What is our primary use case?
We use the solution for change control of policies on firewalls, for service desk integrations, and for the service desk rules of network users.
We use the firewall management solution. Our environment is on-premises only. Our company works with financial institutions and they require everything to be on-premises.
How has it helped my organization?
There is no question that AlgoSec has reduced the time it takes to implement firewall rules. That is also true because some of our clients use firewalls from various vendors and AlgoSec allows them to implement firewall rules on those firewalls simultaneously, even though they are from different vendors. Even so, when we receive a request for a rule exception, no one controls how long this exception is valid. As a result, these exceptions are valid for a long time and accumulate one by one. With the help of AlgoSec, it is very easy to eliminate this problem. A timer is set for a given firewall rule and, when the timer runs out, a security engineer is notified that the rule is set to expire at the specified time.
In addition, large deployment cases face a large problem due to the number of firewall rules, which can slow down the performance of a firewall and overload the firewall memory. This happens in part because of duplicate rules and rules that conflict with one another. With the help of AlgoSec, we reduce the number of rules, on average, by 30 to 35 percent. AlgoSec cleans duplicate rules and conflicting rules, freeing up memory.
At least two of our clients, when using AlgoSec extensively, have seen a reduction of at least 1.5 to two times what it would take them to implement firewall rules, by reusing predefined templates within AlgoSec. In addition, they find it extremely helpful that AlgoSec checks them for compliance. Before AlgoSec, they had to manually justify compliance of every single firewall rule, when being audited for compliance. They had to explain why it was created, which client and/or service was behind that rule, et cetera. In comparison, AlgoSec does the compliance check on each and every firewall rule making sure it is always compliant with the latest requirements and one can quickly create a report to prove it.
When it comes to preparing for audits and ensuring firewalls are in compliance, about 60 percent of our clients are financial institutions, like banks and insurance companies. They have to adhere to the strict compliance rules and AlgoSec allows us to ensure that the firewalls are in compliance with the normative requirements. IT departments are able to create PCI and DFS reports via AlgoSec that are acceptable for such audits.
In terms of working with multiple security vendors, we usually integrate AlgoSec with other service desk vendors, like ServiceNow and controllers like Cisco ACI. AlgoSec has resources on their website where we can find documentation about integrations with various systems. It was fairly easy to integrate AlgoSec with ServiceNow and Cisco ACI. Their API is understandable and very well described.
The major value, at least here in Ukraine, when integrating AlgoSec with Cisco ACI is that we see most of our clients prefer DSN systems, like Cisco ACI, for data processing. ACI contracts are treated similarly to firewall rules, i.e. permission is required for access. Some of our clients use over 400 such contracts for data processing. Implementing access rules for these systems is not easy. With the help of AlgoSec we can create a rule and AlgoSec checks it for compliance, for duplicate rules, and rule conflicts. That very much simplifies the implementation and deployment of contracts in ACI.
AlgoSec helps tremendously when it comes to reducing human errors, especially when the environment includes firewalls from disparate vendors. In that situation, the probability of human error is very high. It is difficult for me to approximate by what percent it has reduced human error but the reduction is very significant.
In addition, it has helped to simplify the job of security engineers. I’m very sure of that because, otherwise, our clients wouldn’t buy more AlgoSec user licenses.
What is most valuable?
For us, as well as for our customers, firewall management and change management are the most important features.
What needs improvement?
We see a very high demand for using containers and Dockers and therefore there is a need for managing access control to these platforms. I checked AlgoSec’s roadmap and, for now, there are no plans for developing these features.
For how long have I used the solution?
We have worked with AlgoSec for two to three years, implementing the solution for our clients.
What do I think about the stability of the solution?
Everything works great. We have not seen any significant bugs.
What do I think about the scalability of the solution?
Our deployments of AlgoSec are not large so we haven’t faced a scalability issue. The maximum AlgoSec deployment we’ve done is for about 100 endpoints and that is not a problem for AlgoSec.
How are customer service and technical support?
We have never needed to use AlgoSec support.
How was the initial setup?
To deploy AlgoSec properly it is important to understand the client's environment. To that end, we have a questionnaire that we send to our clients and that helps clarify what the client's requirements are. It also provides information on the architecture of their environments. Once we receive the questionnaire, we go over the project specifications with them to make sure they didn’t miss anything, such as integrations with other systems.
Next, we usually do a PoC to test AlgoSec in their environment and that is when we calibrate the solution to the client’s specs and do the necessary customizations. Then we purchase the licenses and roll out AlgoSec into the client's production environment. We also provide technical support for the client for at least a year to make sure that they become familiar with the solution.
The amount of time it takes to deploy always depends on the complexity of the client’s requirements. For example, for firewall management setup without integration with other systems like a service desk or reporting systems, deployment generally takes up to one month. If we need to integrate AlgoSec with solutions like a service desk, then the deployment can take up to four months because there are major changes to the whole business process and these changes require planning, documentation, implementation, and training of end-users.
There are usually three people involved on our side: a salesperson and two engineers, with the latter actually implementing AlgoSec.
What's my experience with pricing, setup cost, and licensing?
I can’t say that this is a cheap system. It's affordable for large enterprises and, in some cases, for mid-sized companies. For the majority of other companies, this solution is out of their price range.
Which other solutions did I evaluate?
I have hands-on experience with Tuffin and both of these products (Tuffin and AlgoSec) are equal in terms of functionality. In terms of main differences, it comes down to a personal preference.
What other advice do I have?
My advice is to do a PoC. Many would simply read reviews about the solution, watch demos, and request price quotes. At that point they would note that it is not a cheap solution and stop there. That is why I strongly recommend doing a PoC. Only through using the solution can you see how easy it is to manage and implement security rules. It becomes very clear that you’ll see a return on investment in terms of the time saved by your security engineers.
Another recommendation would be to evaluate similar solutions to AlgoSec, especially for companies that are planning the implementation of DSN systems, like Cisco ACI. This is because it involves labor-intensive rules implementation, and with the help of AlgoSec it can be drastically simplified.
The overall visibility the solution provides into network security policies is not applicable to us because our clients are using AlgoSec for firewall only, for edge connectivity of their networks to the internet. We only have one client that used AlgoSec to control rules on the internal firewall, which is deployed into their data center.