We just raised a $30M Series A: Read our story

AlgoSec OverviewUNIXBusinessApplication

AlgoSec is #1 ranked solution in top Firewall Security Management tools. IT Central Station users give AlgoSec an average rating of 10 out of 10. AlgoSec is most commonly compared to Tufin:AlgoSec vs Tufin. AlgoSec is popular among the midsize enterprise segment, accounting for 61% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a computer software company, accounting for 32% of all views.
What is AlgoSec?

The leading provider of business-driven network security management solutions, AlgoSec helps the world’s largest organizations align security with their mission-critical business processes. With AlgoSec, users can discover, map and migrate business application connectivity, proactively analyze risk from the business perspective, tie cyber-attacks to business processes and intelligently automate network security changes with zero touch – across their cloud, SDN and on-premise networks. Over 1,800 enterprises, including 20 of the Fortune 50, utilize AlgoSec’s solutions to make their organizations more agile, more secure and more compliant – all the time. Since 2005, AlgoSec has shown its commitment to customer satisfaction with the industry’s only money-back guarantee.

AlgoSec Buyer's Guide

Download the AlgoSec Buyer's Guide including reviews and more. Updated: December 2021

AlgoSec Customers

Maersk, Delta Airlines, Chevron, General Motors, T-Mobile, Chevron, AT&T, BP, Bell Canada, HCA Healthcare, Morgan Stanley, Unilever, Nationwide Insurance Enterprise, US Bank, Microsoft 


AlgoSec Video

Pricing Advice

What users are saying about AlgoSec pricing:
  • "The price came in where we really didn't even need to have much of a discussion. That was very good. There are also options regarding what you want to pay for. It wasn't really pushed on me that I have to get all of it or else I can't be an AlgoSec customer."
  • "We are working with our finance department right now to be able to purchase it. The AlgoSec team is doing everything that they can in their power to get the costs down to where our budget is. They have worked a lot on it. They have cut the cost in half for us so far by questioning, "This is in the quote. Is this something that is actually needed?" They have pulled some stuff out and cut our costs down by 50% for the product itself."
  • "AlgoSec is not a cheap product. If I compare Firemon and AlgoSec, because I am also Firemon certified, Firemon is still cheaper in price than AlgoSec."
  • "I heard that the licensing was around $100,000 a year."

AlgoSec Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
ChristopherWalsh
Vice President Head of Information Security at Itau Corpbanca New York
Video Review
Real User
Top 20
Gives us the ability to dig down into details and work at a level above the skills that we already have

Pros and Cons

  • "The most valuable is helping us determine where our rules are too permissive. Based on previous human review of our rules, they are very cursory. We know why we do something, but we don't get into the details of whether the rule is nice and tight. What Firewall Analyzer lets us do is understand the risks presented by our rules. The tool does a calculation of all the traffic that could be allowed and we can match that to whether it should be allowed."
  • "We are using AlgoSec directly against our Cisco Firepower. At first, AlgoSec didn't work with Firepower. It didn't know how to read the logs. So, improvement has been made. Now, the feature that was available on the older generation firewall is available on the current one, but this is a problem which has already been dealt with."

What is our primary use case?

Our primary purpose right now is Firewall AlgoSec Analyzer so we can ensure that our rules are nice and tight. We also use the configuration report to make sure that the firewall configuration is nice and tight. 

We are starting to use modeling. AlgoSec Firewall Analyzer enables us to input details about what we would like to do to see what firewall changes would be required, if any. Also, if we are having problems with getting an application running across the network, then we can use that to establish what firewall rules might be giving us problems.

As a small branch office focused on wholesale banking, we have a very flat network that we are trying to improve upon. Over the course of last year, everything has been flat and accessible. Now, we are breaking into VLAN segmentation. That is where Firewall Analyzer will really come into good use, because it will help us to limit the traffic to only what is necessary. 

We have some cloud. Our core banking is with a different organization, which is in the cloud. We also have a couple of other treasury cloud applications in the cloud. However, a fair amount of our network is within our data center and office. So, we have a hybrid model.

How has it helped my organization?

We are very simple. The benefit of AlgoSec Firewall Analyzer right now is to give us skills that we don't already have with our people. Also, when we get into our periodic reviews, AlgoSec enables us to do it without adding additional staff. Something that we are not able to do because that is controlled in the Chilean head office. So, we need to make the best use of the best tools to secure our environment with a minimal number of people.

AlgoSec reduced the time it takes to implement firewall rules in our organization. Before, our firewall rule review was always done manually. When we installed the appliance and ran the report, we quickly found half a dozen areas where we were more exposed than we needed to be. The manual process used to go on for weeks. The AlgoSec process right now, as we develop and become better with it, takes only a matter of two or three days. We can have a good solid review, then we can get into very specific details about any rule or configuration with the objective of ensuring least privilege. Only the things that are needed to support business activities are allowed.

We are a regulated industry: financial services. We are obliged to at least annually review our firewall rules for risk. Are they too permissive? Are they not needed? Because we have this tool, we can now do that once a quarter. Before, we only did it once a year. 

We are a small branch of a much larger organization in Latin America. The rules that were set up allow free flow of information back and forth, i.e., network connections. Right now, with ransomware being what it is, we are starting to review those rules because they are too permissive. Another way that AlgoSec is helping us, internally, is working with our head office to make sure that they are treated with least privilege. Something that is not normal. Something that didn't happen, "Just because."

I have been with this organization for about two years. All the wide-openness of the network communications was just a bad event waiting to happen. AlgoSec Firewall Analyzer has given us the great ability to dig down into the details and work at a level above the skills that we already have, making sure that we are in a process. It started months ago and will continue for seven more months. That network traffic in and out of our perimeter is the least that it should be.

We work with multiple security vendors. For just IT alone, we have three primary vendors and a couple others that pitch in when needed. AlgoSec Firewall Analyzer helps us to make sure that we allow only what they need and that we keep them to the internal assets. They are external third-parties. We have high assurance that they are only able to access network assets that are part of the contract. Another vendor manages our firewall. The reason we have them do it is because we don't have the expertise amongst our people. So, the addition of the AlgoSec Firewall Analyzer enables us to have the intelligence of what is good and what is less than good. Thus, we can help keep that third-party on the rails, that they are doing good things for us, and we have the evidence to prove it.

We are getting into using AlgoSec to implement and manage micro-segmentation initiatives. One of our audit concerns was the flat network, and we started to work based on what we already know to create a test segment. However, AlgoSec is helping us to validate the traffic that will be allowed into that new segment, restricted to only that which we need. No sense in creating an isolated network if bad things can still flow back and forth between test and production. So, AlgoSec is a tool that is helping us make sure that we have all the isolation that we need. But, because of the syslog counters, we can also tell over time whether we did a good job in the first place and whether the remaining rules that we configured to be nice and tight are still needed for business purposes.

What is most valuable?

The most valuable is helping us determine where our rules are too permissive. Based on previous human review of our rules, they are very cursory. We know why we do something, but we don't get into the details of whether the rule is nice and tight. What Firewall Analyzer lets us do is understand the risks presented by our rules. The tool does a calculation of all the traffic that could be allowed and we can match that to whether it should be allowed. Another thing that we have recently started to do, but only about 100 days ago, is collect syslog events from the firewall that now tell us whether the rules that might be well-configured are actually being used by people or traffic. Our next step will be to start eliminating well-formed rules that just aren't needed.

The overall visibility that AlgoSec gives me into our network security policies is perfect. We think about separation of duties. As the information security officer, I shouldn't be logging into the firewall and playing around. What AlgoSec does is give me the ability to see everything about the firewall: its rules, configurations, and usage patterns. It gives me all the visibility that I need to make sure that we are doing what we should do to keep it tight. There is no perimeter anymore. We have to be very careful what we are letting in and out, and Firewall Analyzer helps us to do that.

Another very useful feature of the AlgoSec Firewall Analyzer is it will alert us to changes in firewall rules and configuration. So, we have a third-party who manages our firewall. AlgoSec gives us notification, if they go in and make changes either to the configuration or rules, so we can keep track and make sure that only authorized changes are occurring.

What needs improvement?

We are using AlgoSec directly against our Cisco Firepower. At first, AlgoSec didn't work with Firepower. It didn't know how to read the logs. So, improvement has been made. Now, the feature that was available on the older generation firewall is available on the current one, but this is a problem which has already been dealt with.

For how long have I used the solution?

I became familiar with AlgoSec Firewall Analyzer way back in 2004. I was trying to do some independent consulting, and part of that is a good firewall review. So, I started to look for tools. That is when I had my first discussion with AlgoSec. Since then, I have used it a couple at different organizations, including the one where I work now. It has been quite helpful with making sure that our firewall configuration is all that it should be.

What do I think about the stability of the solution?

It is set and forget. I don't have a lot of Linux or Unix experience, at least not in the last 20 years. So, that has been removed from me. The appliance comes and we connect to the command line. Anything I need to do is menu-driven. So, it is easily maintained by people whose skill set changed from hands-on to management quite awhile ago.

What do I think about the scalability of the solution?

Scalability is not something that I have had to concern myself with right now.

Currently, we have five people who use it to either tune the rules or find out answers to questions about the network and flows.

How are customer service and technical support?

We have a customer success manager, Matt, who is terrific, very responsive, and always there for us when we need it, providing quick answers. This also applies to the support desk if we raise a ticket. I did have a problem after we installed the A32 version, where I was getting some errors in the email. The engineers got into the code and found some code that needed to be corrected. I don't remember exactly what the problem was, but it took less than two hours to find and correct it. So, the support has been superb.

Which solution did I use previously and why did I switch?

At this bank, it replaced the manual solution, where if you were not a Tier 3 Network Engineer, then you were probably not going to be able to get into the details and nuances of any of the rules and configurations. So, they get glossed over. The firewall review done manually is more of a sanity check. "Do we need the rule at all?" is really the question that gets asked, not whether the rule is done correctly to support privilege and least access.

How was the initial setup?

The setup was quite easy. 

if I were to take out the fits and starts that were our responsibility, the installation was less than four hours. Then, the upgrade was done because we went from version A30 to A32. That took about an hour and a half. It was very simple and straightforward. Now, when I need to do regular releases, i.e., patches, I can do them myself. It is menu-driven. It's pretty easy.

