Over 259,791 professionals have used IT Central Station research.
Compare the best Firewall Security Management vendors based on product reviews, ratings, and comparisons.
All reviews and ratings are from real users, validated by our triple authentication process.
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score.
The score is calculated as follows: The product with the highest count in each area gets the highest available score.
(20 points for Reviews; 16 points for Views, Comparisons, and Followers.)
Every other product gets assigned points based on its total in proportion to the #1 product in
that area. For example, if a product has 80% of the number of reviews compared to the product
with the most reviews then the product's score for reviews would be 20% (weighting factor) *
80% = 16. For Average Rating, the maximum score is 32 points awarded linearly based on our
rating scale of 1-10. If a product has fewer than ten reviews, the point contribution
for Average Rating is reduced (one-third reduction in points for products with 5-9 reviews;
two-thirds reduction for products with fewer than five reviews). Reviews that are more than 24 months old,
as well as those written by resellers, are completely excluded from the ranking algorithm.
For us, it's more important for our firewalls, to maintain the configuration compliance, to look at duplication of rules; clean up functionalities on the firewall and compliance of the firewall. That's where it's most important. We're still... more»
It's given us more visibility in terms of what are the kinds of configurations that are on these devices, and how many of these are stale rules. So it's helped greatly in terms of cleaning up of rules, for sure. And it has definitely given a... more»
The primary room for improvement would be to enable a web interface, which is not something which is there in the product. This is supposed to have come a year, a year and a half ago, but still has failed to come out. It still needs a client... more»
The most valuable feature is more or less the ability to look for the shadowed-based rules or rules that are being used, and also for change management, i.e., getting alerts from the system. This helps us to determine who is making the... more»
It's kind of a two-fold type thing for us. We were in the middle of a project, where we were migrating from one set of firewalls that were old to a newer set. So, this tool has allowed us to go through and identify rules that we could get rid... more»
So far, we're not too much into the product yet. However, we're not really liking the web interface. We enjoy the so-called fat client a lot better because it just gives a bit more of the opportunities to work with the software faster,... more»
We use the forwarding capabilities because we don't have another way to report on the firewall. We use it for cleanup and also for our biannual firewall review. Pretty much that's the big reason that we use FireMon.
The time that it takes for us to do the review: Previous to FireMon, we would have to go through the firewall pretty much manually, every line. This took an incredible amount of time. With the FireMon product, we did notice a significant... more»
We've had issues with backups. We almost lost our database at one point. It would be nice to be able to back up the backup configuration to a network share or some other function. The only way that we know how to do it right now is to do a... more»
* The ability for spotting the shadow-based rules helps us to eliminate overlapping rules. These may not otherwise be needed or may be under-used. * Helps us to identify those items and gives us the ability to go back and audit the firewalls.... more»
So far, we're not too much into the product. * We don't quite like the web interface. * We enjoy the so-called Fact Client a lot better because it just gives a bit more of the opportunities to work with the software faster. There's been a... more»
The way we've set up our policies are pretty unique in what they do, so there's not a lot of compare between them. But, historic is really important. We look at them and we say what is and what isn't important. We run through the compliance... more»
We perform a lot of compares that show what was and what is now in our rule sets. In case there are issues or when somebody says, "Hey, this was working but now it doesn't," or, "Oh, I'm pretty sure that was in there and you must have removed... more»
