The most valuable feature is that we can see what changes are happening on all our security devices at the very moment that they're done, so if any mistakes happen, then we can catch them very quickly before there is a big disaster and outage.
Mistakes like firewall policies where people put in wrong IPs instead of allowing permits and traffic stops. That is why it is very, very important.
Improvements to My Organization
On one of my earlier deployments, I was actually able to quickly diagnose about 100 VPNs that went down because one the administrators made a wrong encryption domain in the tech point, so we were able to catch it right away as the change happened. We were able to revert the changes very, very quickly, and it did not cause a long amount of downtime.
We are able to look at any objects that are not used, rule usage, which, for wide-open rules, we can put in tracking on those rules so we can turn down the rulebase, so those are the good benefits. The rulebase actually shows the same way for all the devices, so if you have checkpoint firewalls, or if you have five load balancers, you can actually have a similar view of all this, so you can understand it very easily.
The other good part is that whenever changes happen, we have to go through change control. We can put in our changer card numbers, and then those all come in the dashboard as the changes that were done on that particular change record, so then you can correlate the changes to a particular request which was approved.
Room for Improvement
New features would be when you look for any of the rules that are unused, then I would like to see whether there was a way to also make sure that the objects that exist are actually live or not. What I mean to say is, if you have a server that you had allowed in the rulebase, and you decommission the server, now the rulebase is there, which shows their logs, but I want to make sure that the server is actually decommissioned and not still alive. If there is a way that we can check for those objects, whether those objects still are alive in the network, that would be great.
Use of Solution
I've been using the product since 2007, since its very early stages.
At one time, it had processed for a year. When I was in my previous company, I had installed one of the T500 boxes, and it had actually processed about 2.7 terabytes of logs, and we were able to trim down the biggest firewall. We now do about 11,000 rules, and they had never been cleaned for about five or six years, so by the end of the whole exercise, we trimmed down the rule base to less than 300 rules.
I've used about 200+ devices. That was all the environment was, so I definitely know, talking to other customers who have thousands of devices, so it scales very well.
Customer Service and Technical Support
Technical support is great. I've worked with several people within the company.
It was straightforward. I was able to get all my firewalls and a lot of the other networking devices in less than half a day.
Other Solutions Considered
I compared it to the usability and the easy way to actually add devices. We compared it to AlgoSec and FireMon. Both of them I did not feel were very intuitive to work with, so a lot of training would be required.
Just buy it. Don't even think about any other product. Just buy it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Mar 09 2016