What is our primary use case?
The purpose of using the product was to attack and Analyse rule bases from a holistic perspective. The Firewall Analyzer has a rule base consolidator as well as a feature to make the rule base more permissive. It also helps to reduce rule base clutter, as well as legacy rules.
Traffic query helps us to quickly find rules that allow outbound access.
FireFlow is a useful ticketing system that integrates with many products.
We would like to use FireFlow's API to automate certain tickets that come through to leverage automation in our environment.
How has it helped my organization?
An example is that we have a policy with 900 rules, which we were able to reduce to 500 rules. That's close to a 50 percent savings on the rule base.
We used the Unused rules function in Firewall Analyser to examine our rule base. This has drastic performance increases in our production firewalls.
Objects not used within rules can save even more when it comes to cleaning up rule bases. Where this is a very manual process without AlgoSec, engineers can have a level of automation by building useful reports to assist with clean up.
What is most valuable?
The most valuable feature is the Firewall Analyser, which has a number of fantastic features.
From a risk perspective, you can apply compliance Frameworks like ISO 27001 and PCI DSS against firewall rule bases to see if your rule base is compliant. If you are not then AlgoSec provides descriptive ways on how to adjust rules to make your rule base more compliant.
Definitely, the policy-cleanup features are the main draw. Shadowed rules, rule duplication, rule consolidation, rules permitting too much access, and rule usage are very useful and help to clean up rule bases.
What needs improvement?
There are areas where auditing rule changes are not accurate. It is important to be accurate when using rule changes, as users need to be accountable for their changes; however, I cannot trust AlgoSec when rule changes come through on reports as they reflect incorrectly. I have taken this up with support and have never really had a resolution for this.
I would like to see enhanced dashboards or build meaningful reports for executive consumption.
AlgoSec is a fantastic product, and I would like to see more "granular" breakdowns of traffic on IPT traffic analysis for source and destination, as the way it does it currently does not allow me to self problems for rules with ANY in the destination.
For how long have I used the solution?
We have been using AlgoSec for one and a half years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
Scalability-wise, this product is good.
How are customer service and technical support?
The technical support is always responsive and always willing to understand the issues.
Which solution did I use previously and why did I switch?
Our previous solution was not useful and did not have an intuitive interface. Support was also terrible.
How was the initial setup?
The initial setup is straightforward. If you understand your infrastructure, it will be easy to deploy in a central location.
What about the implementation team?
Our deployment was done through a vendor team and it took one week.
What was our ROI?
We haven't saved any money yet but we have improved the performance of certain devices.
What's my experience with pricing, setup cost, and licensing?
I would suggest that you start with a VM, get a PoC with a temp license, and try it out. You will love it.
Which other solutions did I evaluate?
I would not like to disclose which other products, but I have used two other products that didn't even come close to AlgoSec's power.
What other advice do I have?
Its a good production and good support, definitely worth it.
Which deployment model are you using for this solution?