enough insights to explore and understand).

The solution is mainly used for auditing firewall rules and inter-zone connectivity within the client environment. 

Another use case we have at the moment is to audit all changes done on the firewalls across the environment. We are also using Fireflow which significantly reduces the administration effort and time required to analyze, plan, and implement firewall changes on a day to day basis. 

Compliance reports are a big help and ensure that the client environment is up to date in terms of their security standing.

AlgoSec has definitely helped to improve the process of auditing all firewall rules and access. 

From a security standpoint, it has significantly improved an organization's standing from identifying all risky items in a given firewall policy as well as change audits, among others. 

Using Fireflow has also significantly reduced the amount of effort and time required to analyze and plan firewall changes that normally happen on a near-daily basis. 

Change audit has also reduced the effort during audit season especially when clients are running multiple-vendor firewalls.

Risky rules and compliance profiles are very valuable. With these reports, we are able to identify gaps in the client's firewall policy and this allows us to effectively remediate such gaps. 

The time and effort saved by using these compliance reports or profiles are definitely welcome. Another feature that we would use on a near-daily basis is the Fireflow and simulation query functionality. With the simulation query, one would not need to log into a specific firewall vendor console to verify if access is allowed or not; we run it through the simulation which saves us a lot of effort.

Support could be improved. Support of the KB database is extensive but still does not cover all subjects, at least from my experience. 

Another area of concern that I think could be improved is the licensing system. With the version we are currently running, it is a bit confusing since, for some reason, AlgoSec license usage is handled differently between firewall vendors. It may be a bit challenging to properly size the purchase of a new license - especially if a client is running multiple vendor firewalls in the environment.

I've been personally been using AlgoSec for more than ten years now.

The solution is very reliable. No issues encountered during daily operations.

I haven't personally done a lot of scaling projects with this product.

The technical support is all right, however, it can be improved.

Neutral

We did not previously use a different solution. 

The setup is pretty straightforward and AlgoSec did provide support during the process.

We worked in-house, with AlgoSec, and with a vendor found that both are highly knowledgeable.

I'm not part of the business team and do not analyze this aspect.

I am not part of the team in charge of licensing. 

We also looked into FireMon and Tufin.

I am part of the team providing managed security solutions and we have a number of clients that have a lot of network and security devices in their environment.

We use AlgoSec primarily to provide solutions to our clients in terms of how we can help tighten their security and optimize network performance.

AlgoSec Firewall Analyser makes this easily possible and with the help of AlgoSec's readily available reports, we are able to provide to all our clients the security and compliance report.

Before AlgoSec, our firewall rules got pretty big over time and it came to the point where it was barely manageable. Duplicate rules and objects were everywhere and there was nothing we could do about it. Performing a manual clean-up was a nightmare and near to impossible.

AlgoSec Firewall Analyser improves the firewall rules dramatically by identifying rules and objects that are not needed and consolidates rules and rule re-ordering.

It also helped our team to optimize performance and further secure the network by identifying risky rules.

I always find the policy optimization by identifying duplicate objects, shadowed rules, and unused objects pretty useful. By eliminating all these duplicate objects, unused rules, and unused objects, firewalls and other security devices will use fewer resources to process certain tasks/requests.

This will benefit both the security engineer managing the security devices and the client as they will spend less time in dealing with optimization and therefore can focus more on other important matters.

AlgoSec firewall analyzer is already an awesome product but there are still some areas that definitely need improving.

For instance, the risky rules reporting should have more information available in the risky rules report - especially when you export the data into a .CSV format. .CSV format being a text-based visualization, some information and formatting cause the reports to lose meaning and only become just another character in the file since it cannot port over some properties (like severity represented by colors).

I've used the solution for more than ten years.

We did not use a different solution previously.

The setup is pretty easy and the cost is really worth it.

We did not evaluate other options. 

One of our customers was using basic firewalls and the VPN, however, much of the policies were not applied - hence there were a lot of loopholes and hence a lot of spam and malicious activities were going on in their organization. Employees were able to use blocked sites, IT managers were not able to address the issue on their own. 

The client replaced existing solutions with AlgoSec. AlgoSec has given better visibility and better performance. IT managers who [reviously could not find loopholes were able to address them. 

Detection of loopholes and pinpointing troubleshooting areas were the key value additions that AlgoSec has provided. Its response time is fast. 

Detection of malicious activities and malware is much better than other options. 

Previously, the company was dependent on third-party solutions for audit reports. AlgoSec now provides an instant audit report. 

It has improved the management of all the firewalls (which are both cloud and on-prem) via a single console. The integration with the routers and other IT products is seamless.

The most valuable aspect of the product is the automatic application connectivity. The second best feature would be detection and response and analysis of the data. Applying security policies over the network is easy. AlgoSec instantly provides audit reports which is a most useful feature in this organization. 

