What is our primary use case?
We utilize this solution to manage policies for our firewalls. At first, we used it to keep a record of our policies: Who changed something, when, and whether the policy is allowed or not. We now use it to map our traffic flows and to flag a policy that is not allowed by the criteria we have set for our different types of firewalls.
We used it initially to go through all of our policies on over 800 firewalls, to organize the policies and map out our policy flows to certain zones. That enabled us to know how to structure our policies.
We spent a year going through our firewall policies to clean them up because before, when we were on Cisco ASA firewalls, we had a very hard time regulating what types of firewall policies were being created, and it was even harder to review them. After we moved to Palo Alto firewalls, we decided that that was the best time to load our policies into AlgoSec and review them. That way we not only converted to a more capable next-generation firewall, we could also ensure the policies were strong.
How has it helped my organization?
AlgoSec has helped significantly with our firewall compliance. Before AlgoSec it was a very manual job to go through firewalls and look for risky rules. Now, we get alerts when a risky rule is created. This allows us to maintain compliance and run compliance checks monthly. As a result, we have saved many hours of work by our operations folks. They were the ones who had to manually review all of the firewall policies and create evidence of their review in a very scrappy fashion.
With AlgoSec, we can show a view of firewall compliance that is clean and easy to read and present. This also helps our business units ensure their policies are clean. With that data, we are able to show management that the firewalls connected to our network, but owned by other business units, meet our standards.
What is most valuable?
We like that we have been able to identify risky rules, based on the criteria we have set. We also like the ability to push policies from AlgoSec to the firewalls to ensure risky policies are never created in the first place. That's a feature that will help us in the future as well.
We are moving towards an automated environment so the ability to work with Ansible, ServiceNow, and Palo Alto gives us the ability to automate our firewall policy creation. And it does so in a manner where we do not have to worry about a policy being created that may put our organization at risk.
What needs improvement?
Support for Layer 7 policies, including User-ID and threat profiles with Palo Alto firewalls, has been a pain point from us. We would like to include the additional info specifically because we believe it changes the riskiness of the rule if it is only set for a specific user or a group of users. For example, if we have what looks like an "allow all" to a certain /24 network, but for only one user, we would give that a different score than if no user was identified.
For how long have I used the solution?
We have used this solution for six years.
What do I think about the stability of the solution?
AlgoSec has been very stable for us.
What do I think about the scalability of the solution?
How are customer service and technical support?
We have had our issues resolved very quickly.
Which solution did I use previously and why did I switch?
How was the initial setup?
The initial setup was very simple. We just set up SNMP.
What about the implementation team?
We used a vendor team and they were great.
What was our ROI?
The ROI for us is the great assurance we have in the security of our firewall policies.
What's my experience with pricing, setup cost, and licensing?
Be sure to scale properly.
Which other solutions did I evaluate?
What other advice do I have?
This solution will help you significantly with compliance, the part of your job that may not be your favorite.