What about the implementation team?

AlgoSec's support was there for us. We worked with them. They did all the heavy-lifting. It was easy to schedule as well as very flexible, as we got our act together. Organization is important. 

One staff member would have been sufficient for deployment and upgrades, but I made sure that our IT staff population representation was there so they understood the tool, where it was going, and how it would be used. However, it easily could have been done with only one person on our end.

What was our ROI?

In the end, I did a calculation. When I think about the number of people, when we did the manual way, who had to be involved, and how long did it go? Did we risk being out of compliance with regulations? There is a big cost to that. It is cheaper operationally to work with AlgoSec than to try to do this manually.

AlgoSec has absolutely helped to simplify the job of our security engineers. It gives us a level of expertise that we didn't have within our own staff. AlgoSec showed us that what our staff could do wasn't good enough. So, it is a force multiplier. It enables us to have the expertise that we don't have, but it also gives us the cycles, e.g., the actual ability to extract the rules, evaluate them, and then assemble them into a form that we can present to auditors and regulators, if needed. This greatly helps us. As a tool that has so many features, there are certainly more that we can grow into, but the ones that we are using right now have been of a substantial value to us. This is even being commented by our auditors from one review period into another.

The staff enjoy it. There is always that dynamic between security and IT. IT has projects to do and serve the business. Security isn't quite seen in that same light. So, they enjoy it because they don't have to spend the time to go through the rules, trying to reverse-engineer what is going on, and it takes care of a lot of the documentation for them. It keeps them in the zone that they are used to working with the correspondence that belongs to the rule, allowing them to understand the details. This has helped us understand ourselves better, how we operate on the network layer, and saved us the time of actually doing the rules. So, we are much better with our compliance, audits, and regulatory requirements, but we are also better in our security. Two things that an ISO always has to be concerned with - compliance and actual security. This tool acts like another person on staff, increasing our ability to be very fine-tuned on rules. We will be using it for a while to come.

What's my experience with pricing, setup cost, and licensing?

I am a fan of AlgoSec for its pricing. As a small branch, getting any amount of money, is very difficult. Less than a thousand dollars, that will take some effort for two reasons:

  1. Asking for money.
  2. It wasn't in the budget. 

The price came in where we really didn't even need to have much of a discussion. That was very good. There are also options regarding what you want to pay for. It wasn't really pushed on me that I have to get all of it or else I can't be an AlgoSec customer. 

There are training and support levels that come in beyond the product itself, and we did subscribe to the training. We also have the support. The pricing has been very approachable, and that is why we have it here.

Which other solutions did I evaluate?

I have looked at other options along the way, like Skybox. AlgoSec came to the market before the alternatives did. When I become aware of it and something is good, I stick with it. Why change? 

I went to the Gartner page and looked at who the competitors were. I looked at customer reviews and things like that. However, because I have had such a good experience with AlgoSec Firewall Analyzer, I continue to use it. I have found no reason to go with any of the other alternatives.

Our local policy is that I have to be able to compare at least three products when I go to management to ask for money. I did exactly that. I took three alternatives and brought them to our management team. I explained the whys and wherefores for why I was promoting AlgoSec. Now, we have it here in our environment.

What other advice do I have?

I would recommend, "Do it," in regards to implementing AlgoSec. I wouldn't have been with it since 2004 if it wasn't among the best tools. I have tools in vulnerability scanning and SIEM/SOC as well as tools for authentication. There are a lot of tools. As a security guy, I have been doing this since 1997. When you find a product that delivers, you stick with it, and AlgoSec is that type of product.

I have been so pleased with the tool. It sounds cliché, but I haven't gotten to a point yet where the tool hasn't provided for me. This is why I always come back to it. For an organization as small as ours, it gives us a tool that is affordable, easy to implement, and the expertise that we were lacking.

When I need it, it is there. If I have a question about an endpoint or protocol, I am trying to resolve audit points about what ports are listening and why, or I have to figure out how to isolate something more than it already is, AlgoSec is the tool that I go to first to get information and answer some of these questions. In most cases, all the details and rules are all right there. It has been great.

I have seen the capability for AlgoSec to enable us to manage multiple or dispersed environments in a single pane of glass. Because I am such a supporter and have seen the value that AlgoSec can bring to more than one organization, I invited the CSO office in Chile to attend a work session with us so they can start to see everything that AlgoSec might do for them. I knew that it was on their task list, and they have a need to get into the same area. The potential is there that our head office will begin to use the tool, having seen how it has been helping us in just our local office. They need it more because they do have a broader array of firewalls, connections, and things like that. So, I'm looking forward to that.

I know for a fact we are not getting all the value out of the appliance that we can. I know for a fact we are getting more value out of the appliance than we intended when we licensed it. Those are good things. The visualization of our network is helping me. There are diagrams that can be drilled into which help me. When you are small, going over to IT all the time and asking questions isn't always the best thing. It is disruptive. Then, I have to worry whether I got the right answer or not. AlgoSec removes those things. I see what is happening and I know that it is based on the facts. There are five of us using it. I am sure that we use it every week, probably not every day to answer questions, and we are running monthly reports, which are automated, so we have a good history. So, we have the opportunity at any point to identify problems and resolve them.

What we have learned from using AlgoSec Firewall Analyzer: We didn't understand our risk with our firewall. It is good that we relied on a credible third-party, but what we saw was rules could be better configured. These are our protection to the outside world between the bad world outside and inside, between our head office and us. I worked for a Wall Street firm, and we didn't trust anybody. It is a big deal now with zero trust. This tool will help us to get there, dialing things down.

For the AlgoSec experience (the company, product, support, and people), I want to give it 10 (out of 10). Nobody trusts that, but they have been very good to me. The boss who didn't like spending money is very happy with the results. I brought it back to him and showed him what we have been able to do past our manual efforts, and it resonates with him. It makes sense to him. He reads the paper. He sees how quickly ransomware can spread across a network. One of the things that we can do to help protect against that is make sure that we have good segmentation and only the endpoints which really need to talk to each other are allowed to do so.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
SE
Senior Systems Engineer with 51-200 employees
Real User
Excellent monitoring and alerts but price and support need improvement

Pros and Cons

  • "The features that I like are the monitoring and the alerts. It provides real-time monitoring, or at least close to real-time. I think that is important. I like its way of organizing, also. It is pretty clear. I also like their reporting structure - the way we can use AlgoSec to clear a rule base, like covering and hiding rules."
  • "The only problem I have with AlgoSec is just its level of support, not with the product. Not with the organization or the documentation or anything else, but if I need any additional support, the only problem is the time it takes to get it."

What is our primary use case?

I have been implementing AlgoSec for different end customers. None of the environments are on the cloud, they're on-premise applications. Some of them have been planned, but a majority of them are for virtual instances. I have implemented four or five end-customers and also supported them with AlgoSec.

I deploy and maintain AlgoSec for customers for test purposes. I use it before doing anything on the customer's premises. For testing purposes, I have used it in my own environment also, but the majority of the time I'm using it in the customers' environment.

I have integrated AlgoSec with Check Point, Palo Alto, some older Cisco versions like WSN, Fortinet firewalls, and Cisco ASA.

What is most valuable?

The features that I like are the monitoring and the alerts. It provides real-time monitoring, or at least close to real-time. I think that is important. I like its way of organizing, also. It is pretty clear. I also like their reporting structure - the way we can use AlgoSec to clear a rule base, like covering and hiding rules. For example, if the customer is concerned about different standards, like ISO or PZI levels, we can all do the same compliance from AlgoSec. We can even track the change monitoring and mitigate their risks with it. You can customize the workflows based on their environment. I find those features interesting in AlgoSec.

The visibility is pretty clear from top to bottom, even interconnected maps and zones.

We can always customize the standard risk profiles. But even within the standard one, before doing any changes, when you go with the flow, they always inform you. Before implementing the change, you get the visibility there. You get the visibility with risks.

This is important because the places that I have worked have different departments for risk handling. So whenever we go through the flows before implementing, that part goes through the risk department and gets their approval first. With AlgoSec you get to know the risk profile before implementing the change. That way you get to know the risks that you are taking with that particular change. So it's important.

It has helped to reduce the time that it takes to implement firewall rules. In some places where I work, they fill a form and send it to a particular manager. For example, if an end-user fills it and he sends it to his manager, then it gets his approval and he sends it to the risk department, and gets their approval, and sends it back to the person who implements. There's a chain that takes a longer period of time and even their paper costs. That gets reduced when they use a workflow from AlgoSec. They always get automatic notifications when the change moves on to the next level so they know exactly which stage the change is in.

It is helping to reduce those policy changes by more than 50%.

You can face audits in two ways. You can either do it from AlgoSec. I have used it like that for periodic audits. You can always plan it. Either you can go from one of your rules, clean up your rule base and improve the standards of your risks and all the other areas in the AlgoSec reports. Or else, you can go for a PCR level report and you can prepare it stage-by-stage and commit up to a certain standard. I have used both methods. You can also do reports for the particular changes and check how much your environment is improved after you follow the report and do the particular change that they suggest. For example, reordering or combining your rules or removing some of the unused objects. Then you can run a report and see how much it gets improved. So in terms of auditing, which they can run every six or eight months, or once in a year, you can always turn on your audit before it comes to that level. You can always prepare for your audit by scheduling reports.

It's pretty easy when it comes to integrating with the leading vendors. If you want to integrate, they have proper documentation. Their documentation is very good. I have to give them credit for that. You can always follow it. Integrations are pretty easy and much easier than with some of the similar competitive products that I have used. I don't want to mention names, but AlgoSec is much easier because of their proper documentation. For example, when you are integrating a particular device or application, you know the things that you need to do because they have the proper documentation before doing it. It takes less time to integrate compared to some of the other products in the field.

I have come up with two cases of misconfigurations in some rules. One of them is with change requests when you have a single object and you just have to amend it to the particular rule but not to other specific rules. The other thing is what rule it's covering. It's not a misconfiguration, actually, and you can amend it. I have come up with some situations like that. Before coming back to my stage, it is always clear from the other risks and level of approval. So I did come up with that kind of a scenario but it's not actually a misconfiguration.