Integration of the next-gen firewall, cloud firewall, routers, and load balancers is seamless and a very useful feature.

The solution offers unified and risks analytics reports features. 

AlgoSec helps IT managers automate firewall management across all hybrid environments.

The blacklisting and whitelisting of IP addresses should be improved. There are many false positives.

The cloud migration process should be more streamlined for my customer-facing issues.

The price should be less. The customers who have just started using the AlgoSec firewall management tool, as of now, have not faced any major issues apart from some small debugging. 

Improvement can be done in many areas. For example, it would be great if AlgoSec could integrate with an endpoint solution and directly integrate with firewall and endpoint solutions to bring much more visibility.  

We started deploying the application in January of this year. Currently, in our contract, we have a license for AlgoSec FireAnalyzer and FireFlow. So, at this moment, we are only working with AlgoSec FireAnalyzer. 

We are using AlgoSec to have a good view of our environment in terms of the risks and compliance and to implement rules. Our environment at this moment is only on-premises. We have servers, routers, firewalls, etc.

The visibility that AlgoSec provides about our environment is very important. Without it, we won't have visibility into various risks to our environment. AlgoSec can show us these risks and allows us to improve and close some rules. It improves the security of the network, and we can protect the data of our customers more efficiently.

It is helpful in improving the security and compliance of our environment. We can optimize our environment by improving the rules that are not used or are duplicated. FireFlow is useful in creating and implementing new rules. It allows us to automate rules implementation and have more control over rules.

Its reports are very important for compliance and understanding and mitigating risks. They show us the rules that are open or that can create risks for our environment. This information is very important for us for optimizing our environment and correcting the policies.

In our environment, we add rules in the firewall based on user logins, but currently, we can't do that with AlgoSec. AlgoSec can't create rules based on user logins. For example, generally, when we create a rule, we put IP Address, Destination IP Address, and Service Port. However, in our environment, we put IP Address, User Login, Destination IP Address, and Service Port, but AlgoSec doesn't support a rule in this format. We opened a ticket regarding this with their support two months ago, and they said that they will be able to add it in the future, but they don't know the timeframe. We are currently in the process of making changes in our environment for such rules, and after two months, we won't be using the rules that are based on user logins. We will make them consistent with the market, and we will use only the IP Address, Destination IP Address, and Service Port for rules. So, it won't be a problem for us, but this can be an improvement for other clients.

It is quite new for us. We starting working with it just a few months ago.

Its stability is good. We never had a problem where we couldn't access the platform. It is always available, and we don't have any problems related to the downtime of this platform.

At the moment, it gives us what we need. Next month, we will add new technologies to AlgoSec.

AlgoSec has a great team. They are professional and have good knowledge of AlgoSec. We have a good relationship with them, and we got good support from them.

We never had a solution like this. It is the first one in our environment.

We started its implementation in January with the help of a partner company. It was very easy to implement, and we didn't have to contact AlgoSec.

We completed the deployment in February. We put it in our environment and started the server. After that, we did the configuration and started to add our devices to AlgoSec.

We implemented it with the help of a partner company in Brazil called Logicalis. When we have any problem, we talk to them, and they are able to help us.

I would recommend this solution because AlgoSec provides a lot of reports and views of your environment. You won't be able to get this view through a firewall manager. For example, the CheckPoint firewall manager won't provide what AlgoSec provides, especially related to the compliance of your environment.

We have implemented Cisco ACI in our environment, and AlgoSec will help us to work with this new technology implemented in our environment. We will integrate AlgoSec and ACI next week.

I would rate AlgoSec a 10 out of 10.

If a use case comes where a customer who has different firewalls, e.g., Palo Alto and Fortinet, wants a single pane of glass, where all the firewalls are visible, this is the only use case where AlgoSec would be used.

The customer has to judge, "Are they going to pay hundreds of thousands of dollars for the feature of seeing firewalls of different vendors under the same hood?" Is that the value they want versus the dollar value they are spending? Most of the time, the answer is no. Customers don't want to spend $300,000 or $400,000 just to see a single dashboard. Especially during COVID times, it has become even more impossible to sell such a product. 

From a product perspective, AlgoSec has multiple components. Its security management solution is the primary one that you need to have. You must have this in order to install the platform. 

There are some legacy customers still using AlgoSec. The benefit is the ease in management of firewalls and rules. Also, if they have a small setup, making changes to multiple firewalls at the same time is something the customer enjoys due to limited resources. When an organization becomes an enterprise, then change management comes into the picture as well as best practices, so making changes to multiple devices at the same time is not good. 

It has the capability to be an enterprise grade product, but the use cases have not been fine-tuned for that in the past four years.