We’ve asked them how to shorten the length of the change reports for global rules. They're going to try to allow us to select whether the global rule is reporting, or they're going to tell us how to do it a different way. We just brought it... more»
The most valuable feature is security management because it allows us to look inside the firewall and see things that the firewall doesn't report. For some of the things the firewall applications lack, we're able to gain insight with the... more»
For me, specifically, I use it for a lot of firewall migrations. We can see rule usage. On a project that I was on, we saw the rules on the migration. We pulled the rules out that weren't being used, and then we could take rules that were... more»
One area with room for improvement for me is doing the updates. We have to download it from User Center and then put it unto the machine through FTP, or something like that. I would rather just go to the GUI and hit the Update button, and it... more»
Tufin is invaluable for helping us keep track of things, providing us a method for checks and balances. We're a Tufin SecureTrack customer at this point, and the product serves multiple purposes when tracking changes. We’ve also starting... more»
We are starting to use it more as a compliance tool as opposed to just for tracking changes and backups. Because it tracks changes, SecureTrack maintains a complete CVS (Concurrent Versions System of all of the configurations of a lot of our... more»
With SecureTrack, I think it does what it needs to do, so I can't recommend any changes, although I would like to see additional vendors added to it (and I’ve already discussed that with Tufin). They already support F5 BIG-IP, so we've... more»
The biggest thing that we have been using is the automated reporting. I work on a very specific portion of our network enclaving strategy. For the initial ones we’re working on, I get a big report every Monday that has a full listing of... more»
We've used some of the rules recommendation modules. You can give it a certain data feed and it will recommend a rule set to accommodate that. That's the other tool that has been helpful for us. Our biggest problem is that we have a very... more»
I haven't seen where they've gotten recently with the whole zone policy matrix that they showed us a year or so ago, but to me that's going to be one of the big things, it's going to drive us. There was a feature they were working on that... more»
Panorama: Provides a central management capability for all of the firewalls. It has the ability to manage the devices in groups based on their use. We use the firewalls in two primary functions and the ability to provide management of the... more»
I can’t say that it has significantly improved the functions of the organization over the firewalls that we were previously using. The addition of a good central management capability has helped improve the management of the firewalls, but... more»
Panorama: The ability to add scheduled jobs would be a significant improvement. Panorama has the ability to push out OS updates, but it would be nice to be able to schedule those updates so not to affect the site during normal business hours.... more»
We purchased Tufin for the rule based analysis, so that when we did a Check Point migration from the earlier versions everything was OK. We now have rule based analysis, and we can move in, see unused rules, and try to optimize the rule base. Tufin enabled us to clean out the rule base pre-migration. There's no point in migrating old and unused rules and objects... more»
SecureChange has been a bit of a challenge. It's been a long time coming, and I guess improvement is also needed in their relationship with the customer to get the initial functions of it working. It's more making the move towards SecureChange which possibly isn't down to them, it's probably down to our relationship with our reseller and nailing each other down.... more»
Good and bad experience - A case study of the use of AlgoSec FireFlow.
· Cut turnaround time on firewall rule changes from weeks to days.
· Improved network visibility via policy discovery, map and traffic simulations.
· Increased accuracy of firewall changes with improved network security.
· Highly improved traceability and accountability in the firewall change process.
· It is easy to customise AlgoSec FireFlow to a quality system.