AlgoSec has helped to simplify the job of security engineers because you can always monitor your risks and know that your particular configurations are up-to-date, so it reduces the effort of the security engineers. You can always get top to bottom. For example, if you talk about the rule base of a particular firewall and access to some particular things, you can always get a clean one with the required security. So rather than going here and there, they can always use this tool to do the automation and their decision-making.

I haven't yet configured with Cisco ACI, but in the next one and a half months, I'll be integrating it with an ACI structure.

I expect the value of bringing AlgoSec and ACI together will be good. It'll be like an extension. If you integrate AlgoSec, it's not like a single point. If you connect it with the ACI fabric it will be challenging. I haven't really experienced it in full, because I am still in the designing phase and I haven't done the full implementation, but I feel like it'll be interesting and challenging. Since I have not experienced it or yet done the implementation combining these two, I cannot fully say how it will be. It's a question mark. But I'm expecting it to be a little bit challenging because the visibility differs.

What needs improvement?

AlgoSec needs improvement with its support level.

I know that they have 3D architecture like SMB and enterprise on top of that. Some people consider this as a noncritical device. But because it's not as critical as a firewall, some people think that the support level does not need to be equal to a firewall level of support. But if some people are monitoring and managing firewalls through AlgoSec, the level of support should be equal to a firewall level. It shouldn't be dragging over two or three days. I know that they have three levels of support, but at the very first level, I believe you should be able to directly contact the tech and get a solution as soon as possible.

The only problem I have with AlgoSec is just its level of support, not with the product. Not with the organization or the documentation or anything else, but if I need any additional support, the only problem is the time it takes to get it.

For how long have I used the solution?

I've been using AlgoSec for two and a half to almost three years now.

I use AlgoSec Firewall Analyzer and FireFlow.

What do I think about the stability of the solution?

It is generally stable. As I mentioned, the only problem the customers are worried about is the technical response time from AlgoSec. If you have to contact tech support the project will get delayed. The customers are comparing it because, for example, in their environment they have Palo or Check Point, and their support levels are much higher. With them, when you open a ticket, after a few minutes you can check and get the opinion from the tech or check if an engineer is available. If it's a critical issue, you can always talk to him within hours and fix the issue. So they always compare that level to AlgoSec's support level. That's the only issue that we have to explain to them. The customer's opinion is this is a non-critical device because this is not a firewall. But we manage firewalls so that kind of level of support should be given.

What do I think about the scalability of the solution?

In terms of scalability, the maximum that I have tried with AlgoSec is six clusters. Its scalability is good. The way that we can work with it is good because with every device you can see everything on the same dashboard. If you want to check the monitoring, you can always select the device to see. You can check the status by clicking the device. It's the same structure. The scalability is good but I have only worked with a maximum of six clusters so I can't tell you exactly when it comes to a high number of hours, if it is good or bad, but for the six that I have worked with, it's good.

We do have plans to increase usage of AlgoSec. I have explained to some of the customers about the application integrations, the visibilities, and the rule-based optimizations by using this feature. In terms of features, I am expecting that they'll amend that component to their environment. Since we are a system integrating company, when we propose a solution for a particular customer, we always propose to do firewalls. Therefore, we always add AlgoSec. When we are proposing it, we always submit AlgoSec automatically.

How was the initial setup?

I did not find the initial set up very complex. It's advanced, but not complex. Their documentation for implementation is very good.

It really depends on the customer. Some places, when you go for a POC or a deployment, we can always plan and tell them that if they are integrating these kinds of things, these are the levels of provisions that we need. These are the things that they need to do from their end. 

The POC for some customers goes three or four days because of their delays. But with some customers it goes fairly quickly, like a day and a half or two days. For one customer it took five days because they had a procedure where you have to fill a form and send it before creating your user for AlgoSec when it's with the firewall integrations. Because of that, it took a little bit longer. So depending on that I give it three to five maximum days to integrate four or five clusters. It really shouldn't have taken that long to do the work. Then you need to contact different teams to get the support. It all causes delays.

In terms of implementation strategy, I'm always looking at what their components are. I always have to go with the Firewall Analyzer components and to check what type of devices  they are willing to integrate for this particular unit. I check if it is a Check Point cluster, or the Palo cluster, or a Forti cluster, and what the additional features are that they are looking for. Based on that, I complete the Firewall Analyzer unit as soon as I can. Since I have worked with the product, I have similar use cases. What are the things that we can use to demonstrate for firewall change flow? I'm always asking for input from them. What are the things that you need for base level policy changes, etc...?

In terms of actually deploying AlgoSec, most of the time it's me only. But I have to contact the other end. There is always a direct contact person and a support team when it comes for integrating the firewalls. 

When it comes to maintaining AlgoSec, we have another colleague also. They can always give the support.

What was our ROI?

I have seen improvements of ROI at companies. Although customers might have a department, they recruit new people to use AlgoSec reports to analyze their risk, monitor the alerts, and check their daily tasks. I have seen new implementaton by a banking customer who obviously see the value.

What's my experience with pricing, setup cost, and licensing?

I'm on the technical side so I don't have a clear picture about pricing and licensing. But as far as I know, if a customer asks for a 24/7 support, the pricing level is much higher, relative to normal 8 - 5 support.

Recently, we proposed AlgoSec and there were other companies who proposed other solutions. During the technical discussions, I was the one who did the demonstration, and we were able to say that whatever features they are looking for, we can always provide it with AlgoSec. When they finally released the tenders we were in the top three options and the second place for technical. The only problem was the pricing with AlgoSec.

The other company gave much a lower price. We couldn't match the AlgoSec price level to that particular vendor. I think the company and customer were really impressed with our presentation and demonstration that we gave. They even told us if we can reduce our pricing by a certain level, they can take us because they are impressed with our product, but the pricing won't do. But when we tried to AlgoSec to reduce the cost so we can get this deal they couldn't match it to that level. Unfortunately, we lost the customer.

It was not a one day effort that we put into submitting these documents, to comply to their requirements, and do a demonstration. They were convinced to take this product, but because of the pricing issue we lost it. We all got disappointed about the support level.

Which other solutions did I evaluate?

I find AlgoSec more organized than some of the other products. With some other products, you have to go here and there to check it, but with AlgoSec it's more organized. But, I find some of the other products more customizable than AlgoSec. It takes a little bit of time to do the customization, for example, if you need to change or add some special level of approval or if you need to add three different levels of approvals for a particular workflow. To do that, sometimes you have to contact AlgoSec's regional support. But with other products that I know, it's just a matter of adding a particular character to the workflow. In some cases I have found other products that are useful, but in terms of organization, I find AlgoSec easier and more manageable than some of the other products.

What other advice do I have?

I have learned so many lessons here. A secure environment is your main asset. When you have a secure environment you can always run your business smoothly, do your changes smoothly, and do your daily tasks smoothly. A secure and safe environment is the key to a successful IT business. That's the main point that I've learned from this.

If you're implementing, I always recommend AlgoSec and to check whether it can cater to their needs. Most of the time, it is capable. It's capable of handling your requirements most of the time.

On a scale of one to ten, I would give AlgoSec a seven.

This is taking into consideration the support and everything else. Any talks about AlgoSec and you need to consider their support level.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Jacob Schembri
IT Security Analyst at a retailer with 5,001-10,000 employees
Real User
Helps to keep the firewall ruleset simple while still maintaining its security posture but is complex to set up

Pros and Cons

  • "AlgoBot is a Slack chatbot that they've designed to help people identify if the firewalls are going to allow or block specific network traffic. We leveraged this to allow our staff to check themselves if the firewalls are going to be blocking traffic or not. That saves us logging into the firewalls and running the query off the host. We give them the power to use it and it saves us time."
  • "We work with multiple security vendors. It's rather difficult to integrate the vendors. AlgoSec is a platform that hasn't really been developed as much as we would like to just because of its complexity to set up. If it was easy to set up and easy to get integrations with other companies, then we would be doing it. But the thought is that we are relatively stretched thin in our team as it is and the complexity of configuring AlgoSec doesn't make it any easier."

What is our primary use case?

We use FireFlow. Our environment is a mixture of private and public platforms. We have been aggressively moving infrastructure up to the cloud, so everything that used to be on-prem now is all pretty much in the cloud. We have hundreds of servers and instances up in the cloud. On-prem, we still have the same. It's a couple of hundred servers on-prem that we use for the day-to-day business functions as well.

AlgoSec would help to manage our multiple environments if we had CloudFlow but we don't have that license.

Back in 2016, we migrated firewall vendors over to Palo Alto Networks. During that time when we migrated, we had over 4,000 security rules. Using AlgoSec, we were able to trim it down by some ridiculous amount, around 72%.

How has it helped my organization?

AlgoSec has a built-in feature for identifying risks. It'll inform the user if we have rules that allow a certain protocol open to the internet that we shouldn't. It identifies applications that are permitted in our network that pose a risk. Some examples include SNMPv1 without it being secured and that sort of thing. AlgoSec notifies us of those risks. There are also cleanup tasks it assists with. Obviously, the simpler the ruleset of your firewalls, the easier it is to manage and the less confused administrators get. AlgoSec is able to help keep the firewall ruleset simple while still maintaining its security posture.

AlgoSec provides us with full visibility into the risk involved in firewall change requests. We perform risk analysis before adding rules anyway. Even if AlgoSec said a rule is risky or not risky, it's not something we rely on heavily. We have other tools and processes to identify if the rule we added is going to be introducing risks or not.

The overall visibility that AlgoSec gives into our network security policies is pretty high. It's very clever in the logic it uses to provide insights, especially into risks and clean-up tasks. It's very valuable. It saved a lot of hours on the cleanup tasks for sure. It has saved us days to weeks.

AlgoSec's automation helped to reduce human error and misconfigurations to an extent. If I'm considering duplicate rules and human error, then yes for sure. But if not, then no, not really.

It implements and manages micro-segmentation initiatives. We recently did a project on that. We did the service segmentation using natively built reporting functionality in the firewalls. After that, we used AlgoSec to clean up those rules and trim them down. So it's not exactly to create micro-segmentation but more to manage it. It performed very well for that role, which is the experience we've had with that specific function in the past with it as well.

What is most valuable?

AlgoBot is a Slack chatbot that they've designed to help people identify if the firewalls are going to allow or block specific network traffic. We leveraged this to allow our staff to check themselves if the firewalls are going to be blocking traffic or not. That saves us logging into the firewalls and running the query off the host. We give them the power to use it and it saves us time.