There are some integration-related issues too. For example, AlgoSec does not integrate with Forcepoint, and Forcepoint Firewalls have become very prevalent these days. They also don't integrate with Aruba devices. So, the integration ecosystem of AlgoSec is very limited, which is also the case with Firemon.

These days, people are looking at products which can visualize not only their firewalls, but also their networking equipment, under a single map. Can AlgoSec do this? Yes, it can, but with very limited capacity. If I try to sell the automation story of firewall management, there are vendors, like Forcepoint, who are not supported, so if a customer has Forcepoint, then I have to straight away walk off. The worst part of the story is they don't have even a roadmap for this.

Another problem with AlgoSec is that it gives you the capability to make changes to hundreds of your firewalls at the same time, but big enterprises have change management policies. Change managers will never allow you to make changes to more than 10 devices at the same time, which is a feature in AlgoSec. Because, what if something goes wrong, then you have to roll back and figure out what caused the impact, e.g., which firewall did not work well. Doing that post-mortem becomes a difficult thing. So, change automation on a firewall is actually defeating the purpose of the change management policies in any organization. If you run a bank, you will not allow anyone to make changes at the same time from a single click for 10 firewalls. The bank will never allow this. So, what is the use of this automation? Even if you are using this automation, you can do it from your native firewall vendor, e.g., Panorama or FortiManager, where everyone has their own cluster managers. At least if something goes wrong, you can still call Palo Alto and tell them you are Panorama has not done the change right, causing you an impact, and this is your Palo Alto firewall. 

In this case, if I have to raise a case first, then I have to call AlgoSec and check why it has not worked. Second, I have to call the firewall vendors that their firewall is not working well, but AlgoSec has done the right job. Handling multiple vendors for such a trivial issue becomes a problem.

I have been using AlgoSec for four years. First I was a customer, then I became a partner.

If you hit a bug with mass changes, do you troubleshoot on AlgoSec or the firewall? Now, you have two products that you have to tackle for bugs. The two vendors then finger point and you waste time. That is why having the firewall and firewall manager together from a vendor, like Palo Alto, is better.

If the scope of work is just firewall management, it is easy to deploy. However, when you add the flow information, since AlgoSec can also import the flows of your firewall rules, that is live traffic. Then you include FireFlow, or it becomes a nightmare, because what you have to do is take a copy of traffic from different segments/firewalls and bring it into AlgoSec. Doing that becomes a challenge because a lot of companies, such as banks, will not allow you to sniff the firewall traffic live traffic because they have credit card information. 

These days, the traffic has changed to HTTPS, which is all encrypted. Four or five years back, it was HTTP, which was all plain text. Even if you take a mirror of the traffic, how can you decrypt it? You need a decryptor to look inside. FireFlow looks at the packet of the transaction. In order to look at the packet/payload, I have to decrypt it because now it is encrypted. But, who will decrypt it? Then you have to buy another product that does decryption.

Customers look at return on investment to determine the benefit from a product, e.g., the tangible value in return. If I go to sell AlgoSec or Firemon today, the customer will say, "I already have Palo Alto," because Palo Alto Panorama has picked up a lot in the last five years of this market. 

AlgoSec is not a cheap product. If I compare Firemon and AlgoSec, because I am also Firemon certified, Firemon is still cheaper in price than AlgoSec. That is another catch. 

AlgoSec-type products and requirements are not necessary or prevalent these days. If you look at AlgoSec, what do they have? They do firewall management, predominantly. Firewall management as a technology is dying. If you look at Palo Alto, Fortinet, Forcepoint, Cisco, or Juniper, all these firewall vendors are coming up with firewall management platforms. If you talk about Palo Alto, they have Panorama. If you talk about Juniper, they have Junos Space. If you talk about Fortinet, they have FortiManager. You can manage their firewalls using the respective vendor management consoles. The question comes, "Why would someone want to use AlgoSec to do firewall management?" The usability takes a dip in terms of capability because people trust the native vendor, e.g., someone who manages Palo Alto firewalls will do it with Panorama because Panorama is a product of Palo Alto.

AlgoSec's use case was good four years ago before FortiManager and Panorama. If you have a hundred firewalls from Fortinet, then you can manage all of them for a single FortiManager. If you have 50 Palo Alto Firewalls, you can manage those from Panorama in a single pane of glass. These solutions did not exist four years ago, and now AlgoSec is losing its essence in the market since these native vendors have been launched.

Four years ago when I started off with AlgoSec, and I'm still working with them, it was strategic. Now, it has become tactical. AlgoSec has a very good feature of doing firewall rule optimization, which has not been there in the native products. For the last couple of years, the native products also started coming up with firewall rule optimization. For example, Palo Alto (from PAN-OS 9.0 and above) was released a year and a half back. It does firewall rule analysis for you. It is the same case with Fortinet and Forcepoint. Therefore, if I have to sell products on firewall management, which does firewall rules on analysis, what is the use case that I give to customers with AlgoSec?