Over the past two years, we have been able to identify a bunch of rules that were orphaned and no longer have any need. These rules were exposing our organization to undue risk associated with devices being exposed to the internet that... more»
What's funny is that if I had been asked eight months ago about areas with room for improvement, I would have said the product in general needed to be improved. It wasn't web-based. It was client-based and it was just kind of clunky. In the... more»
Following installation, we mentioned to the SE what ports were on the rule already, and he responded that those were the right ports. So immediately, Tufin already saved us work. And there was already traffic to the destination of a requested... more»
From the very beginning, Tufin has kept our rule set compact so that we don't have to keep stacking up rule after rule. We still have to analyze and find rules that are too open, but it helps use make the right rules in the right places. It's... more»
With a network like ours - more than 100 routing points with around 6 VRF on each - traffic simulation query is one of the most valuable feature on AFA. For FireFlow, workflow customization and active change are the best features. In... more»
This product allowed us to identify unused rules more easily and doing this simplifies policies in our firewall. We now have documentation of our application with objects sync with real configuration. Our approval in change management has... more»
A lot of areas have room for improvement!! This product is still young and in constant development. Interaction with a lot of vendors generates a lot of firewall options (specifically, a timer on services, application control, and so on...).... more»
Our firewall policies - we work under the standard ITIL framework - and project managers are very good at adding rules to allow their projects to work. However, they're not so good at coming back when the project is finished or the solution... more»
I basically came on board to do the upgrade, which I've done. So, in the old product, we were able to get things out of the CSV file format and that allows you to then manipulate it, but now it's PDF mainly. Beforehand, we were able to take... more»
I can mention high-level stuff. Basically, it gives us visibility that we were lacking; having everything being able to be viewed in one pane of glass. Instead of having to go jumping all over the place into the different platforms, you can... more»
I can mention a ton of areas with room for improvement, but from a high-level standpoint, I just don't think version 8 was ready for prime time, yet. They're still working on it. There are still major swaths of the tool that need attention.... more»
* The comparison of what changed. * I also like being able to use the historical data - did this access exist on this date a week ago, two weeks ago, etc. Because I'll have a customer who's like, "Hey, our traffic isn't working anymore. It... more»
We're currently using SecureTrack. We've deployed SecureChange, it's currently essentially at this point in a deaf status. But from SecureTrack, one of the most useful tools that I've had as well is the usage reports. Whether it's zero usage... more»
We're in talks with sales about them writing code to integrate with some of our different tools, so that's nice. I can't really think of any features that either don't exist or we haven't already requested. We've asked for integration with... more»
With the change control functionality, if somebody was to go in and make a rule change on the firewall, it's configured to send a notification as soon as those changes have been made. If this happens outside of a change window, we can track... more»
We just updated to the latest version, so I haven't had a chance to play with the enhancements from what we were previously using. What I was looking for in the previous version was better capability of adding change control numbers manually... more»
Tufin gives you the ability see what changes have been made and who made them, as well as pinpoint what has changed so if there is an issue you can easily review it. I also like that if there is a new request that's coming in, you have the... more»
We use reports a lot for cleaning up, which is part of our regulatory requirement. You need to review the policies for any old reports, used objects or used services. That's basically what draws the purchase of this product. I also like the... more»
The ability to search could be improved, and it would be helpful to be able to display more than a hundred results on a search or share when you do the workflow with multiple people at the user level on your same team. If you have a team of... more»
The biggest value for me is the ease of implementation. I'm newer to the company, only been there a year, but the fact that I could could win and recommend this product within six hours of getting the license installed shows that there's... more»
I've been trying to clean up the firewall policies that I inherited from different iterations across topology changes -- from Cisco to Juniper to where we are now -- that have never been cleaned up. We're not publicly traded, so there's not a... more»
I'd like to see more work done on the topology side. Although the tool has gotten progressively better, topology still needs work. If it could be improved, that would really make the tool much more powerful. You can then have non-firewall... more»
Hands-on IT professional with 18 years of experience, 16 of which are specific to information security. Extensive, executive level and down, customer facing outside sales experience. Highly evolved presentation and interpersonal skills. A team leader with strong analytical, management,... more>>
Someone who just wants to learn about security, cooking and creativity. Because with creativity, can make life more colorful
Some collection of my little experiment about security (Indonesian version) :
Some collection of our article about security... more>>
Independent Information Security Consultant, Writer, Professional Speaker, and Expert Witness
I am an independent information security consultant, expert witness, professional speaker and author with over 26 years of experience in IT - the last 20 of which I've dedicated to information security.
I have appeared on CNN as an information security expert and have been quoted in the Wall... more>>
Network Security is fun! :-)
Started of my security career with Clavister in 2003, from there have worked with a wide range of vendors like CheckPoint, Juniper, BlueCoat and f5. I have a big understanding of networking in general and network security in particular.
During my years in the... more>>
Not sure which Firewall Security Management solution is right for you?Download our free Firewall Security Management Report and find out what your peers are saying about Tufin, AlgoSec, FireMon, and more!