AlgoSec has features to prepare for audits and ensure our firewalls are in compliance. But we have all the tools to measure compliance and security framework stuff we're doing.

What needs improvement?

We work with multiple security vendors. It's rather difficult to integrate the vendors. AlgoSec is a platform that hasn't really been developed as much as we would like to just because of its complexity to set up. If it was easy to set up and easy to get integrations with other companies, then we would be doing it. But the thought is that we are relatively stretched thin in our team as it is and the complexity of configuring AlgoSec doesn't make it any easier.

Overall, setting up new features is something that needs improvement in my eyes.

It has a cool feature where it has multiple firewall rules that say "You're allowing this IP page address to talk to this IP address on port A, port B, and port Z." For example, if AlgoSec detects that that rule was being used but it's only being used for port B and C, then it'll actually notify you that this rule can be trimmed down and you can remove port A, as it's not being used by your rules anymore. That's something we really like as well.

For how long have I used the solution?

We installed AlgoSec in 2017.

What do I think about the stability of the solution?

The stability has been okay. The main uptime is fine. We haven't had any issues where it's randomly turned off. 

Every now and then we need to restart the AlgoBot feature to keep it running. We found that every couple of days, it just dies. We're not too sure why.

What do I think about the scalability of the solution?

We haven't really done much scaling. We've just kept it isolated to one machine and ran everything from there for AlgoSec.

We're using it for firewalls. Our company depends quite heavily on the management and how up-to-date the rules are in the firewall. We definitely rely on AlgoSec to produce accurate information for one of our critical network components. We may be leveraging AlgoSec more in the future to assist with the cloud but it's still early days and we don't know for certain.

How are customer service and technical support?

Technical support is average. In simple support cases, everyone's very helpful. When we upgraded to the new version of AlgoSec, we had a technical support staff member helping us through every step. But then some other simple cases were a bit more challenging. It would often take quite a few weeks and things wouldn't get done. They would say the issue was fixed in the next software patch when it wasn't. It's been mostly good but a few times they've missed the mark a bit.

How was the initial setup?

The initial setup of the virtual machine or the appliance was straightforward. Even getting the devices we wanted AlgoSec to ingest was straightforward as well. 

It has a network map and it uses configuration from each firewall to draw a network map. Then, it uses that map to do logic of what rules and IP addresses can go where. That part was complicated because there were some very specific issues where one firewall wasn't being ingested properly. That took a while to work through and the fix wasn't what anyone really expected it to be at all.

It took us a couple of weeks to fully deploy. We got the main brunt of AlgoSec working in around a week. Fixing it with AlgoSec support took a little bit longer just because of its complexity.

The deployment required two staff members. It was another security engineer and myself. We are also the only two people who use it. 

It only requires one person for maintenance. That might be due to the limited amount of pages we have enabled within AlgoSec. It's definitely not full-time. It's just every now and then we do health checks. We have a number of monitoring tools on the box. So if it's not responding to the pings, if it can't talk out to the internet, we just get automated alerts. That's really how we determine if the box is healthy or not. Aside from that, it hasn't had any other issues.

What was our ROI?

We have definitely seen ROI. The number of rules in the firewall is the main way we've seen it. We went from around 3,500 to 4,000 all the way down to six rules. And that was over a couple of weeks. It was very quick and AlgoSec was the driver for that. If we still had 4,000 rules, then I'd be in a much bigger team trying to manage that. Because we only have a couple of hundred, it's not completely manageable, but it's a lot more manageable than a couple of thousand for a couple of people.

What's my experience with pricing, setup cost, and licensing?

I don't actually know what the pricing is. We had a quote to get some professional services done for a couple of weeks. From my perspective, the cost was reasonable. It was 30,000 AU dollars for a few weeks. For the business that was unreasonable because they were trying to cut costs. But I would have seen that as a reasonable price to put on a few weeks of PS.

What other advice do I have?

It has not really reduced the time it takes to implement rules in my organization. We use AlgoSec more for the clean-up after the fact. It's more of an after the fact tool that we use it for.

It definitely has not helped simplify my job. It just cuts out the middleman of having to ask someone a very specific question. Identifying those are very hard to do, and we wouldn't be doing it if we didn't have AlgoSec to do it for us.

If we had a couple of thousand rules in the firewall, it would be a number of increased things that the business would need to consider. We would need an additional firewall administrator to manage these rules. Rules would take a lot longer to be introduced into the firewalls. There's a delay in a developer spinning up a new server and then the firewall actually allows that new server through. There's just the overall complexity and documentation would take a lot longer if we had multiple rules. Even just the cleanup and management like general overhead would be significantly more.

If you look at it that way, AlgoSec has saved the business maybe a couple of years of salary. It's simplified the rules to such a point where it's manageable. The rules are still manageable by fewer administrators. There is more human work. There's more flexibility for staff to be working in other areas as opposed to having multiple people assigned to the firewalls, looking at complex rule sets.

It does the job. It's very good at taking something complex and simplifying it into something that's a lot easier to understand and manage.

It's one of those tools that takes a little bit of time to get set up and used to, but once it does, it's very powerful with what it can do.

I would rate AlgoSec a seven out of ten. The functionality on the platform is extremely good. But getting it set up and the complexity to install new features and stuff like that, brings it down a little bit.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Learn what your peers think about AlgoSec. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,676 professionals have used our research since 2012.
Aaron Zollinger
Sr. Network and Security Administrator at a insurance company with 501-1,000 employees
Real User
Out-of-the-box, you can run a compliance check against your environment that tells you exactly what needs to be fixed and why

Pros and Cons

  • "It gives us 100% visibility into our network security policies. It has given us a couple of surprises. Over the years, the network that we are administrating has been subject to people who have an idea of how a network should be set up. That differs from technician to technician or engineer to engineer. So, we are finding little pockets of hidden little self-engineered configurations and the way things were done that nobody knew about. Once the engineer left, the knowledge of that setup disappeared. You don't know about those until something either goes wrong, or you get something like AlgoSec to discover it for you, and it says, "Hey, there is this going on over here.""
  • "The reports are lacking information when they come out. They will not pull the URL or application information from Cisco FTDs. I know this works for Palo Alto Firewalls, which we currently do not have. If they could improve the integration with Cisco FTDs as a whole, that would be immensely helpful."

What is our primary use case?

We have actually played around quite a bit with the network flow piece of it (with the routers). That has helped us troubleshoot a few things with data flow and where it might be stopped or redirected to an incorrect location.

We use the following components of AlgoSec: AlgoSec Firewall Analyzer (AFA), FireFlow, and AppViz. We have a very limited cloud deployment at the moment.

We have a very complex network environment. It requires very specific compliance protocols to be put in place, including HIPAA compliance, PCI compliance, and HITRUST compliance. Therefore, we have very specific rules that we have to adhere to. We have 13 sites with very complex setups at each site to allow for redundancy and security, utilizing multiple vendors and technologies to achieve that. 

We are currently developing and going to have a hybrid deployment for the cloud and on-prem. Right now, 98% of our stuff is on-prem, and that will change. We are probably going to be about 75% on-prem and 25% in the cloud, which is very complex. This will allow our external vendors and external clients in as well as all our internal resources.

How has it helped my organization?

They have compliance rules built right into the system. Right out-of-the-box, you can run a compliance check against your environment that tells you exactly what needs to be fixed and why. Their compliance check is phenomenal. They even have a base compliance check. So, you can set your own standards to make sure that all your equipment meets those base compliances that you have for internal standards.

AlgoSec has reduced the time it takes to implement firewall rules in our organization. While our usage of it has been fairly limited to what we have tested so far, it has probably reduced the time by about 30%.

It gives us 100% visibility into our network security policies. It has given us a couple of surprises. Over the years, the network that we are administrating has been subject to people who have an idea of how a network should be set up. That differs from technician to technician or engineer to engineer. So, we are finding little pockets of hidden little self-engineered configurations and the way things were done that nobody knew about. Once the engineer left, the knowledge of that setup disappeared. You don't know about those until something either goes wrong, or you get something like AlgoSec to discover it for you, and it says, "Hey, there is this going on over here." 

It has helped us figure out how it was set up and why it was set up that way, then allowed us to engineer it so it fits a little better into our standards. We found a couple of secrets in our network that nobody would have known about. If we had an outage on those, nobody would have been able to figure them out without a tool like AlgoSec. This would have been a complete outage for our organization. Since we are healthcare insurance, that is a significant amount of money.

It has helped to simplify the job of our security engineers. We have a snapshot of where we are at with the correct data that we need to be able to fix the issues that we have. We keep finding little secret pockets of out-of-standard configurations that need to be addressed.

AlgoSec absolutely provides us with full visibility into the risk involved in firewall change requests. There is a risk analysis piece of it that allows us to go in and run that risk analysis against it, figuring out what rules we need to be able to change, then make our environment a little more secure. This is incredibly important for compliance and security of our clients. We deal a lot with patient health information that needs to be secure for physicians who are dealing with it and the patients themselves.

What is most valuable?

The most valuable for us so far has been the firewall rule analysis. Just to be able to get to a point where our infrastructure is secure and stable. The analysis runs everything that we actually need. When we run a report, we need to look at the report, then go back to the analysis because the analysis has all the information for us. We just have to match up the analysis to the report.

We have a security vendor who runs an analysis on the logs that we send them. We have multiple vendors who come in and do an annual security assessment. We have multiple vendors who come in and do an annual penetration test. We have vendors who deal with the end clients as well as vendors who deal with the servers for security, in addition to our firewalls, routers, and public interfaces. AlgoSec takes all of the information on our network, puts it into one single pane of glass where we can go and request what we need from the vendors. Plus, there are reports in AlgoSec that we can run and send out to our vendors so they have an eye into what we are looking at.

What needs improvement?

The reports are lacking information when they come out. They will not pull the URL or application information from Cisco FTDs. I know this works for Palo Alto Firewalls, which we currently do not have. If they could improve the integration with Cisco FTDs as a whole, that would be immensely helpful.

For how long have I used the solution?

We are actually in the process of purchasing AlgoSec. We have gone through a proof of concept with them. Right off the bat, running through that proof of concept with them was absolutely fantastic. Usually, they have an offsite proof of concept server that you connect up to, then kind of take a look at their technology to see how everything works and if you like it. However, we have a different setup onsite for some of our firewall rules. We wanted to make sure that their application/appliance worked on our internal environment. They were more than willing to set up an onsite PoC for us so we could make sure everything did work.