I am running out of AlgoSec use cases because the native vendors give you the capability to do firewall management, firewall rule analysis, and pushing conflicts to multiple firewalls from a single screen. These are the use cases of AlgoSec. This is what AlgoSec does. This story is not just limited to AlgoSec. Products like FireMon and AlgoSec and the way they used to do firewall management have become a commodity. Now, most of the firewalling vendors have the same functionality in their management console. 

Companies, like RedSeal, or even to an extent, Skybox, are better built because they take the story to the next level. They don't just look at firewalls. They also look at the network, vulnerabilities, risk, governance, compliance, architecture issues, and incident response. This is the story which customers love to see because none of the native vendors are providing this. 

RedSeal and Skybox are doing firewall management for free. They don't charge you for it. On top of it, they do:

• Complete network visualization.
• Give you best practice conflict checks.
• Security architecture issues.
• Risk analysis of every IP asset in your organization.
• Vulnerability prioritization.

AlgoSec has been amazing, but it did not evolve well with time. If you look at AlgoSec from a cloud perspective, it does not support service chaining. So, if I have Palo Alto Firewall in the cloud, which has become very common, they can't detect that firewall. If I ask them to detect Oracle Cloud, they can't detect that. The problem about cloud, even if I'm doing service chaining with VMware NSX and Palo Alto, which is a very famous integration, they can't detect them. They cannot detect these because they are new things which have happened in the market in the last three years. So, they aren't able to catch up. The legacy part is good, but they are not able to catch up on the latest stuff, like service chaining. With anything new, AlgoSec is unfortunately running behind. 

I have used all the components: CloudFlow, Firewall Analyzer, FireFlow, and Algo Bot (which I have used to optimize policies). I have not used AppViz a lot because it just came out. If you talk about the complete suite, then AppViz gives you application-related visibility. However, when you don't have a rich integration ecosystem versus a native firewalling vendor, like Palo Alto, who does give this. What is the use of having AlgoSec (or Firemon)?

I would rate this solution as a seven out of 10. The product is good, but the issue is with AlgoSec's use cases.

We are security consultants based in India. We provide solutions to our customers and implement for them. We deploy AlgoSec on cloud and on-premise, depending on the customer. The use case is generally for companies that have multiple firewall vendors. If you have FireEye, for example, you can create the rules according to your environment. But if you have four different kinds of firewalls, and you want to allow or block something, you need the configuration on all the firewalls. AlgoSec simplifies that process. Many of our clients in India use this solution. We are official partners of AlgoSec. 

This solution will cut down operating costs in any company. 

It's a bit difficult for a network engineer to login on the firewall and make the changes and in that sense, AlgoSec is a lifesaver. You don't need to log in on each separate firewall, you just login on AlgoSec and make changes on all the firewalls from one single pane of glass. You can get the logs from all the firewalls to your AlgoSec as well. And if you see any blocked traffic, you can delete it at the point it gets blocked. If you have five firewalls, it will show which firewall is getting blocked and that can be automated. It's a very powerful and useful tool that can be customized to your requirements. One of the main features is that you can configure all the rules in one place. It also provides a complete report of Euro firewall rules that complies with security authorities such as GDPR.

If we talk about Cloud and SDN Platforms it support AWS, Azure etc.... 

I'd like to see this solution support some other Cloud platforms as well such as Alibaba and a GCP to give the customer flexibility. 

It's a very reliable and stable product because it's not dependent on any hardware, and is installed on a one-to-one machine. 

Scalability in this case really depends on whether the customer is able to provide the resources or not. It requires resources including memory, RAM, and those sorts of things. From a software point of view, I'd say it is very scalable. 

I haven't needed to access technical support because their documentation was so clean and in such a format that I was able to implement without any issues. My customers use it and they are pretty happy with it, because there is good customer support available in India.

The initial setup is very straightforward. You just find the resources on the virtual machine and download.

Licensing is on an annual basis. The best part is that if you have two or three firewalls, but you are using them in a cluster, it's counted as one. This is a basic aspect of the licensing with AlgoSec. I think the licensing is pretty good because they now have all the compliance issues sorted. 

If any user or customer has firewalls, maybe 15 or 20 plus, definitely go for this product. It cuts down operating costs. The benefit of AlgoSec is that you only need one engineer to do all the configurating, rather than separate engineers for the different firewalls. Not only that but you can automate as well. Obviously you have to integrate a texting management tool, but you can integrate and follow the focus.

I rate this solution a 10 out of 10.