Prevasio Reviews

We use FireFlow. Our environment is a mixture of private and public platforms. We have been aggressively moving infrastructure up to the cloud, so everything that used to be on-prem now is all pretty much in the cloud. We have hundreds of servers and instances up in the cloud. On-prem, we still have the same. It's a couple of hundred servers on-prem that we use for the day-to-day business functions as well.

AlgoSec would help to manage our multiple environments if we had CloudFlow but we don't have that license.

Back in 2016, we migrated firewall vendors over to Palo Alto Networks. During that time when we migrated, we had over 4,000 security rules. Using AlgoSec, we were able to trim it down by some ridiculous amount, around 72%.

AlgoSec has a built-in feature for identifying risks. It'll inform the user if we have rules that allow a certain protocol open to the internet that we shouldn't. It identifies applications that are permitted in our network that pose a risk. Some examples include SNMPv1 without it being secured and that sort of thing. AlgoSec notifies us of those risks. There are also cleanup tasks it assists with. Obviously, the simpler the ruleset of your firewalls, the easier it is to manage and the less confused administrators get. AlgoSec is able to help keep the firewall ruleset simple while still maintaining its security posture.

AlgoSec provides us with full visibility into the risk involved in firewall change requests. We perform risk analysis before adding rules anyway. Even if AlgoSec said a rule is risky or not risky, it's not something we rely on heavily. We have other tools and processes to identify if the rule we added is going to be introducing risks or not.

The overall visibility that AlgoSec gives into our network security policies is pretty high. It's very clever in the logic it uses to provide insights, especially into risks and clean-up tasks. It's very valuable. It saved a lot of hours on the cleanup tasks for sure. It has saved us days to weeks.

AlgoSec's automation helped to reduce human error and misconfigurations to an extent. If I'm considering duplicate rules and human error, then yes for sure. But if not, then no, not really.

It implements and manages micro-segmentation initiatives. We recently did a project on that. We did the service segmentation using natively built reporting functionality in the firewalls. After that, we used AlgoSec to clean up those rules and trim them down. So it's not exactly to create micro-segmentation but more to manage it. It performed very well for that role, which is the experience we've had with that specific function in the past with it as well.

AlgoBot is a Slack chatbot that they've designed to help people identify if the firewalls are going to allow or block specific network traffic. We leveraged this to allow our staff to check themselves if the firewalls are going to be blocking traffic or not. That saves us logging into the firewalls and running the query off the host. We give them the power to use it and it saves us time.

AlgoSec has features to prepare for audits and ensure our firewalls are in compliance. But we have all the tools to measure compliance and security framework stuff we're doing.

We work with multiple security vendors. It's rather difficult to integrate the vendors. AlgoSec is a platform that hasn't really been developed as much as we would like to just because of its complexity to set up. If it was easy to set up and easy to get integrations with other companies, then we would be doing it. But the thought is that we are relatively stretched thin in our team as it is and the complexity of configuring AlgoSec doesn't make it any easier.

Overall, setting up new features is something that needs improvement in my eyes.

It has a cool feature where it has multiple firewall rules that say "You're allowing this IP page address to talk to this IP address on port A, port B, and port Z." For example, if AlgoSec detects that that rule was being used but it's only being used for port B and C, then it'll actually notify you that this rule can be trimmed down and you can remove port A, as it's not being used by your rules anymore. That's something we really like as well.

We installed AlgoSec in 2017.

The stability has been okay. The main uptime is fine. We haven't had any issues where it's randomly turned off. 

Every now and then we need to restart the AlgoBot feature to keep it running. We found that every couple of days, it just dies. We're not too sure why.

We haven't really done much scaling. We've just kept it isolated to one machine and ran everything from there for AlgoSec.

We're using it for firewalls. Our company depends quite heavily on the management and how up-to-date the rules are in the firewall. We definitely rely on AlgoSec to produce accurate information for one of our critical network components. We may be leveraging AlgoSec more in the future to assist with the cloud but it's still early days and we don't know for certain.

Technical support is average. In simple support cases, everyone's very helpful. When we upgraded to the new version of AlgoSec, we had a technical support staff member helping us through every step. But then some other simple cases were a bit more challenging. It would often take quite a few weeks and things wouldn't get done. They would say the issue was fixed in the next software patch when it wasn't. It's been mostly good but a few times they've missed the mark a bit.

The initial setup of the virtual machine or the appliance was straightforward. Even getting the devices we wanted AlgoSec to ingest was straightforward as well. 

It has a network map and it uses configuration from each firewall to draw a network map. Then, it uses that map to do logic of what rules and IP addresses can go where. That part was complicated because there were some very specific issues where one firewall wasn't being ingested properly. That took a while to work through and the fix wasn't what anyone really expected it to be at all.