What do I think about the stability of the solution?

The stability is fantastic. We haven't had an issue with stability at all.

Two people are needed for maintenance (someone for backup plus me). Maintenance on it is fairly limited. It is very automated in the way that it handles all our data and firewall needs.

What do I think about the scalability of the solution?

The scalability is easy, just add more licenses if needed, then turn up another virtual machine. It is pretty straightforward.

There will probably be a dozen of us actually utilizing AlgoSec. This will mainly be the network and security team, then the security team themselves.

How are customer service and technical support?

During deployment, the technical support fixed our issue within 30 minutes of the phone call.

Which solution did I use previously and why did I switch?

We are in the process of doing microsegmentation right now. That is one of the reasons why we started looking into a utility like this because we needed to get that current snapshot of where we are at and where we need to go. AlgoSec is beyond phenomenal for helping to create and manage this type of initiative. With the automation piece and the fact that we can take a look at the traffic that is currently running through our firewalls and automate the rules being created for that. This will take a lot of manual work off of our shoulders that would have taken many man-hours to be able to implement.

How was the initial setup?

We ran into some errors/issues, so it probably took us a week to fully deploy it. The process was straightforward except for the typos that we had in the programming. Without those typos, it would have been up within half a day.

We had an implementation strategy that we laid out beforehand and went forward with that.

What about the implementation team?

James, the AlgoSec engineer who was working with me, spent about two weeks on and off with me trying to get the solution up and running, and he was successful at it. This was so we could utilize their proof of concept in our environment to make sure that it would fit our needs.

What was our ROI?

Because we went from having no unified tool to having AlgoSec, it has improved our security platform by probably 80% in just the short time that we have had and used it. It is invaluable. There is no question in my mind that it is a tool for anybody who has multiple sites, firewalls, and routers. It is something that everybody needs to look into getting because it is invaluable.

Even if we were to pay the first quote that we got, AlgoSec would be worth it. Just having the automation and that overall look into your security platform, you can't be without it.

What's my experience with pricing, setup cost, and licensing?

We are working with our finance department right now to be able to purchase it. The AlgoSec team is doing everything that they can in their power to get the costs down to where our budget is. They have worked a lot on it. They have cut the cost in half for us so far by questioning, "This is in the quote. Is this something that is actually needed?" They have pulled some stuff out and cut our costs down by 50% for the product itself.

Which other solutions did I evaluate?

There were four of us involved in the evaluation of the product.

We compared this tool to two other different tools. Even with their higher-end solution, when we had the full budget for this, AlgoSec was less expensive than some of the other top tools. We looked at FireMon and Tufin. The reason why we said, "No," when we had budget to FireMon and Tufin is because they were not pulling in the application data or URL data. 

AlgoSec actually pulls application data and URL data in. AlgoSec is a little easier to use than the other solutions. Cisco recommended AlgoSec to us.

What other advice do I have?

Don't trust what you think you know about your network. There are surprises everywhere, and sometimes it takes a utility like this to find those.

Don't don't hesitate. Go get it. If somebody came and asked me for an analysis tool, AlgoSec would be at the top of my list.

The integration is fine.

Migration to the cloud is on our roadmap. 

We have not set up any automation quite yet, but that is on the roadmap. That will make the tool even better.

I would rate this solution as a nine (out of 10).

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
AbdulMohsin
Regional Sales Engineer at RedSeal, Inc.
Real User
Top 5Leaderboard
Making changes to multiple firewalls at the same time is beneficial for a small customer due to limited resources, but not good for enterprise grade level customers

Pros and Cons

  • "There are some legacy customers still using AlgoSec. The benefit is the ease in management of firewalls and rules."
  • "It gives you the capability to make changes to hundreds of your firewalls at the same time, but big enterprises have change management policies. Change managers will never allow you to make changes to more than 10 devices at the same time, which is a feature in AlgoSec. Because, what if something goes wrong, then you have to roll back and figure out what caused the impact, e.g., which firewall did not work well. Doing that post-mortem becomes a difficult thing. So, change automation on a firewall is actually defeating the purpose of the change management policies in any organization. If you run a bank, you will not allow anyone to make changes at the same time from a single click for 10 firewalls. The bank will never allow this."

What is our primary use case?

If a use case comes where a customer who has different firewalls, e.g., Palo Alto and Fortinet, wants a single pane of glass, where all the firewalls are visible, this is the only use case where AlgoSec would be used.

The customer has to judge, "Are they going to pay hundreds of thousands of dollars for the feature of seeing firewalls of different vendors under the same hood?" Is that the value they want versus the dollar value they are spending? Most of the time, the answer is no. Customers don't want to spend $300,000 or $400,000 just to see a single dashboard. Especially during COVID times, it has become even more impossible to sell such a product. 

From a product perspective, AlgoSec has multiple components. Its security management solution is the primary one that you need to have. You must have this in order to install the platform. 

How has it helped my organization?

There are some legacy customers still using AlgoSec. The benefit is the ease in management of firewalls and rules. Also, if they have a small setup, making changes to multiple firewalls at the same time is something the customer enjoys due to limited resources. When an organization becomes an enterprise, then change management comes into the picture as well as best practices, so making changes to multiple devices at the same time is not good. 

It has the capability to be an enterprise grade product, but the use cases have not been fine-tuned for that in the past four years.

What needs improvement?

There are some integration-related issues too. For example, AlgoSec does not integrate with Forcepoint, and Forcepoint Firewalls have become very prevalent these days. They also don't integrate with Aruba devices. So, the integration ecosystem of AlgoSec is very limited, which is also the case with Firemon.

These days, people are looking at products which can visualize not only their firewalls, but also their networking equipment, under a single map. Can AlgoSec do this? Yes, it can, but with very limited capacity. If I try to sell the automation story of firewall management, there are vendors, like Forcepoint, who are not supported, so if a customer has Forcepoint, then I have to straight away walk off. The worst part of the story is they don't have even a roadmap for this.

Another problem with AlgoSec is that it gives you the capability to make changes to hundreds of your firewalls at the same time, but big enterprises have change management policies. Change managers will never allow you to make changes to more than 10 devices at the same time, which is a feature in AlgoSec. Because, what if something goes wrong, then you have to roll back and figure out what caused the impact, e.g., which firewall did not work well. Doing that post-mortem becomes a difficult thing. So, change automation on a firewall is actually defeating the purpose of the change management policies in any organization. If you run a bank, you will not allow anyone to make changes at the same time from a single click for 10 firewalls. The bank will never allow this. So, what is the use of this automation? Even if you are using this automation, you can do it from your native firewall vendor, e.g., Panorama or FortiManager, where everyone has their own cluster managers. At least if something goes wrong, you can still call Palo Alto and tell them you are Panorama has not done the change right, causing you an impact, and this is your Palo Alto firewall. 

In this case, if I have to raise a case first, then I have to call AlgoSec and check why it has not worked. Second, I have to call the firewall vendors that their firewall is not working well, but AlgoSec has done the right job. Handling multiple vendors for such a trivial issue becomes a problem.

For how long have I used the solution?

I have been using AlgoSec for four years. First I was a customer, then I became a partner.

What do I think about the stability of the solution?

If you hit a bug with mass changes, do you troubleshoot on AlgoSec or the firewall? Now, you have two products that you have to tackle for bugs. The two vendors then finger point and you waste time. That is why having the firewall and firewall manager together from a vendor, like Palo Alto, is better.

How was the initial setup?

If the scope of work is just firewall management, it is easy to deploy. However, when you add the flow information, since AlgoSec can also import the flows of your firewall rules, that is live traffic. Then you include FireFlow, or it becomes a nightmare, because what you have to do is take a copy of traffic from different segments/firewalls and bring it into AlgoSec. Doing that becomes a challenge because a lot of companies, such as banks, will not allow you to sniff the firewall traffic live traffic because they have credit card information. 

These days, the traffic has changed to HTTPS, which is all encrypted. Four or five years back, it was HTTP, which was all plain text. Even if you take a mirror of the traffic, how can you decrypt it? You need a decryptor to look inside. FireFlow looks at the packet of the transaction. In order to look at the packet/payload, I have to decrypt it because now it is encrypted. But, who will decrypt it? Then you have to buy another product that does decryption.

What was our ROI?

Customers look at return on investment to determine the benefit from a product, e.g., the tangible value in return. If I go to sell AlgoSec or Firemon today, the customer will say, "I already have Palo Alto," because Palo Alto Panorama has picked up a lot in the last five years of this market. 

What's my experience with pricing, setup cost, and licensing?

AlgoSec is not a cheap product. If I compare Firemon and AlgoSec, because I am also Firemon certified, Firemon is still cheaper in price than AlgoSec. That is another catch. 

Which other solutions did I evaluate?

AlgoSec-type products and requirements are not necessary or prevalent these days. If you look at AlgoSec, what do they have? They do firewall management, predominantly. Firewall management as a technology is dying. If you look at Palo Alto, Fortinet, Forcepoint, Cisco, or Juniper, all these firewall vendors are coming up with firewall management platforms. If you talk about Palo Alto, they have Panorama. If you talk about Juniper, they have Junos Space. If you talk about Fortinet, they have FortiManager. You can manage their firewalls using the respective vendor management consoles. The question comes, "Why would someone want to use AlgoSec to do firewall management?" The usability takes a dip in terms of capability because people trust the native vendor, e.g., someone who manages Palo Alto firewalls will do it with Panorama because Panorama is a product of Palo Alto.

AlgoSec's use case was good four years ago before FortiManager and Panorama. If you have a hundred firewalls from Fortinet, then you can manage all of them for a single FortiManager. If you have 50 Palo Alto Firewalls, you can manage those from Panorama in a single pane of glass. These solutions did not exist four years ago, and now AlgoSec is losing its essence in the market since these native vendors have been launched.

Four years ago when I started off with AlgoSec, and I'm still working with them, it was strategic. Now, it has become tactical. AlgoSec has a very good feature of doing firewall rule optimization, which has not been there in the native products. For the last couple of years, the native products also started coming up with firewall rule optimization. For example, Palo Alto (from PAN-OS 9.0 and above) was released a year and a half back. It does firewall rule analysis for you. It is the same case with Fortinet and Forcepoint. Therefore, if I have to sell products on firewall management, which does firewall rules on analysis, what is the use case that I give to customers with AlgoSec?

