AlgoSec Room for Improvement
We are using AlgoSec directly against our Cisco Firepower. At first, AlgoSec didn't work with Firepower. It didn't know how to read the logs. So, improvement has been made. Now, the feature that was available on the older generation firewall is available on the current one, but this is a problem which has already been dealt with.View full review »
Senior Systems Engineer with 51-200 employees
AlgoSec needs improvement with its support level.
I know that they have 3D architecture like SMB and enterprise on top of that. Some people consider this as a noncritical device. But because it's not as critical as a firewall, some people think that the support level does not need to be equal to a firewall level of support. But if some people are monitoring and managing firewalls through AlgoSec, the level of support should be equal to a firewall level. It shouldn't be dragging over two or three days. I know that they have three levels of support, but at the very first level, I believe you should be able to directly contact the tech and get a solution as soon as possible.
The only problem I have with AlgoSec is just its level of support, not with the product. Not with the organization or the documentation or anything else, but if I need any additional support, the only problem is the time it takes to get it.
We work with multiple security vendors. It's rather difficult to integrate the vendors. AlgoSec is a platform that hasn't really been developed as much as we would like to just because of its complexity to set up. If it was easy to set up and easy to get integrations with other companies, then we would be doing it. But the thought is that we are relatively stretched thin in our team as it is and the complexity of configuring AlgoSec doesn't make it any easier.
Overall, setting up new features is something that needs improvement in my eyes.
It has a cool feature where it has multiple firewall rules that say "You're allowing this IP page address to talk to this IP address on port A, port B, and port Z." For example, if AlgoSec detects that that rule was being used but it's only being used for port B and C, then it'll actually notify you that this rule can be trimmed down and you can remove port A, as it's not being used by your rules anymore. That's something we really like as well.View full review »
The reports are lacking information when they come out. They will not pull the URL or application information from Cisco FTDs. I know this works for Palo Alto Firewalls, which we currently do not have. If they could improve the integration with Cisco FTDs as a whole, that would be immensely helpful.View full review »
There are some integration-related issues too. For example, AlgoSec does not integrate with Forcepoint, and Forcepoint Firewalls have become very prevalent these days. They also don't integrate with Aruba devices. So, the integration ecosystem of AlgoSec is very limited, which is also the case with Firemon.
These days, people are looking at products which can visualize not only their firewalls, but also their networking equipment, under a single map. Can AlgoSec do this? Yes, it can, but with very limited capacity. If I try to sell the automation story of firewall management, there are vendors, like Forcepoint, who are not supported, so if a customer has Forcepoint, then I have to straight away walk off. The worst part of the story is they don't have even a roadmap for this.
Another problem with AlgoSec is that it gives you the capability to make changes to hundreds of your firewalls at the same time, but big enterprises have change management policies. Change managers will never allow you to make changes to more than 10 devices at the same time, which is a feature in AlgoSec. Because, what if something goes wrong, then you have to roll back and figure out what caused the impact, e.g., which firewall did not work well. Doing that post-mortem becomes a difficult thing. So, change automation on a firewall is actually defeating the purpose of the change management policies in any organization. If you run a bank, you will not allow anyone to make changes at the same time from a single click for 10 firewalls. The bank will never allow this. So, what is the use of this automation? Even if you are using this automation, you can do it from your native firewall vendor, e.g., Panorama or FortiManager, where everyone has their own cluster managers. At least if something goes wrong, you can still call Palo Alto and tell them you are Panorama has not done the change right, causing you an impact, and this is your Palo Alto firewall.
In this case, if I have to raise a case first, then I have to call AlgoSec and check why it has not worked. Second, I have to call the firewall vendors that their firewall is not working well, but AlgoSec has done the right job. Handling multiple vendors for such a trivial issue becomes a problem.View full review »
Lead Infrastructure Engineer at a financial services firm with 5,001-10,000 employees
Some of the auditing functionality needs improvement. Our major focus is the firewall validation process and tracking and verifying that changes are implemented correctly. We are actually doing parts of the auditing process manually. And getting any one of the vendors to bring out a good auditing process has been very difficult. AlgoSec does a good job of showing us the changes, but we're doing a manual process to actually audit it and do documentation that we can provide to our auditors that shows we're validating everything, and on top of it, that nothing gets implemented without being caught. Part of that could be improved upon.View full review »
Cyber Security Architect at a tech services company with 5,001-10,000 employees
The API integration could potentially improve. I didn't get a chance to look and see how well this solution can integrate with ServiceNow or our GRC environment.View full review »
There is a little bit of scope for improvement in the risk profiles that come with the AlgoSec Firewall Analyzer module. Currently, AlgoSec provides only three standard zones within a risk profile. These standard zones are external, internal, and DMZ. Everybody's network is divided into different zones within a data center, but AlgoSec only provides three zones. This is a limitation that I see for the risk profile analysis. If there was an option to customize these zones, it would be great.
Risk profiles currently require a lot of understanding. The UI needs a little bit of flexibility in terms of rearranging risk rules within a profile. For example, when I create rules in a risk profile, it numbers them as Rule 1, Rule 2, Rule 3, and so on. If I delete Rule 2, it doesn't reorder them on its own. Rule 2 is deleted, but I just cannot place any other rule as Rule 2. There needs to be more flexibility in building risk profiles.
We would like to have AlgoSec integrate with Cisco SD-WAN. We are a retail company, and we have about 2,500 stores. We have the SD-WAN solution across all stores. So, we need to manage a high number of zone-based firewalls. If AlgoSec can add integration with Cisco SD-WAN in the roadmap, it would be awesome.
After you add a load distribution node, there is no dashboard to tell us how the performance has improved. I can raise a couple of tickets, or I have to do a lot of permutation and combination in terms of testing to figure out whether it has really optimized the process and latency. If we can have a performance dashboard to give us information about the performance change with the AlgoSec tool, it would be great.View full review »
The analysis part can be improved when I make a flow request. There should be a clear analysis of which metric part needs to be opened and which firewalls will be opened. It should give you a bit more graphical visibility about these.
I don't know if it's possible, but there could also be policy enforcement. The reason why firewalls have problems is that standards are not being followed. If the tool that allows you to enter a request doesn't enforce standards, there's too much room for error. Automation does not solve this unless automation follows defined policies and standards. I don't know to what extent those tools can indicate the predefined policy and standards that you put in place. For instance, if you define your level of zero trust, the tool should be able to advise you on what you should do.View full review »
Technical Director at Accord Group
We see a very high demand for using containers and Dockers and therefore there is a need for managing access control to these platforms. I checked AlgoSec’s roadmap and, for now, there are no plans for developing these features.View full review »
Consultant at a computer software company with 10,001+ employees
We would like the full features of automation. That would definitely be helpful. Then, we would be capable of pushing policies to the Algosec as well as finding the path.
We would like to get the network nodes from all the different firewall analyzers. For example, in Tufin, we can find other network tools, like router switches, which show the path between source and destination.View full review »
Senior Technical Analyst at a maritime company with 1,001-5,000 employees
We have a fairly complex routing environment that AlgoSec struggled with. The initial period when we were doing an installation with their support desk was fairly challenging.
In late December or early January, we were trying to add another solution, but it wasn't working because there was no support for the version that we were running at that point. After they released the hotfix, that took care of this issue. That particular device was then supported. So, it has been very stable and working fine since then.View full review »
When we send multiple requests across at once, sometimes it causes errors and FireFlow gets stuck. In cases like this, we have to go back in and fix it.View full review »
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
In our case it would be very important to improve support to Dell switches and also some Juniper switches, which we have a lot of in our company network. This has been our difficulty for the full automation on the Fireflow. If all our network devices were Cisco I'm sure we would have the network map complete very easily and the full automation working with much less effort.
We already asked Algosec for the support of the switches we have that are not natively supported for the future versions and we expect that we are lucky enough for them to be supported on the next releases, although there are some ways of working around non-natively supported switches to complete the network map.View full review »
Information Security Specialist at a financial services firm with 10,001+ employees
The Firewall Analyzer module can be improved to implement a vulnerability management solution, or they can link Firewall Analyzer with a vulnerability management solution in order to get a better overview of what's going on in our network in terms of vulnerabilities.View full review »
What the technical teams report to me is that the network maps are a concern and should be improved. It would be easier if the network maps could be updated using the GUI portal instead of from the OS. This would benefit the operations teams working daily with this tool.
In the end, we are striving to improve efficiency, and taking into account that Operations are really under pressure from SLAs to keep support ticket queues clean, and with the least amount of backfill possible, it is key to get better tools that make it easier and faster to update the network maps.View full review »
Senior Network Security Engineer at a tech services company with 1,001-5,000 employees
Support tickets and engineer assignments are one of the few concerns we are facing these days. Initially, they were hard to co-ordinate with the technical support team and the AlgoSec management team helped us to follow the defined Service Level Agreements.
We needed to directly communicate with the integrated solution TAC Teams, let say of Palo Alto or Checkpoint, and we needed to co-ordinate jointly for addressing an issue.
The AlgoSec support team came on a joint call to address the issue on time without saying "this is not my cup of tea" and by then we were happy about the support. This happened during one of our major migrations.
Our management is expecting us to set up a CXO/CISO dashboard from AlgoSec. It would be great for us if the AlgoSec team could assist in setting up the new benchmark.View full review »
In the new version H32, there are many, many bugs.View full review »
In our environment, we add rules in the firewall based on user logins, but currently, we can't do that with AlgoSec. AlgoSec can't create rules based on user logins. For example, generally, when we create a rule, we put IP Address, Destination IP Address, and Service Port. However, in our environment, we put IP Address, User Login, Destination IP Address, and Service Port, but AlgoSec doesn't support a rule in this format. We opened a ticket regarding this with their support two months ago, and they said that they will be able to add it in the future, but they don't know the timeframe. We are currently in the process of making changes in our environment for such rules, and after two months, we won't be using the rules that are based on user logins. We will make them consistent with the market, and we will use only the IP Address, Destination IP Address, and Service Port for rules. So, it won't be a problem for us, but this can be an improvement for other clients.View full review »
I would like more documents and support for the cloud firewall.View full review »
Security Operations Engineer at a security firm with 201-500 employees
AlgoSec should be optimized. There is a lot of RPA and we have scripts in AlgoSec that need recertification. With AlgoSec Firewall Analyzer, we can see lots of objects and lots of rules that tell us we need to clean the equipment. It will give us a solution but it doesn't always work. The solution that it gives us is not always accurate from the scripts.
For example, because we have a workflow, when the user creates his ticket, the ticket was automatically dispatched to different teams. We have a security team and another team to implement and push the rules. The ticket automatically will get sent to the wrong team and then we need to send it back to the user for them to update.View full review »
It is already one of the best solutions in its category. Honestly, I have nothing to recommend but I am waiting for the R&D team to develop new features.
I mostly have some problems with the integration process. Maybe the integration manual document can be released by AlgoSec and also by the vendors themselves. It is not directly related to AlgoSec. It's more related to the vendors.
The firewall configuration recommendations are very helpful, however, sometimes it is very hard to convince anyone from the firewall vendor side. These recommendations should be posted on the vendor webpage or internal documentation as well, as best practice or best configuration recommendations.View full review »
We are running multiple hybrid cloud solutions, working with cloud providers, and looking for API integrations with cloud and related interoperability. Sometimes, when we are trying to delete or disable any rule, it takes more time than expected.
Sometimes, the web browser has issues with slowness. It can be worked out with a click or two.
Resp. Area de Segurança at REN
AlgoBot should be more developed by adding more features to the chat.
We will be integrating with Cisco ACI soon. Hopefully, new features with this integration will be developed as well in terms of automation.
I came across a difficulty recently with a BGP enabled firewall that had a large number of routes. This wasn't directly supported due to a 3000 rule per firewall limit.View full review »
I can't think of specific improvements. If anything, the product has been improving in usefulness constantly.
There are areas where auditing rule changes are not accurate. It is important to be accurate when using rule changes, as users need to be accountable for their changes; however, I cannot trust AlgoSec when rule changes come through on reports as they reflect incorrectly. I have taken this up with support and have never really had a resolution for this.
I would like to see enhanced dashboards or build meaningful reports for executive consumption.
AlgoSec is a fantastic product, and I would like to see more "granular" breakdowns of traffic on IPT traffic analysis for source and destination, as the way it does it currently does not allow me to self problems for rules with ANY in the destination.View full review »
Managed Security Services Product Manager at a comms service provider with 10,001+ employees
AlgoSec can probably do better at introducing features for the cloud firewall scenarios. This is something that will probably help customers. It needs a hybrid scenario that includes private cloud, public cloud, and on-prem things. If a feature could cover all three different types of deployment, that could probably make it even more desirable for clients.View full review »
There are a few things that we have already raised to AlgoSec in order to improve the tool. First, as the highest volume in our network is SaaS traffic, we need to secure this connection. To secure SaaS traffic there are a few vendors such as Palo Alto and Zscaler, but AlgoSec is not yet able to push rules onto these clouds. It’s in the roadmap but this is something that blocks our whole design.
The network map design is not very useful for the administrator as the information displayed is not user-friendly.View full review »
Nothing comes to mind in terms of things that need to be improved.
In terms of additional features in the next release, more integration with SD-WAN would be valuable.
I would also like to see more integration with Cloud security products and services but overall, the product compatibility and integration with multi-vendor and differing platforms/environments is pretty comprehensive. That said, with the fast-moving nature of SD-wan and Cloud Security, product features and enhancements will need to keep pace because clearly, Cloud Security is where the industry will be focusing.View full review »
IT Security Manager at a retailer with 10,001+ employees
In my opinion, the user should be granted more flexibility to choose exactly which devices per CMA should be analyzed.
The process to replace a decommissioned device with a new device is not straightforward.
With the upgrade to CheckPoint R80.xx we have started to see some issues, although this version was already some time on the market, hence I was surprised that there was no full compatibility achieved. Nevertheless, working with support and professional services solved our problems.View full review »
Level 3 Security Engineer at a tech services company with 10,001+ employees
Support could be improved. Support of the KB database is extensive but still does not cover all subjects, at least from my experience.
Another area of concern that I think could be improved is the licensing system. With the version we are currently running, it is a bit confusing since, for some reason, AlgoSec license usage is handled differently between firewall vendors. It may be a bit challenging to properly size the purchase of a new license - especially if a client is running multiple vendor firewalls in the environment.View full review »
I would like to see support more technologies, but I know that AlgoSec is always in the process of evolution.
Perhaps a better financial option would allow customers to choose the complete solution. In an environment that is very large, with many firewalls and routers, it is sometimes impossible to buy all of the licenses. This makes the AFF solution impossible.View full review »
AlgoSec should explore integrating more multi-vendor platforms and should be looking towards ready infrastructure for providing Infrastructure as service (IAAS) on any cloud platforms as the trend and technology is gradually moving from In House platforms to Cloud platforms.
Algosec should also be exploring the integration with the open source firewalls as well.
The GUI features of Algosec solution should be more flexible to use and adopt.View full review »
It would be very helpful to have a direct link to the relevant firewall policy embedded within reports when there are warnings or risks indicated. Regardless of how serious the risk is, we could jump to the policy with a single click. In this way, the administration would be much easier and we would not have to be changing the screen every time we want to look at or modify something in our firewall. I understand that they are third-party software packages that can achieve this, but it would be more comfortable to have it integrated.
All of the search options needed are there but the search menu could be a bit more intuitive. In other words, I can perform any search I want without any problems but combining different search parameters can sometimes be a problem.
Creating more intuitive menus could be helpful, especially for the first-time users.
For example, it would be useful to be able to save searches with complex structure so they can be easily reused with simple change of parameter. Also, "contain" criteria sometimes misses just like ability to search using any value in basic search box, instead of reaching out to Advanced search (it would be great if simple typing IP address, or Project ID in basic search box lists all rules containing such a value).View full review »
I would like an analysis to be created for user group rules (Check Point - identity awareness).
Current versions of AlgoSec do not perform analysis of Identity awareness (Check Point). It would be important for the user to be able to request a rule by an access role group and then AlgoSec would create this rule automatically in the firewall.
An improvement in tool performance would be important. Environments with many devices need a lot of hardware resources to avoid slowdowns. Memory consumption of the server is very high.
The product should support more vendors with the same in-depth analysis that it already is providing. This would give more reasons to for other companies to adopt it and make us preserve the investment in case we change the running environment.
It is already one of the best solutions in its category. Honestly, I have nothing to recommend. However, I am waiting for the R&D team develops new features.
I mostly have problems with the integration process. Maybe, an integration manual document can be released by AlgoSec and also by the vendors as well if it is not directly related to AlgoSec. They need to have firewall configuration recommendations. While they do offer some, it is sometimes very hard to convince the guys from the firewall vendor side. They should publish these recommendations on the vendor webpage or internal documentation as well, as an example of best practice or best configuration recommendations.View full review »
This is a tough one because it has a lot of good features.
I think that the rate of false positives can be improved. I would like a FireFlow or packet-tracer-like capability at a lower licensing level.
I liked the additional capabilities for an analyst or lower-level network admin or service desk tech to be able to check the rules to see if there is something blocking the traffic. However, I was not able to get the licensing approved above just FA.
I like the training available as it is very informative, but, I wish it was just available from YouTube and I could easily play it from my cell phone without additional logins.View full review »
Client Manager - TE Services at NTT Security
There could be certain improvements such as supporting secure email. We have some cases where the client SMTP /POP email system is discarded, which is very important factor change notifications.
Fireflow workflow rule/change implementation for time-based rules is not currently supported.
These improvements in upcoming code will definitely help with end-to-end firewall rule implementation.
NAT rule implementations were in the roadmap. We are expecting this soon.
Certain optimization of AFA/AFF SMS resources would ease daily operations.View full review »
The GUI has not been upgraded for a long time and could use updating.
The initial setup can be complex for beginners.View full review »
The FireFlow's out-of-the-box workflow configuration/customization wizard could be improved to be more user-friendly and have a shorter learning curve. The current configuration wizard is quite complex and complicated, which will result in the need to engage with an AlgoSec professional services team to perform even the simplest workflow adjustment.
I had tried AlgoSec's direct competitor's workflow configuration wizard and found it to suit most organization requirements even though the customization capability may not be as advanced as AlgoSec.View full review »
I would like to be able to see what objects have the same IP, but different names in different firewalls. Since the system is able to show all of the objects for the integrated devices, it can be confusing if one particular object (eg. IP address/host) has different names in different firewalls.View full review »
There are sometimes issues with the Risky Rules reports where the number of hits is registering zero, but we know that this is incorrect because we have checked the rules and see that they are indeed registering traffic.
Sometimes the Trust setting on Firewall rules is changing to trusted by itself.View full review »
L3 Security Engineer at NTT Security
AlgoSec firewall analyzer is already an awesome product but there are still some areas that definitely need improving.
For instance, the risky rules reporting should have more information available in the risky rules report - especially when you export the data into a .CSV format. .CSV format being a text-based visualization, some information and formatting cause the reports to lose meaning and only become just another character in the file since it cannot port over some properties (like severity represented by colors).View full review »
It would be nice to have a good tool for network map discovery in the GUI to make it more user-friendly. I would also like to be able to check and modify network maps in a graphical and more intuitive way. This will improve our network overview for new deployments and troubleshooting.
An API to connect to Palo Alto Prisma and Zscaler to be used after SD-WAN deployment would be a helpful feature. We have discussed this with AlgoSec and are hoping to see it in the near future.View full review »
Business Development Manager at Vibs
The blacklisting and whitelisting of IP addresses should be improved. There are many false positives.
The cloud migration process should be more streamlined for my customer-facing issues.
The price should be less. The customers who have just started using the AlgoSec firewall management tool, as of now, have not faced any major issues apart from some small debugging.
Improvement can be done in many areas. For example, it would be great if AlgoSec could integrate with an endpoint solution and directly integrate with firewall and endpoint solutions to bring much more visibility.View full review »
The pricing structure is not good because there is no difference between a Data Center firewall for a small branch. The pricing for smaller installations should be lowered because sometimes there is just no ROI to add AlgoSec to the small branch offices with only 10 rules.View full review »
A vulnerability management module might be interesting, though not integrated with a third-party vendor. It should be an AlgoSec VM module.
I would like some server integration for vulnerability management.
Some PDF reports are not so good. E.g., the graphics and reports are not so good. Sometimes, we need to create graphics and reports to compare security ratings across months and groups.
Technical Architect at a manufacturing company with 10,001+ employees
I believe the customization of dashboards should be simplified and more user-friendly. Customization inside the domain level needs to be improved.View full review »
Network Expert at a integrator with 1,001-5,000 employees
They can make some improvements to the user interface because it can be slow at times.View full review »
Cyber Security PreSales Engineer at a comms service provider with 10,001+ employees
The UX control panel is in need of improvement.View full review »
This solution would be improved if it were able to compare configurations and provide recommendations. For example, suggest cluster members.View full review »