It took us a couple of weeks to fully deploy. We got the main brunt of AlgoSec working in around a week. Fixing it with AlgoSec support took a little bit longer just because of its complexity.

The deployment required two staff members. It was another security engineer and myself. We are also the only two people who use it. 

It only requires one person for maintenance. That might be due to the limited amount of pages we have enabled within AlgoSec. It's definitely not full-time. It's just every now and then we do health checks. We have a number of monitoring tools on the box. So if it's not responding to the pings, if it can't talk out to the internet, we just get automated alerts. That's really how we determine if the box is healthy or not. Aside from that, it hasn't had any other issues.

We have definitely seen ROI. The number of rules in the firewall is the main way we've seen it. We went from around 3,500 to 4,000 all the way down to six rules. And that was over a couple of weeks. It was very quick and AlgoSec was the driver for that. If we still had 4,000 rules, then I'd be in a much bigger team trying to manage that. Because we only have a couple of hundred, it's not completely manageable, but it's a lot more manageable than a couple of thousand for a couple of people.

I don't actually know what the pricing is. We had a quote to get some professional services done for a couple of weeks. From my perspective, the cost was reasonable. It was 30,000 AU dollars for a few weeks. For the business that was unreasonable because they were trying to cut costs. But I would have seen that as a reasonable price to put on a few weeks of PS.

It has not really reduced the time it takes to implement rules in my organization. We use AlgoSec more for the clean-up after the fact. It's more of an after the fact tool that we use it for.

It definitely has not helped simplify my job. It just cuts out the middleman of having to ask someone a very specific question. Identifying those are very hard to do, and we wouldn't be doing it if we didn't have AlgoSec to do it for us.

If we had a couple of thousand rules in the firewall, it would be a number of increased things that the business would need to consider. We would need an additional firewall administrator to manage these rules. Rules would take a lot longer to be introduced into the firewalls. There's a delay in a developer spinning up a new server and then the firewall actually allows that new server through. There's just the overall complexity and documentation would take a lot longer if we had multiple rules. Even just the cleanup and management like general overhead would be significantly more.

If you look at it that way, AlgoSec has saved the business maybe a couple of years of salary. It's simplified the rules to such a point where it's manageable. The rules are still manageable by fewer administrators. There is more human work. There's more flexibility for staff to be working in other areas as opposed to having multiple people assigned to the firewalls, looking at complex rule sets.

It does the job. It's very good at taking something complex and simplifying it into something that's a lot easier to understand and manage.

It's one of those tools that takes a little bit of time to get set up and used to, but once it does, it's very powerful with what it can do.

I would rate AlgoSec a seven out of ten. The functionality on the platform is extremely good. But getting it set up and the complexity to install new features and stuff like that, brings it down a little bit.

We needed something to tell us the quality of our firewall rules in terms of their implementation.

We use the following components of AlgoSec: AlgoSec Firewall Analyzer (AFA), FireFlow, AppChange, and CloudFlow.

I get reports that address the different types of things that we look for in security which it protects for, mainly things in the firewall with monitoring or compliance. With this, I felt like it is a great product.

Because of how sophisticated the product is, it allowed us to get very useful, actionable information, reducing the time it takes to implement firewall rules in our organization by 40 percent. However, we are still trying to figure out if we are going to switch to it permanently.

I felt like the compliance blueprints were more sophisticated, which is kind of what we need. The type of environment we need in order to reduce risk is to have a number of different compliance blueprints that will give us the flexibility of being able to handle multiple different kinds of audits.

We use it to assess some of the readiness of some of our projects. We use it to model what we potentially would do if we keep it on, which it looks like we probably might. So, we did use it to help with some modeling.

AlgoSec's automation helped to reduce human error and misconfigurations. They have built-in ISO and other types of compliance fabrics. That reduces errors because it does a lot of policy thinking for you. This has improved our security operations.

It empowered our security engineers because you need to have the best, top-end tool if you are looking at modern high-end threats. 

We have used the solution to implement and manage microsegmentation initiatives. That is the whole point of modeling towards, "Hey, how will this work for a specific situation in the end?" I think it's a great solution because a lot of companies are not just going to the cloud, but microsegmentation and service-delivered products. So, I feel like it is very capable and comparatively better than its peers, if not equal.

AlgoSec is very complimentary to Cisco ACI because a lot of people are doing SDN. Having that integration is critical because a lot of the applications are more geared toward ACI. So, having something that compliments but doesn't break or get in the way of what the client finds important is ideal. Because, in some cases, we are not just representing ourselves, we have to extend what the client wants.

The Analyzer was the thing that had the most value because I am all about the quality of the rules and number of the rules. I thought it was really a great product, especially because we have more than one type of firewall.

I liked the level of detail. I thought it was a good measure of what people needed to understand. It had really useful information about controlling the environment. It looked like AlgoSec has done a really good job with developing what customers might find useful.

AlgoSec provides us with full visibility into the risk involved in firewall change requests. There is a lot of competition out there. This provides a comprehensive environment where risk is properly captured, which is very valuable.

The list of tools in the AlgoSec suite all seem to complement each other, which is what we needed towards making sure that we weren't leaving anything out. So, it seemed to be comprehensive enough between all the different products.

AlgoSec helped us to gain visibility into our application connectivity flows, which was important. We have Splunk, so we need a firewall/security expert view on top of Splunk. I felt like AlgoSec gave us that information. This allowed us to show that AlgoSec could be a valuable contributor to our security environment.

It enables us to manage multiple or dispersed environments in a single pane of glass. This is good because we have a complex support model that we are trying to simplify. There are as few panes of glass as necessary. Even with a separate security pane, it is worth it. 

The API integration could potentially improve. I didn't get a chance to look and see how well this solution can integrate with ServiceNow or our GRC environment.

We demoed it for about three months.

It is a very stable product. It is definitely more stable than FireMon. I felt pretty good about it. I didn't have to worry about apologizing for the product because of integrity issues, which is usually a thing. I felt like I did not have to worry about it.

It was very scalable, which is important. One of the reasons that I was able to champion it (in terms of the demo) is because we were starting small. However, if everybody likes it, we will ramp up pretty big.

The SOC has about 10 admins. There are a lot of IP addresses. These 10 guys administer about 3,000 devices.

We haven't really had to call much. That was one thing we were trying to figure out: If we are going to get a consultant or get some a la carte stuff during the demo. We will probably look up a support agreement from the corporate side, if this goes into production. There are some people with whom we are talking about the contract on the backside.

The initial setup was pretty straightforward. We had some help, but it just seemed pretty straightforward.

Deployment took about a month because of some internal stuff. This was fine because I couldn't get a lot of buy-in time on how much time we have for development.

We run a full SDLC where we use a project management organization who uses kind of an agile/waterfall hybrid. We have multiple departments that all have a stake in terms of how we deploy the demo to make sure that everything models exactly when we turned it on.

The migration process was easy because it was a complete product. We need something ready out-of-the-box to help where we don't have to figure out the product or use cases as much because it fits the use cases with its features. AlgoSec felt like a great fit to us.

We had some in-house talent who had some experience with AlgoSec. We also contracted an integrator.

It helps to have somebody who really knows the product well enough in order to get it modeled quickly. That way, the executives who are looking at it see success quickly. 

It is worth the cost. 

I heard that the licensing was around $100,000 a year, and I don't know how accurate that is. That seemed a little high, but compared to everybody else, it seemed about the same.

I have been at other companies in the past who did bake-offs.

It is not up to me. I just give them the information, putting the information into their hands and having them make the decision. However, I feel pretty strongly that AlgoSec could be it. Once we got rid of our third place (FireMon), I said, "Oh good. That gives AlgoSec a fighting chance." 

I have always thought it should be between Tufin and AlgoSec. That has always been the most realistic comparison to me. I didn't like FireMon's level of support. We thought AlgoSec was more scalable and efficient with better visibility. 

AlgoSec vs Tufin: I would have thought that Tufin would have won. AlgoSec kind of surprised me because: 

• We had better performance with AlgoSec.
• We were able to set it up easier. 
• The regulatory compliance matrices were better. 
• The ranking of risk in the firewall rules was better.
• The role-based access was really good at the time.

I probably wouldn't look at anything else if you're not going to integrate the API. Although a head-to-head trial is a good idea, a lot of people don't really have the time for all of that. Just start with AlgoSec. It is number one in a lot of markets for a reason.

We work with multiple security vendors for different tools and functionality. AlgoSec is an absolute leader when it comes to integrating with the leading vendors. I need to have things that are leading their sectors because that is the only way of answering security controls for risk.

We haven't had a breach as far as I know. However, I feel like if we were breached, this would be a critical tool because people would want to know what the firewalls saw. This is the best of the very best firewall tools. When you need something that tells you what is happening with top security devices and tools, this would be the first place where we would get intelligence about the breach. 

If we use AlgoSec, then we will use it 90 to 100 percent. If this solution gets the go ahead, then we may get the rest of the suite. Though, we are pretty much using the entire suite.

I would rate this solid nine (out of 10).