I am running out of AlgoSec use cases because the native vendors give you the capability to do firewall management, firewall rule analysis, and pushing conflicts to multiple firewalls from a single screen. These are the use cases of AlgoSec. This is what AlgoSec does. This story is not just limited to AlgoSec. Products like FireMon and AlgoSec and the way they used to do firewall management have become a commodity. Now, most of the firewalling vendors have the same functionality in their management console. 

Companies, like RedSeal, or even to an extent, Skybox, are better built because they take the story to the next level. They don't just look at firewalls. They also look at the network, vulnerabilities, risk, governance, compliance, architecture issues, and incident response. This is the story which customers love to see because none of the native vendors are providing this. 

RedSeal and Skybox are doing firewall management for free. They don't charge you for it. On top of it, they do:

  • Complete network visualization.
  • Give you best practice conflict checks.
  • Security architecture issues.
  • Risk analysis of every IP asset in your organization.
  • Vulnerability prioritization.

What other advice do I have?

AlgoSec has been amazing, but it did not evolve well with time. If you look at AlgoSec from a cloud perspective, it does not support service chaining. So, if I have Palo Alto Firewall in the cloud, which has become very common, they can't detect that firewall. If I ask them to detect Oracle Cloud, they can't detect that. The problem about cloud, even if I'm doing service chaining with VMware NSX and Palo Alto, which is a very famous integration, they can't detect them. They cannot detect these because they are new things which have happened in the market in the last three years. So, they aren't able to catch up. The legacy part is good, but they are not able to catch up on the latest stuff, like service chaining. With anything new, AlgoSec is unfortunately running behind. 

I have used all the components: CloudFlow, Firewall Analyzer, FireFlow, and Algo Bot (which I have used to optimize policies). I have not used AppViz a lot because it just came out. If you talk about the complete suite, then AppViz gives you application-related visibility. However, when you don't have a rich integration ecosystem versus a native firewalling vendor, like Palo Alto, who does give this. What is the use of having AlgoSec (or Firemon)?

I would rate this solution as a seven out of 10. The product is good, but the issue is with AlgoSec's use cases.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
VS
Lead Infrastructure Engineer at a financial services firm with 5,001-10,000 employees
Real User
Top 20
Enables us to drill down to the level where we can see the actual policy rule that's affecting the risk ratings

Pros and Cons

  • "AlgoSec provides full visibility into the risk involved in firewall change requests as well. It definitely allows us to drill down to the level where we can see the actual policy rule that's affecting the risk ratings. If there are any changes in ratings, it'll show you exactly how to determine what's changed in the network that will affect it. It's been very clear and intuitive as far as that."
  • "Some of the auditing functionality needs improvement. Our major focus is the firewall validation process and tracking and verifying that changes are implemented correctly. We are actually doing parts of the auditing process manually. And getting any one of the vendors to bring out a good auditing process has been very difficult."

What is our primary use case?

I mainly use AFA and FireFlow. The majority of the network is internal. We have a very limited footprint in the cloud right now. But what we do have in the cloud is private. Being a financial institution, everything is very secure. So we don't have anything in the public cloud.

We're primarily using AlgoSec for firewall management and change validation. So we use it for monitoring all the firewall changes and security ratings. Any kind of firewall change is monitored and we have our own process that we use AlgoSec for to validate that changes are implemented according to the requests and go through all of the change approval processes.

How has it helped my organization?

We are using it for the firewall change auditing process for our department. They are one of the leaders that we found in this area. There is a very limited group of vendors that provide this kind of functionality and we've gone through the majority of them. AlgoSec still stands out as the leader, in our opinion.

What is most valuable?

We primarily use AFA for the change management portion of it. But the security ratings also are used by our security group to ensure compliance and validate that nothing is being configured that is not in our best interest.

The overall visibility AlgoSec gives into our network security policies has been very good. We are happy with the way the application works. It is very intuitive and easy to use. I would give that a very high rating.

AlgoSec provides full visibility into the risk involved in firewall change requests as well. It definitely allows us to drill down to the level where we can see the actual policy rule that's affecting the risk ratings. If there are any changes in ratings, it'll show you exactly how to determine what's changed in the network that will affect it. It's been very clear and intuitive as far as that.

I don't know if it has reduced the time it takes to implement firewall rules in our company. We don't use it for implementing changes because our network is very in-depth and we're very particular with our security on that, that we do manually make all of our firewall changes. So we're not using the automated functionality of AlgoSec to do that for us. But I think that's more because of the restrictions that we have in our own network.

AlgoSec is very good when it comes to preparing for audits and ensuring our firewalls are in compliance. The security ratings are a major factor in that lately, as well as being able to show the configurations and how they affect the risk ratings. Whenever we do need to address any issues, it's very clear to show us exactly what the effects of the ratings are, as tied into the firewall policies.

We work with multiple security vendors. I'm not on the security team any longer. I went from network group to security and then back again. But our security group does work with AlgoSec and they use it very intimately for different functions.

What needs improvement?

Some of the auditing functionality needs improvement. Our major focus is the firewall validation process and tracking and verifying that changes are implemented correctly. We are actually doing parts of the auditing process manually. And getting any one of the vendors to bring out a good auditing process has been very difficult. AlgoSec does a good job of showing us the changes, but we're doing a manual process to actually audit it and do documentation that we can provide to our auditors that shows we're validating everything, and on top of it, that nothing gets implemented without being caught. Part of that could be improved upon.

For how long have I used the solution?

I have been using AlgoSec since 2016, so it's been around five and a half years. 

What do I think about the stability of the solution?

The stability has been great. We had a minor bug with the latest version and development. I did work with support to get that ironed out. They resolved it so right now, it looks to be very stable. And we are looking to put that into production shortly.

What do I think about the scalability of the solution?

The scalability seems very good. I haven't seen any restrictions if we were to bring in other hardware or other devices in terms of how to scale it out, either size-wise or vendor-wise.

We have our network group, which we use AlgoSec for, for investigating the risks, configuration issues and things like that. The security group uses it for risk ratings and compliance verification. Then we have a separate group, which is a different group of security that uses it for the firewall validation process. They're the ones that use it on a daily basis to investigate any firewall changes and tie those back to the original request and validate that they were implemented properly.

How are customer service and technical support?

The support has been very good. They're very responsive, very quick to get back to you, and very helpful. They bring in developers very quickly and easily to get into the details. Our last issue we had seemed to be very unusual, and with their support, they brought in the actual developers that were working on this software and resolved it very quickly.

Which solution did I use previously and why did I switch?

We used a couple of different solutions and they all have their problems. We thought we had a good solution at one point until we found out that it wasn't working properly. When you trust in an application like this and you believe in the numbers that it's giving you, you go with that as gospel until you find out that it's wrong. That vendor's support was just not on the level that we wanted. We were getting no response from them for a long time. So we finally gave up on them until we went to AlgoSec, and it was a much better solution for us.

How was the initial setup?

The initial setup is very straightforward. It is very easy to integrate network devices into AlgoSec and manage them. It's even getting easier with the latest version. We integrated Palo Alto devices into AlgoSec and it is very simple to bring it in. We have a development server that we're testing out the latest version on, and that came in in minutes. It brought it all in automatically.

The earlier versions of AlgoSec, especially when they came out originally, would not integrate properly with Panorama. So at that point, we had to integrate AlgoSec to actually reach out to every firewall individually for configurations and change status. The current releases are now integrating directly into Panorama. It's just basically one connection into Panorama and it pulls in all of the configurations from there. It's much more simplified.

What was our ROI?

I don't really get involved in ROI. But I definitely think it's valuable to us and I think it is a good solution for us.

What's my experience with pricing, setup cost, and licensing?

I don't get into the pricing aspect of it that much. But from my beliefs of it, I believe it is very cost-efficient compared to other vendors. Their licensing is very straightforward and they're easy to work with.

Which other solutions did I evaluate?

There were three main players at the time, we went through proof of concepts with each of them, and AlgoSec was definitely the strongest vendor in that group and we don't regret it at all. I think it is a good solution.

The other vendors were promising a lot more than they were actually delivering on when it came time to actually putting it onto our network and evaluating it. We were finding that things that they were telling us that they supported and were part of their packages were not actually functional at the time. So we did not go forward with them because of that. AlgoSec actually had everything working properly. It was very easy to set up and use and it did what they promised.

What other advice do I have?

Their sales engineers have really been very helpful and very good at working with us. I have nothing bad to say about them. They were excellent and I have a good relationship with them. If I ever need anything, I'll reach out to either our sales executive or our SE anytime and they respond immediately to us.

I would say the biggest thing we've learned with it is how much information it does give you. It is a nice platform. It definitely drills in a lot of layers of security and efficiencies that you can do. We're not using it to its full potential for cleaning up policy rules. As most companies are now, they are short-staffed and overworked. But it definitely can be used a lot more than we are using it for. Overall, it's a great solution and I have not seen another vendor in this marketplace that does any better than this.

I would rate AlgoSec a nine out of ten. We would like to see the auditing functionality improved. But that would be the only shortcoming at this point. I do think that they are top of the marketplace for this.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
TN
Cyber Security Architect at a tech services company with 5,001-10,000 employees
Real User
The compliance blueprints are flexible and can help with different types of audits

Pros and Cons

  • "We have used the solution to implement and manage microsegmentation initiatives. That is the whole point of modeling towards, "Hey, how will this work for a specific situation in the end?" I think it's a great solution because a lot of companies are not just going to the cloud, but microsegmentation and service-delivered products. So, I feel like it is very capable and comparatively better than its peers, if not equal."
  • "The API integration could potentially improve. I didn't get a chance to look and see how well this solution can integrate with ServiceNow or our GRC environment."

What is our primary use case?

We needed something to tell us the quality of our firewall rules in terms of their implementation.

We use the following components of AlgoSec: AlgoSec Firewall Analyzer (AFA), FireFlow, AppChange, and CloudFlow.

How has it helped my organization?

I get reports that address the different types of things that we look for in security which it protects for, mainly things in the firewall with monitoring or compliance. With this, I felt like it is a great product.

Because of how sophisticated the product is, it allowed us to get very useful, actionable information, reducing the time it takes to implement firewall rules in our organization by 40 percent. However, we are still trying to figure out if we are going to switch to it permanently.

I felt like the compliance blueprints were more sophisticated, which is kind of what we need. The type of environment we need in order to reduce risk is to have a number of different compliance blueprints that will give us the flexibility of being able to handle multiple different kinds of audits.

We use it to assess some of the readiness of some of our projects. We use it to model what we potentially would do if we keep it on, which it looks like we probably might. So, we did use it to help with some modeling.

AlgoSec's automation helped to reduce human error and misconfigurations. They have built-in ISO and other types of compliance fabrics. That reduces errors because it does a lot of policy thinking for you. This has improved our security operations.

It empowered our security engineers because you need to have the best, top-end tool if you are looking at modern high-end threats. 

We have used the solution to implement and manage microsegmentation initiatives. That is the whole point of modeling towards, "Hey, how will this work for a specific situation in the end?" I think it's a great solution because a lot of companies are not just going to the cloud, but microsegmentation and service-delivered products. So, I feel like it is very capable and comparatively better than its peers, if not equal.

AlgoSec is very complimentary to Cisco ACI because a lot of people are doing SDN. Having that integration is critical because a lot of the applications are more geared toward ACI. So, having something that compliments but doesn't break or get in the way of what the client finds important is ideal. Because, in some cases, we are not just representing ourselves, we have to extend what the client wants.

What is most valuable?

The Analyzer was the thing that had the most value because I am all about the quality of the rules and number of the rules. I thought it was really a great product, especially because we have more than one type of firewall.

I liked the level of detail. I thought it was a good measure of what people needed to understand. It had really useful information about controlling the environment. It looked like AlgoSec has done a really good job with developing what customers might find useful.

AlgoSec provides us with full visibility into the risk involved in firewall change requests. There is a lot of competition out there. This provides a comprehensive environment where risk is properly captured, which is very valuable.

The list of tools in the AlgoSec suite all seem to complement each other, which is what we needed towards making sure that we weren't leaving anything out. So, it seemed to be comprehensive enough between all the different products.

AlgoSec helped us to gain visibility into our application connectivity flows, which was important. We have Splunk, so we need a firewall/security expert view on top of Splunk. I felt like AlgoSec gave us that information. This allowed us to show that AlgoSec could be a valuable contributor to our security environment.

It enables us to manage multiple or dispersed environments in a single pane of glass. This is good because we have a complex support model that we are trying to simplify. There are as few panes of glass as necessary. Even with a separate security pane, it is worth it. 

What needs improvement?

The API integration could potentially improve. I didn't get a chance to look and see how well this solution can integrate with ServiceNow or our GRC environment.

For how long have I used the solution?

We demoed it for about three months.

What do I think about the stability of the solution?

It is a very stable product. It is definitely more stable than FireMon. I felt pretty good about it. I didn't have to worry about apologizing for the product because of integrity issues, which is usually a thing. I felt like I did not have to worry about it.

What do I think about the scalability of the solution?

It was very scalable, which is important. One of the reasons that I was able to champion it (in terms of the demo) is because we were starting small. However, if everybody likes it, we will ramp up pretty big.

The SOC has about 10 admins. There are a lot of IP addresses. These 10 guys administer about 3,000 devices.

How are customer service and technical support?

We haven't really had to call much. That was one thing we were trying to figure out: If we are going to get a consultant or get some a la carte stuff during the demo. We will probably look up a support agreement from the corporate side, if this goes into production. There are some people with whom we are talking about the contract on the backside.

How was the initial setup?

The initial setup was pretty straightforward. We had some help, but it just seemed pretty straightforward.

Deployment took about a month because of some internal stuff. This was fine because I couldn't get a lot of buy-in time on how much time we have for development.

We run a full SDLC where we use a project management organization who uses kind of an agile/waterfall hybrid. We have multiple departments that all have a stake in terms of how we deploy the demo to make sure that everything models exactly when we turned it on.

The migration process was easy because it was a complete product. We need something ready out-of-the-box to help where we don't have to figure out the product or use cases as much because it fits the use cases with its features. AlgoSec felt like a great fit to us.

What about the implementation team?

We had some in-house talent who had some experience with AlgoSec. We also contracted an integrator.

It helps to have somebody who really knows the product well enough in order to get it modeled quickly. That way, the executives who are looking at it see success quickly. 

What was our ROI?

It is worth the cost. 

What's my experience with pricing, setup cost, and licensing?

I heard that the licensing was around $100,000 a year, and I don't know how accurate that is. That seemed a little high, but compared to everybody else, it seemed about the same.

Which other solutions did I evaluate?

I have been at other companies in the past who did bake-offs.

It is not up to me. I just give them the information, putting the information into their hands and having them make the decision. However, I feel pretty strongly that AlgoSec could be it. Once we got rid of our third place (FireMon), I said, "Oh good. That gives AlgoSec a fighting chance." 

I have always thought it should be between Tufin and AlgoSec. That has always been the most realistic comparison to me. I didn't like FireMon's level of support. We thought AlgoSec was more scalable and efficient with better visibility. 

AlgoSec vs Tufin: I would have thought that Tufin would have won. AlgoSec kind of surprised me because: 

  • We had better performance with AlgoSec.
  • We were able to set it up easier. 
  • The regulatory compliance matrices were better. 
  • The ranking of risk in the firewall rules was better.
  • The role-based access was really good at the time.

What other advice do I have?

I probably wouldn't look at anything else if you're not going to integrate the API. Although a head-to-head trial is a good idea, a lot of people don't really have the time for all of that. Just start with AlgoSec. It is number one in a lot of markets for a reason.

We work with multiple security vendors for different tools and functionality. AlgoSec is an absolute leader when it comes to integrating with the leading vendors. I need to have things that are leading their sectors because that is the only way of answering security controls for risk.

We haven't had a breach as far as I know. However, I feel like if we were breached, this would be a critical tool because people would want to know what the firewalls saw. This is the best of the very best firewall tools. When you need something that tells you what is happening with top security devices and tools, this would be the first place where we would get intelligence about the breach. 

If we use AlgoSec, then we will use it 90 to 100 percent. If this solution gets the go ahead, then we may get the rest of the suite. Though, we are pretty much using the entire suite.

I would rate this solid nine (out of 10).

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
NaveenShankarappa
Sr. Design Architect - Network Security at a retailer with 10,001+ employees
Real User
Identifies vulnerable rules, brings standardization, and provides overall visibility into our environment

Pros and Cons

  • "We have Check Point, Palo Alto, and FortiGate firewalls, and it integrates pretty seamlessly with these firewalls. We have had no issues so far."
  • "There is a little bit of scope for improvement in the risk profiles that come with the AlgoSec Firewall Analyzer module. Currently, AlgoSec provides only three standard zones within a risk profile. These standard zones are external, internal, and DMZ. Everybody's network is divided into different zones within a data center, but AlgoSec only provides three zones. This is a limitation that I see for the risk profile analysis. If there was an option to customize these zones, it would be great."

What is our primary use case?

We are a retail company with about 2,500 stores, and we have at least 5,000 devices just on the retail side of it. We mostly use Cisco products in our organization. From the firewall perspective, we have a multi-vendor architecture. We have Check Point, Palo Alto, and FortiGate.

We are using AlgoSec Firewall Analyzer to identify the risks, do some quality assessment of the firewall, and then do our troubleshooting. We are working towards automating our firewall process that is currently manual. We are also enabling AppViz with different application teams. So far, we have onboarded a couple of them from the SAP team. The whole idea is to keep the firewall rules transparent and relevant to the application that an application team supports.

AlgoSec FireFlow is going to be adopted soon. I'm working on the project right now, and it is almost at the end stage where we're going to deploy it to the business.

We are in a hybrid environment, and we have our presence in multiple cloud vendors such as Azure, Google, and Oracle. We have our on-prem computing systems, and we are working towards migrating most of our on-prem computing systems to the cloud.

AlgoSec's deployment in our environment is a high-availability deployment. We have active and standby nodes. We also have a load distribution node, which is a virtual system. The active and standby systems are AlgoSec appliances.

How has it helped my organization?

It provides overall visibility into our environment's security posture from the network access perspective. It is also helpful in eliminating human errors and keeping the standard posture for the firewall staging process.

We have onboarded all of our firewalls, and we see that AlgoSec is running its regular monitoring and analysis process to provide a hundred percent visibility into our policies.  

Based on our testing, we have seen a reduction in human error and misconfiguration. When engineers are staging the firewall policies, human errors are being eliminated in terms of them forgetting to stage a rule in one of the firewall policies. Previously, if they had to stage three or four firewalls and they didn't know the environment properly, they would easily miss one of the policies. Such things have definitely been eliminated.

FireFlow will reduce the time taken to implement firewall rules in our organization. The firewall approvals and staging process currently take about seven days. Based on what we've seen from the tests that we have run, it has reduced the duration to about one and a half days.

It also brings standardization. It recommends the way in which the objects should be named. It brings a certain amount of standardization for objects and rules creation, which has helped as well. We are also targeting to reduce the number of people managing the firewalls after the FireFlow module is in full swing.

It simplifies the job of our security engineers. There is an expectation from the engineers to have a common understanding of our architecture and design, but there is always going to be some amount of difference in the way they understand our design and architecture. AlgoSec has eliminated such differences within the team. So, it doesn't matter if I have an L1, L2, or L3 engineer to stage the rules and how complex these rules are. It eliminates the difference in skill competency between individuals within a team.

What is most valuable?

We've been using Firewall Analyzer a lot. Cybersecurity teams have been using it for identifying vulnerable rules and loosely installed services. AlgoSec Firewall Analyzer is a widely adopted module at present.

When it comes to AppViz, I like the project option using which a lot of migrations can potentially be simplified. We are planning to use it for our future migrations. When we are migrating from on-prem to cloud and have a lot of firewall rules for the applications, AppViz's project feature, especially the server migration feature within the project, would really be helpful.

We have Check Point, Palo Alto, and FortiGate firewalls, and it integrates pretty seamlessly with these firewalls. We have had no issues so far.

What needs improvement?

There is a little bit of scope for improvement in the risk profiles that come with the AlgoSec Firewall Analyzer module. Currently, AlgoSec provides only three standard zones within a risk profile. These standard zones are external, internal, and DMZ. Everybody's network is divided into different zones within a data center, but AlgoSec only provides three zones. This is a limitation that I see for the risk profile analysis. If there was an option to customize these zones, it would be great.

Risk profiles currently require a lot of understanding. The UI needs a little bit of flexibility in terms of rearranging risk rules within a profile. For example, when I create rules in a risk profile, it numbers them as Rule 1, Rule 2, Rule 3, and so on. If I delete Rule 2, it doesn't reorder them on its own. Rule 2 is deleted, but I just cannot place any other rule as Rule 2. There needs to be more flexibility in building risk profiles.

We would like to have AlgoSec integrate with Cisco SD-WAN. We are a retail company, and we have about 2,500 stores. We have the SD-WAN solution across all stores. So, we need to manage a high number of zone-based firewalls. If AlgoSec can add integration with Cisco SD-WAN in the roadmap, it would be awesome.

After you add a load distribution node, there is no dashboard to tell us how the performance has improved. I can raise a couple of tickets, or I have to do a lot of permutation and combination in terms of testing to figure out whether it has really optimized the process and latency. If we can have a performance dashboard to give us information about the performance change with the AlgoSec tool, it would be great.

For how long have I used the solution?

We have been using the AlgoSec Firewall Analyzer module for four to five years, and we started to implement FireFlow and AppViz a year ago.

What do I think about the stability of the solution?

We have only one load distribution node, and we have about 140 firewalls from all the cloud and on-prem environments. So far, we were only using the Firewall Analyzer module, and we are introducing FireFlow only this year.

When I tested it, it was a little slow during the initial planning stage of the AFF module. The analysis during the AlgoSec's FireFlow requests took a lot of time, but it is something that we need to check. We might have to increase our capacity because we only have one load distribution server at present. If it could improvise in terms of the optimized or initial analysis, it would be great. That would be the expectation from a lot of firewall management engineers who would start using FireFlow. Currently, it takes more than five minutes after somebody has submitted a request. We want to reduce that, and we are looking into it.

What do I think about the scalability of the solution?

Adding a load distribution node is a pretty easy task. It can be a physical appliance or virtual. It is straightforward.

We have about 14 to 15 people who use AlgoSec on a day-to-day basis.

How are customer service and technical support?

I have no complaints. I would rate them an eight out of 10.

Which solution did I use previously and why did I switch?

This was a new implementation for us. The primary reason for going for AlgoSec was the FireFlow module. We haven't been able to use it for the last four years because other projects had priority, but we are implementing it this year.

We are in the traditional project management model, and we already have a DevOps process, but staging the firewall policies is a current challenge when it comes to Request to Delivery, and that is one of the reasons for working towards enabling the AlgoSec FireFlow module. Once it gets stabilized, we will integrate it into the CI/CD Pipeline where our Request to Delivery is definitely going to get better.

How was the initial setup?

It was pretty good. I didn't find it too complex. It was straightforward with the administration guide that we had.

When we got it deployed, a different design engineer was there. It took them a couple of weeks to build it after the design and finalize everything.

What was our ROI?

The cybersecurity team has definitely got an ROI from the Firewall Analyzer module that we have been using so far. We are currently implementing the FireFlow module, and we are expecting an ROI from next year.

What other advice do I have?

AlgoSec FireFlow is an amazing tool that automates the firewall staging process for the support teams, but I don't know if it is a patented one from AlgoSec. We are currently in the process of adopting FireFlow.

After FireFlow is installed and Firewall Analyzer gets the new policy onboarded or downloads a new policy from the Firewall Management servers, by using our risk profile, it will be able to identify the risky rules being implemented. It will give an overview to the cybersecurity team. So, the cybersecurity team will use it to define the posture of our perimeter firewalls and our internal firewalls. It is helpful, but it also depends on how good are your risk profiles. 

It is a great tool. There isn't any other tool that works in the same way. I would rate AlgoSec a nine out of 10. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Geert Haerens
Agile and Architecture at ENGIE
Real User
Top 20
Provides visibility into my firewall request and lets me see the status, but the analysis part can be improved and it could support policy enforcement

Pros and Cons

  • "The workflow and the fact that I can follow up on a request that I've created and clearly see the status it is in are the most valuable features of this solution. When I need things to move on, for example, if the security guys didn't look at the request or the implementation is not going as it should, then I can contact people. There is a mechanism in there that clearly indicates the service level agreement we have for implementation. We can see if it is being attained."
  • "The analysis part can be improved when I make a flow request. There should be a clear analysis of which metric part needs to be opened and which firewalls will be opened. It should give you a bit more graphical visibility about these."

What is our primary use case?

We are using the FireFlow and Firewall Analyzer components. I'm not the manager of the project, so I don't know if we are using any other module. We use FireFlow to make our firewall change requests.

As an architect, if I'm deploying something and a flow needs to be put in place, I need to go into the tool and specify the details about the flow that needs to be set in place. I also need to provide some contextual information, and then there is a whole workflow that gets started. It will first analyze the flow to determine which firewalls and modifications are required, and then there is an approval step for which someone responsible for security needs to give approval. After that, it goes to the implementation team that does the actual implementation. In the end, there is a validation step where when they say it has been implemented, you can check that the flow is open, and it works fine. You can then either close the ticket or say that it's not working and please check again or perform additional tests.

We have a mixed proprietary network. We have stuff in private clouds, and we have stuff in public clouds with major cloud providers. We have a very global and complicated network in more than 60 countries.

How has it helped my organization?

It has certainly improved the way our organization functions. It has simplified my job in terms of creating a request. I know at which stage of the implementation we currently are. It has provided visibility into my firewall requests. Previously, the process and the tools that we had were like a black box. You send it to somebody, and then you didn't know what was happening for two or fours weeks. Now, at least you get your tech ticket number, and you can go in, follow up, and hunt people down. 

When it comes to integrating with the leading vendors, it is okay, and it is able to give us visibility. It tells us about the Palo Altos, Checkpoints, and Fortinets that we have.

What is most valuable?

The workflow and the fact that I can follow up on a request that I've created and clearly see the status it is in are the most valuable features of this solution. When I need things to move on, for example, if the security guys didn't look at the request or the implementation is not going as it should, then I can contact people. There is a mechanism in there that clearly indicates the service level agreement we have for implementation. We can see if it is being attained.

What needs improvement?

The analysis part can be improved when I make a flow request. There should be a clear analysis of which metric part needs to be opened and which firewalls will be opened. It should give you a bit more graphical visibility about these. 

I don't know if it's possible, but there could also be policy enforcement. The reason why firewalls have problems is that standards are not being followed. If the tool that allows you to enter a request doesn't enforce standards, there's too much room for error. Automation does not solve this unless automation follows defined policies and standards. I don't know to what extent those tools can indicate the predefined policy and standards that you put in place. For instance, if you define your level of zero trust, the tool should be able to advise you on what you should do.

For how long have I used the solution?

We have AlgoSec in our company for at least six years.

What do I think about the stability of the solution?

Its stability is good. I have never experienced an outage or bad performance when I needed to use the tool.

What do I think about the scalability of the solution?

I cannot say about scalability. Our environment is big. We are a multi-national company that is active in more than 60 countries. In terms of servers and all other network equipment, the number would be towards 10,000.

In terms of users, there are a few hundred users. They are people who make all those requests. They are mostly architects because the company says that an architect needs to enter the flows for projects in most cases. There is already a group of 50 architects, and then there are people who need to do the approvals. They are the community of security or seniors, as we call them in our company. They are probably about 50 when you start counting the deputies with it. There is also a network team behind it, and that easily has a hundred people who do certain operations on AlgoSec. I would estimate that at least 200 people actually use the tool.

How are customer service and technical support?

I have not used their support myself.

Which solution did I use previously and why did I switch?

We used our standard ETSM solution for making requests. That was nothing basically. The decision of switching didn't come from me, but one of the motivating factors was to have one tool in which all firewalls could be managed. We wanted to have visibility on all the firewalls and put a process in place to request flows that can be traced to improve the service.

How was the initial setup?

I have been involved in its setup from a distance. There was an architect in my team who was responsible for it. I didn't involve myself in it.

What other advice do I have?

I would advise knowing what you want to get out of the tool. Why do you want to use the tool? Is it just for a workflow as we use it, or is it the analysis? It seems there are other tools that equally do workflows as well. Then it comes down to your analysis in terms of what answers are you looking for, and then you evaluate if the tool can handle the questions to get the answers.

In terms of AlgoSec providing full visibility into the risk involved in firewall change requests, what I've seen recently, which wasn't there a few years ago, is that it does risk analysis, and then it says something like no risks. The strange thing is even when it says no risks, the security people do not automatically approve the change. They still need to go over the nitty-gritty of the flow, which makes me ask the question about its value and how valuable is this. It can be two things. We either do not trust the tool, or the tool just doesn't give a correct assessment of the risks. That could be for multiple reasons. I don't know if this is something that comes out of the box and cannot be configured, or is this something where you need to tell the tool what is the security policy, and based on that, it will do the analysis. It anyways gives a score. I've seen it, but I doubt the usability of it.

It has not reduced the time it takes to implement firewall rules in our organization. For me, the speed of delivery hasn't really changed because there is still internal validation, and that process takes a long time. This is basically independent of AlgoSec.

I use it onsite and in the cloud environment. I use it in both, but I do not know which specific features AlgoSec has concerning clouds. I also don't know if it is good or bad when it comes to preparing for audits and ensuring our firewalls are in compliance.

In terms of implementation, I can't say whether automation has helped to reduce human errors and misconfiguration. I can only say from another point of view. I'm doing academic research at the moment. My research is about the evolvability of firewall rule basis. The management of rule basis is pretty complicated and the bigger they become, the more complicated it gets. I've done some fundamental research on this, and I've come up with some interesting conclusions. I know that the information that I got from algorithms that I wrote myself, which are not fairly complicated, gives a lot more visibility in terms of what's wrong within the policy, as compared to what the tools do. I'm 100% sure of that. Based on what I've seen on AlgoSec and some webinars, there is a lot of information in there, but it doesn't give the real clarity on what's wrong with my rule base.

I would rate AlgoSec a six out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate