We just raised a $30M Series A: Read our story
ChristopherWalsh
Vice President Head of Information Security at Itau Corpbanca New York
Video Review
Real User
Top 20
Gives us the ability to dig down into details and work at a level above the skills that we already have

Pros and Cons

  • "The most valuable is helping us determine where our rules are too permissive. Based on previous human review of our rules, they are very cursory. We know why we do something, but we don't get into the details of whether the rule is nice and tight. What Firewall Analyzer lets us do is understand the risks presented by our rules. The tool does a calculation of all the traffic that could be allowed and we can match that to whether it should be allowed."
  • "We are using AlgoSec directly against our Cisco Firepower. At first, AlgoSec didn't work with Firepower. It didn't know how to read the logs. So, improvement has been made. Now, the feature that was available on the older generation firewall is available on the current one, but this is a problem which has already been dealt with."

What is our primary use case?

Our primary purpose right now is Firewall AlgoSec Analyzer so we can ensure that our rules are nice and tight. We also use the configuration report to make sure that the firewall configuration is nice and tight. 

We are starting to use modeling. AlgoSec Firewall Analyzer enables us to input details about what we would like to do to see what firewall changes would be required, if any. Also, if we are having problems with getting an application running across the network, then we can use that to establish what firewall rules might be giving us problems.

As a small branch office focused on wholesale banking, we have a very flat network that we are trying to improve upon. Over the course of last year, everything has been flat and accessible. Now, we are breaking into VLAN segmentation. That is where Firewall Analyzer will really come into good use, because it will help us to limit the traffic to only what is necessary. 

We have some cloud. Our core banking is with a different organization, which is in the cloud. We also have a couple of other treasury cloud applications in the cloud. However, a fair amount of our network is within our data center and office. So, we have a hybrid model.

How has it helped my organization?

We are very simple. The benefit of AlgoSec Firewall Analyzer right now is to give us skills that we don't already have with our people. Also, when we get into our periodic reviews, AlgoSec enables us to do it without adding additional staff. Something that we are not able to do because that is controlled in the Chilean head office. So, we need to make the best use of the best tools to secure our environment with a minimal number of people.

AlgoSec reduced the time it takes to implement firewall rules in our organization. Before, our firewall rule review was always done manually. When we installed the appliance and ran the report, we quickly found half a dozen areas where we were more exposed than we needed to be. The manual process used to go on for weeks. The AlgoSec process right now, as we develop and become better with it, takes only a matter of two or three days. We can have a good solid review, then we can get into very specific details about any rule or configuration with the objective of ensuring least privilege. Only the things that are needed to support business activities are allowed.

We are a regulated industry: financial services. We are obliged to at least annually review our firewall rules for risk. Are they too permissive? Are they not needed? Because we have this tool, we can now do that once a quarter. Before, we only did it once a year. 

We are a small branch of a much larger organization in Latin America. The rules that were set up allow free flow of information back and forth, i.e., network connections. Right now, with ransomware being what it is, we are starting to review those rules because they are too permissive. Another way that AlgoSec is helping us, internally, is working with our head office to make sure that they are treated with least privilege. Something that is not normal. Something that didn't happen, "Just because."

I have been with this organization for about two years. All the wide-openness of the network communications was just a bad event waiting to happen. AlgoSec Firewall Analyzer has given us the great ability to dig down into the details and work at a level above the skills that we already have, making sure that we are in a process. It started months ago and will continue for seven more months. That network traffic in and out of our perimeter is the least that it should be.

We work with multiple security vendors. For just IT alone, we have three primary vendors and a couple others that pitch in when needed. AlgoSec Firewall Analyzer helps us to make sure that we allow only what they need and that we keep them to the internal assets. They are external third-parties. We have high assurance that they are only able to access network assets that are part of the contract. Another vendor manages our firewall. The reason we have them do it is because we don't have the expertise amongst our people. So, the addition of the AlgoSec Firewall Analyzer enables us to have the intelligence of what is good and what is less than good. Thus, we can help keep that third-party on the rails, that they are doing good things for us, and we have the evidence to prove it.

We are getting into using AlgoSec to implement and manage micro-segmentation initiatives. One of our audit concerns was the flat network, and we started to work based on what we already know to create a test segment. However, AlgoSec is helping us to validate the traffic that will be allowed into that new segment, restricted to only that which we need. No sense in creating an isolated network if bad things can still flow back and forth between test and production. So, AlgoSec is a tool that is helping us make sure that we have all the isolation that we need. But, because of the syslog counters, we can also tell over time whether we did a good job in the first place and whether the remaining rules that we configured to be nice and tight are still needed for business purposes.

What is most valuable?

The most valuable is helping us determine where our rules are too permissive. Based on previous human review of our rules, they are very cursory. We know why we do something, but we don't get into the details of whether the rule is nice and tight. What Firewall Analyzer lets us do is understand the risks presented by our rules. The tool does a calculation of all the traffic that could be allowed and we can match that to whether it should be allowed. Another thing that we have recently started to do, but only about 100 days ago, is collect syslog events from the firewall that now tell us whether the rules that might be well-configured are actually being used by people or traffic. Our next step will be to start eliminating well-formed rules that just aren't needed.

The overall visibility that AlgoSec gives me into our network security policies is perfect. We think about separation of duties. As the information security officer, I shouldn't be logging into the firewall and playing around. What AlgoSec does is give me the ability to see everything about the firewall: its rules, configurations, and usage patterns. It gives me all the visibility that I need to make sure that we are doing what we should do to keep it tight. There is no perimeter anymore. We have to be very careful what we are letting in and out, and Firewall Analyzer helps us to do that.

Another very useful feature of the AlgoSec Firewall Analyzer is it will alert us to changes in firewall rules and configuration. So, we have a third-party who manages our firewall. AlgoSec gives us notification, if they go in and make changes either to the configuration or rules, so we can keep track and make sure that only authorized changes are occurring.

What needs improvement?

We are using AlgoSec directly against our Cisco Firepower. At first, AlgoSec didn't work with Firepower. It didn't know how to read the logs. So, improvement has been made. Now, the feature that was available on the older generation firewall is available on the current one, but this is a problem which has already been dealt with.

For how long have I used the solution?

I became familiar with AlgoSec Firewall Analyzer way back in 2004. I was trying to do some independent consulting, and part of that is a good firewall review. So, I started to look for tools. That is when I had my first discussion with AlgoSec. Since then, I have used it a couple at different organizations, including the one where I work now. It has been quite helpful with making sure that our firewall configuration is all that it should be.

What do I think about the stability of the solution?

It is set and forget. I don't have a lot of Linux or Unix experience, at least not in the last 20 years. So, that has been removed from me. The appliance comes and we connect to the command line. Anything I need to do is menu-driven. So, it is easily maintained by people whose skill set changed from hands-on to management quite awhile ago.

What do I think about the scalability of the solution?

Scalability is not something that I have had to concern myself with right now.

Currently, we have five people who use it to either tune the rules or find out answers to questions about the network and flows.

How are customer service and technical support?

We have a customer success manager, Matt, who is terrific, very responsive, and always there for us when we need it, providing quick answers. This also applies to the support desk if we raise a ticket. I did have a problem after we installed the A32 version, where I was getting some errors in the email. The engineers got into the code and found some code that needed to be corrected. I don't remember exactly what the problem was, but it took less than two hours to find and correct it. So, the support has been superb.

Which solution did I use previously and why did I switch?

At this bank, it replaced the manual solution, where if you were not a Tier 3 Network Engineer, then you were probably not going to be able to get into the details and nuances of any of the rules and configurations. So, they get glossed over. The firewall review done manually is more of a sanity check. "Do we need the rule at all?" is really the question that gets asked, not whether the rule is done correctly to support privilege and least access.

How was the initial setup?

The setup was quite easy. 

if I were to take out the fits and starts that were our responsibility, the installation was less than four hours. Then, the upgrade was done because we went from version A30 to A32. That took about an hour and a half. It was very simple and straightforward. Now, when I need to do regular releases, i.e., patches, I can do them myself. It is menu-driven. It's pretty easy.

What about the implementation team?

AlgoSec's support was there for us. We worked with them. They did all the heavy-lifting. It was easy to schedule as well as very flexible, as we got our act together. Organization is important. 

One staff member would have been sufficient for deployment and upgrades, but I made sure that our IT staff population representation was there so they understood the tool, where it was going, and how it would be used. However, it easily could have been done with only one person on our end.

What was our ROI?

In the end, I did a calculation. When I think about the number of people, when we did the manual way, who had to be involved, and how long did it go? Did we risk being out of compliance with regulations? There is a big cost to that. It is cheaper operationally to work with AlgoSec than to try to do this manually.

AlgoSec has absolutely helped to simplify the job of our security engineers. It gives us a level of expertise that we didn't have within our own staff. AlgoSec showed us that what our staff could do wasn't good enough. So, it is a force multiplier. It enables us to have the expertise that we don't have, but it also gives us the cycles, e.g., the actual ability to extract the rules, evaluate them, and then assemble them into a form that we can present to auditors and regulators, if needed. This greatly helps us. As a tool that has so many features, there are certainly more that we can grow into, but the ones that we are using right now have been of a substantial value to us. This is even being commented by our auditors from one review period into another.

The staff enjoy it. There is always that dynamic between security and IT. IT has projects to do and serve the business. Security isn't quite seen in that same light. So, they enjoy it because they don't have to spend the time to go through the rules, trying to reverse-engineer what is going on, and it takes care of a lot of the documentation for them. It keeps them in the zone that they are used to working with the correspondence that belongs to the rule, allowing them to understand the details. This has helped us understand ourselves better, how we operate on the network layer, and saved us the time of actually doing the rules. So, we are much better with our compliance, audits, and regulatory requirements, but we are also better in our security. Two things that an ISO always has to be concerned with - compliance and actual security. This tool acts like another person on staff, increasing our ability to be very fine-tuned on rules. We will be using it for a while to come.

What's my experience with pricing, setup cost, and licensing?

I am a fan of AlgoSec for its pricing. As a small branch, getting any amount of money, is very difficult. Less than a thousand dollars, that will take some effort for two reasons:

  1. Asking for money.
  2. It wasn't in the budget. 

The price came in where we really didn't even need to have much of a discussion. That was very good. There are also options regarding what you want to pay for. It wasn't really pushed on me that I have to get all of it or else I can't be an AlgoSec customer. 

There are training and support levels that come in beyond the product itself, and we did subscribe to the training. We also have the support. The pricing has been very approachable, and that is why we have it here.

Which other solutions did I evaluate?

I have looked at other options along the way, like Skybox. AlgoSec came to the market before the alternatives did. When I become aware of it and something is good, I stick with it. Why change? 

I went to the Gartner page and looked at who the competitors were. I looked at customer reviews and things like that. However, because I have had such a good experience with AlgoSec Firewall Analyzer, I continue to use it. I have found no reason to go with any of the other alternatives.

Our local policy is that I have to be able to compare at least three products when I go to management to ask for money. I did exactly that. I took three alternatives and brought them to our management team. I explained the whys and wherefores for why I was promoting AlgoSec. Now, we have it here in our environment.

What other advice do I have?

I would recommend, "Do it," in regards to implementing AlgoSec. I wouldn't have been with it since 2004 if it wasn't among the best tools. I have tools in vulnerability scanning and SIEM/SOC as well as tools for authentication. There are a lot of tools. As a security guy, I have been doing this since 1997. When you find a product that delivers, you stick with it, and AlgoSec is that type of product.

I have been so pleased with the tool. It sounds cliché, but I haven't gotten to a point yet where the tool hasn't provided for me. This is why I always come back to it. For an organization as small as ours, it gives us a tool that is affordable, easy to implement, and the expertise that we were lacking.

When I need it, it is there. If I have a question about an endpoint or protocol, I am trying to resolve audit points about what ports are listening and why, or I have to figure out how to isolate something more than it already is, AlgoSec is the tool that I go to first to get information and answer some of these questions. In most cases, all the details and rules are all right there. It has been great.

I have seen the capability for AlgoSec to enable us to manage multiple or dispersed environments in a single pane of glass. Because I am such a supporter and have seen the value that AlgoSec can bring to more than one organization, I invited the CSO office in Chile to attend a work session with us so they can start to see everything that AlgoSec might do for them. I knew that it was on their task list, and they have a need to get into the same area. The potential is there that our head office will begin to use the tool, having seen how it has been helping us in just our local office. They need it more because they do have a broader array of firewalls, connections, and things like that. So, I'm looking forward to that.

I know for a fact we are not getting all the value out of the appliance that we can. I know for a fact we are getting more value out of the appliance than we intended when we licensed it. Those are good things. The visualization of our network is helping me. There are diagrams that can be drilled into which help me. When you are small, going over to IT all the time and asking questions isn't always the best thing. It is disruptive. Then, I have to worry whether I got the right answer or not. AlgoSec removes those things. I see what is happening and I know that it is based on the facts. There are five of us using it. I am sure that we use it every week, probably not every day to answer questions, and we are running monthly reports, which are automated, so we have a good history. So, we have the opportunity at any point to identify problems and resolve them.

What we have learned from using AlgoSec Firewall Analyzer: We didn't understand our risk with our firewall. It is good that we relied on a credible third-party, but what we saw was rules could be better configured. These are our protection to the outside world between the bad world outside and inside, between our head office and us. I worked for a Wall Street firm, and we didn't trust anybody. It is a big deal now with zero trust. This tool will help us to get there, dialing things down.

For the AlgoSec experience (the company, product, support, and people), I want to give it 10 (out of 10). Nobody trusts that, but they have been very good to me. The boss who didn't like spending money is very happy with the results. I brought it back to him and showed him what we have been able to do past our manual efforts, and it resonates with him. It makes sense to him. He reads the paper. He sees how quickly ransomware can spread across a network. One of the things that we can do to help protect against that is make sure that we have good segmentation and only the endpoints which really need to talk to each other are allowed to do so.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
VZ
Technical Director at Accord Group
Real User
Helps us significantly reduce duplicate and conflicting firewall rules, as well as create audit-ready reports

Pros and Cons

  • "For us, as well as for our customers, firewall management and change management are the most important features."
  • "We see a very high demand for using containers and Dockers and therefore there is a need for managing access control to these platforms. I checked AlgoSec’s roadmap and, for now, there are no plans for developing these features."

What is our primary use case?

We use the solution for change control of policies on firewalls, for service desk integrations, and for the service desk rules of network users.

We use the firewall management solution. Our environment is on-premises only. Our company works with financial institutions and they require everything to be on-premises.

How has it helped my organization?

There is no question that AlgoSec has reduced the time it takes to implement firewall rules. That is also true because some of our clients use firewalls from various vendors and AlgoSec allows them to implement firewall rules on those firewalls simultaneously, even though they are from different vendors. Even so, when we receive a request for a rule exception, no one controls how long this exception is valid. As a result, these exceptions are valid for a long time and accumulate one by one. With the help of AlgoSec, it is very easy to eliminate this problem. A timer is set for a given firewall rule and, when the timer runs out, a security engineer is notified that the rule is set to expire at the specified time.

In addition, large deployment cases face a large problem due to the number of firewall rules, which can slow down the performance of a firewall and overload the firewall memory. This happens in part because of duplicate rules and rules that conflict with one another. With the help of AlgoSec, we reduce the number of rules, on average, by 30 to 35 percent. AlgoSec cleans duplicate rules and conflicting rules, freeing up memory.

At least two of our clients, when using AlgoSec extensively, have seen a reduction of at least 1.5 to two times what it would take them to implement firewall rules, by reusing predefined templates within AlgoSec. In addition, they find it extremely helpful that AlgoSec checks them for compliance. Before AlgoSec, they had to manually justify compliance of every single firewall rule, when being audited for compliance. They had to explain why it was created, which client and/or service was behind that rule, et cetera. In comparison, AlgoSec does the compliance check on each and every firewall rule making sure it is always compliant with the latest requirements and one can quickly create a report to prove it.

When it comes to preparing for audits and ensuring firewalls are in compliance, about 60 percent of our clients are financial institutions, like banks and insurance companies. They have to adhere to the strict compliance rules and AlgoSec allows us to ensure that the firewalls are in compliance with the normative requirements. IT departments are able to create PCI and DFS reports via AlgoSec that are acceptable for such audits.

In terms of working with multiple security vendors, we usually integrate AlgoSec with other service desk vendors, like ServiceNow and controllers like Cisco ACI. AlgoSec has resources on their website where we can find documentation about integrations with various systems. It was fairly easy to integrate AlgoSec with ServiceNow and Cisco ACI. Their API is understandable and very well described.

The major value, at least here in Ukraine, when integrating AlgoSec with Cisco ACI is that we see most of our clients prefer DSN systems, like Cisco ACI, for data processing. ACI contracts are treated similarly to firewall rules, i.e. permission is required for access. Some of our clients use over 400 such contracts for data processing. Implementing access rules for these systems is not easy. With the help of AlgoSec we can create a rule and AlgoSec checks it for compliance, for duplicate rules, and rule conflicts. That very much simplifies the implementation and deployment of contracts in ACI.

AlgoSec helps tremendously when it comes to reducing human errors, especially when the environment includes firewalls from disparate vendors. In that situation, the probability of human error is very high. It is difficult for me to approximate by what percent it has reduced human error but the reduction is very significant.

In addition, it has helped to simplify the job of security engineers. I’m very sure of that because, otherwise, our clients wouldn’t buy more AlgoSec user licenses.

What is most valuable?

For us, as well as for our customers, firewall management and change management are the most important features.

What needs improvement?

We see a very high demand for using containers and Dockers and therefore there is a need for managing access control to these platforms. I checked AlgoSec’s roadmap and, for now, there are no plans for developing these features.

For how long have I used the solution?

We have worked with AlgoSec for two to three years, implementing the solution for our clients.

What do I think about the stability of the solution?

Everything works great. We have not seen any significant bugs.

What do I think about the scalability of the solution?

Our deployments of AlgoSec are not large so we haven’t faced a scalability issue. The maximum AlgoSec deployment we’ve done is for about 100 endpoints and that is not a problem for AlgoSec.

How are customer service and technical support?

We have never needed to use AlgoSec support.

How was the initial setup?

To deploy AlgoSec properly it is important to understand the client's environment. To that end, we have a questionnaire that we send to our clients and that helps clarify what the client's requirements are. It also provides information on the architecture of their environments. Once we receive the questionnaire, we go over the project specifications with them to make sure they didn’t miss anything, such as integrations with other systems. 

Next, we usually do a PoC to test AlgoSec in their environment and that is when we calibrate the solution to the client’s specs and do the necessary customizations. Then we purchase the licenses and roll out AlgoSec into the client's production environment. We also provide technical support for the client for at least a year to make sure that they become familiar with the solution.

The amount of time it takes to deploy always depends on the complexity of the client’s requirements. For example, for firewall management setup without integration with other systems like a service desk or reporting systems, deployment generally takes up to one month. If we need to integrate AlgoSec with solutions like a service desk, then the deployment can take up to four months because there are major changes to the whole business process and these changes require planning, documentation, implementation, and training of end-users.

There are usually three people involved on our side: a salesperson and two engineers, with the latter actually implementing AlgoSec.

What's my experience with pricing, setup cost, and licensing?

I can’t say that this is a cheap system. It's affordable for large enterprises and, in some cases, for mid-sized companies. For the majority of other companies, this solution is out of their price range.

Which other solutions did I evaluate?

I have hands-on experience with Tuffin and both of these products (Tuffin and AlgoSec) are equal in terms of functionality. In terms of main differences, it comes down to a personal preference.

What other advice do I have?

My advice is to do a PoC. Many would simply read reviews about the solution, watch demos, and request price quotes. At that point they would note that it is not a cheap solution and stop there. That is why I strongly recommend doing a PoC. Only through using the solution can you see how easy it is to manage and implement security rules. It becomes very clear that you’ll see a return on investment in terms of the time saved by your security engineers.

Another recommendation would be to evaluate similar solutions to AlgoSec, especially for companies that are planning the implementation of DSN systems, like Cisco ACI. This is because it involves labor-intensive rules implementation, and with the help of AlgoSec it can be drastically simplified.

The overall visibility the solution provides into network security policies is not applicable to us because our clients are using AlgoSec for firewall only, for edge connectivity of their networks to the internet. We only have one client that used AlgoSec to control rules on the internal firewall, which is deployed into their data center.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner/Integrator
Flag as inappropriate
AP
Consultant at a computer software company with 10,001+ employees
Real User
An excellent, intelligent tool that is helpful for finding duplicate rules

Pros and Cons

  • "Because we get about 60 to 70 rules to deploy a week during the firewall maintenance window, we might create some duplicate rules or open duplicate ports. AlgoSec has become very helpful whenever we need to find out the nodes or subnets that have already been created, then we don't need to create the duplicate subnet of that particular IP address."
  • "The technical support response time is low. This might be due to the coronavirus pandemic situation, but I am not getting full support when working with them."

What is our primary use case?

It helps us load the bulk of organizations. We can maintain policies using AlgoSec's fine-tuning, which is why we use its automation. Once a request has been approved and it is in our queue, we check the parts of the firewalls between source and destinations. It also helps us push policy and remove unnecessary rules.

I have used Algosec Firewall Analyzer (AFA) and FireFlow. We also use AppChange for its automation, where we can integrate our MDT tools with our AlgoSec project.

Our customers have on-premises data centers as well as infrastructure in the cloud: hybrid. We are the service provider for the cloud and our data centers are also on the cloud.

How has it helped my organization?

Because every organization goes with a CIS audit, it is helpful for auditing purposes. Before an audit, we clean up all the unnecessary rules, ports, etc. 

Because we get about 60 to 70 rules to deploy a week during the firewall maintenance window, we might create some duplicate rules or open duplicate ports. AlgoSec has become very helpful whenever we need to find out the nodes or subnets that have already been created, then we don't need to create the duplicate subnet of that particular IP address. We then pass this information onto our firewall and deploy it.

AlgoSec helps by doing the job of our security engineers. For example, we need four security engineers to push policies. However, if we go with Algosec and its automation tools, two engineers are sufficient to do this, but are needed from a troubleshooting perspective. Therefore, the workload should be low while using the Algosec, making the work easier for our engineers.

What is most valuable?

AFA is helpful when finding duplicate rules, subnets, and policies for your ports that have not been used in the last six months. It also helps to find out which ports have been opened for all firewalls. After that, we run the reports and share them with the customer. After getting approval from the customer, if there is a block on a particular port or ports not used in a current environment, Analyzer is helpful when placing the change request of the users. In this case, AlgoSec provides the link to the user who raises the request though the automation, which is the change request. From that change request, it comes through our ticketing tools, e.g., BMC Remedy. Then, we have to check and approve it. Once it gets approved, we deploy the particular policies, as per the user's request.

It provides visibility for the risk. Whenever unnecessary ports have been opened in our environment, whether by mistake or human error, a support ticket gets opened so we can find out about it in an easy way. After that, we can implement or block the particular ports if they are not necessary for the organization's production. The solution has become more helpful during the cleanup rules for the firewall, when we do those activities twice a month. For example, if a user raises a request two to three months ago, then we forget to block the particular port by human error. During the client's cleanup workshop, we can make things clearer, which is more useful for us when cleaning up unnecessary rules and ports from the firewall.

AlgoSec enables us to manage these hybrid environments in a single pane of glass.

It is an excellent, intelligent tool. The console is user-friendly for understanding and implementing things on firewalls. It is helpful for finding duplicate rules. 

What needs improvement?

We would like the full features of automation. That would definitely be helpful. Then, we would be capable of pushing policies to the Algosec as well as finding the path. 

We would like to get the network nodes from all the different firewall analyzers. For example, in Tufin, we can find other network tools, like router switches, which show the path between source and destination.

For how long have I used the solution?

I have deployed AlgoSec for two customers as well as implementing their Check Point Firewalls.

What do I think about the stability of the solution?

It is a stable tool.

What do I think about the scalability of the solution?

When we are not using Algosec, we have nearly 1,000 drones. Whenever we deploy or integrate Algosec with our firewall, then we see less rules, about 650 to 750. 

How are customer service and technical support?

The technical support response time is low. This might be due to the coronavirus pandemic situation, but I am not getting full support when working with them.

How was the initial setup?

The initial setup is easy, not complex. I use Google Survey data, which is very user-friendly. 

I deploy and integrate two to three firewalls in a day.

What about the implementation team?

I am not managing AlgoSec because I am not part of operations. I am part of the deployment team. So, I have deployed it to a particular account, and once it's working, then the support person from my team who works on that account takes care of all the AlgoSec tools.

Two to three people manage AlgoSec across 24/5 shifts. 

What was our ROI?

It has reduced the time it takes to implement firewall rules. For example, in our environment, we have a number of unnecessary rules (about 350 rules) which are unnecessarily open on firewalls, including blocked ports, something between source and destination, duplicate nodes, and duplicate users. We can find all these things. After that, we can clean them up. From my point of view, it is more helpful for the cleanup and all of those activities as well as more helpful for the automation part, which is the change requests. If you do this activity manually, then it takes more than a month to find out the duplicates rules from firewalls by checking a PDF or exporting the rules into an Excel file. From there, we need the filter to find out the duplicate nodes. So, it definitely takes more time manually. However, if we are using AlgoSec, then we can do it in a day.

Which other solutions did I evaluate?

I find that Tufin and AlgoSec both have good solutions, but I would rate Tufin as 10 out of 10 where I would put AlgoSec as a nine out of 10.

We deploy microsegmentation with Guardicore.

What other advice do I have?

I would rate AlgoSec as a nine out of 10. Overall, my experience with this tool and its technologies have been very good.

I am aware that AlgoSec works with multiple vendors. We use it with FTD firewalls and SonicWall firewalls. We also have to integrate it with Check Point, Cisco, and Palo Alto. So, the solution is helpful when working with different vendors. For the integration part, it is very easy and user-friendly. We need to know about their rules, admin password, and the virtual IP address of the firewalls that we have to enter. After that, it provides the information and gets the topology.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about AlgoSec. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,695 professionals have used our research since 2012.
BK
Senior Technical Analyst at a maritime company with 1,001-5,000 employees
Real User
Gives us a high level of confidence that our ACLs and our risk components are in line with our expectations

Pros and Cons

  • "AlgoSec gives us a high level of confidence that our ACLs and our risk components are actually in line with our expectations. Because we run a lot of our firewalls as an internal change control boundary, we rely on them heavily to segregate vendor networks. It gives us a high level of confidence that those third-party networks that ride on the backbone are segregated and appropriately defined."
  • "We have a fairly complex routing environment that AlgoSec struggled with having dual routers and first hop routing protocols. The initial period when we were doing an installation with their support desk was fairly challenging."

What is our primary use case?

We use AlgoSec Firewall Analyzer and FireFlow. 

Our primary infrastructure is all on-premise. We tend to leverage only SaaS components of the public cloud. We have over ninety sites including branch offices and Data Centers.

We have over on hundred firewalls and we are a PCI compliant organization. So, we use it for all of our change control around all of our firewall ACL deployments, as well as our risk profiling. We use Fireflow for the change management and audit control. The IT security department uses it for ACL reviews and ACL change requests.

How has it helped my organization?

Specifically, with FireFlow, we've managed to integrate that into our overall change advisory and request for change control process: requests flow through a ticket, through AlgoSec Fireflow, through our IT security department for approvals. We've taken advantage of all that. We generally do not have any out-of-band changes and those that happen are logged, tracked and reported on.

The Active Change component has helped reduce human error and given people more confidence the ACL changes have been applied as they requested.

AlgoSec has helped to simplify the job of our security auditors. Primarily, from an audit perspective, it's much faster than it ever was because they can review the ACLs all in one tool now, as opposed to asking for plain text CSV dumps of firewall rules. They can also respond a lot faster now to requests for ACLs as to whether or not they're valid or required because they can review the traffic simulator.

AlgoSec enables us to manage our dispersed environments in a single pane of glass for the firewalls. Seeing all of those firewalls in one view, we no longer need to use things like the Cisco ASDM for day-to-day ACL management. 

What is most valuable?

AlgoSec gives us a high level of confidence that our ACLs and our risk components are actually in line with our expectations. Because we run a lot of our firewalls as an internal change control boundary, we rely on them heavily to segregate security zones. It gives us a high level of confidence that things like third-party networks that ride on the backbone are segregated and appropriately defined.

The features I find the most valuable are the:

  • Duplicate objects
  • Unused rules
  • Duplicate rules.

The traffic simulation has been really valuable, especially with other business units that aren't familiar with the firewalls but are looking to see whether or not traffic they're using or going to be putting on the network through projects is going to be impacted.

The overall visibility that AlgoSec gives into our network security policies is high. Our firewalls are our primary control boundary on the LAN. They give us the most amount of visibility we can get at that layer without microsegmentation.

AlgoSec provides us with full visibility into the risk involved in firewall change requests. That feature is important to us because we're a heavily risk-averse organization when it comes to IT control and changes, It allows us to verify, for the most part, that the controls that IT security is putting in place are being maintained and tracked at the security boundaries.

It has reduced the time it takes to implement firewall rules. We can sometimes do 20 to 30 ACL either adds, removes, or changes in a week. In some cases those changes are now down to minutes. Prior to AlgoSec, we would have to do all the manual verification which meant potentially logging into every related firewall, checking every ACL, and making sure that we got the placement correct.

What needs improvement?

We have a fairly complex routing environment that AlgoSec struggled with. The initial period when we were doing an installation with their support desk was fairly challenging.

For how long have I used the solution?

I have been using AlgoSec for about a year and a half to two years.

What do I think about the stability of the solution?

We have not had any issues with stability.

What do I think about the scalability of the solution?

So far, we haven't had any issues with scalability. We're at 100+ firewalls, all of them logging directly to the product without issue, and we're using it daily.

How are customer service and technical support?

We've had a mixed experience with their support. It's swung the gamut from someone who will just reference their own publicly available knowledge base right up to someone going directly to the developers. That process has felt inconsistent. I never know which one I'm getting.

Which solution did I use previously and why did I switch?

We were not previously using another solution. We chose AlgoSec because we knew that we were going to be managing ACLs globally at a rapid rate going forward and we needed a solution for that.

How was the initial setup?

For our implementation strategy, we used their JumpStart process where they actually had an AlgoSec representative come to us and get us through the implementation. That resource was here for about a week. By the end of the week, it was up and running enough for us to complete the more organization specific components of the implementation.

We had three staff involved in the deployment and there's typically a team of about five of us involved in the daily maintenance and operations. We were all part of the JumpStart. 

About a dozen people now use the tool regularly and that number continues to increase.

What was our ROI?

For us, on the network team specifically, we're a small team relative to the number of devices that we manage. Having so many firewall rule changes come in on a regular basis, we were likely going to lose a body if not two, just to managing ACL adds and changes.

What's my experience with pricing, setup cost, and licensing?

Initially, the licensing was a little bit unclear. We run a of our firewalls with high availability solutions and how licenses got presented and accounted for was unclear. Overall though, the licensing is pretty straightforward.

The licensing and support cost is fairly significant, likely out of reach for any small and most medium sized businesses without a significant security requirement.

Which other solutions did I evaluate?

We looked at Tufin and FireMon. At the time, FireMon was cloud-based and we had a policy that didn't allow us to use it.

We had met with AlgoSec a couple of times over the years at Cisco Live. We were familiar with their platform.

What other advice do I have?

My advice would be to be ready to find out the things you probably didn't know. For us, there were a lot of rules that were implemented that weren't being used, a lot of objects that were duplicates.  We were unknowingly hoarding all kinds of configuration data that was no longer relevant.

Overall, I would rate AlgoSec a solid eight out of 10.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
MiracleChukwudebe
Security Analyst at Ethnos IT Solutions LTD
Real User
Top 20
Analyzes existing policies that you have set up on your devices, gauging the risk

Pros and Cons

  • "ActiveChange integrates with your change workflow and ticketing system. For example, a change request is made to open port 8080. Then, if the guy who was supposed to implement that change mistakenly opened port 80, then ActiveChange will say, "What was approved was 8080, but what you actually opened was 80." That actually helps to fix human errors. It helps to check everything that is being done. You can go through the analysis and see changes that were made, and AlgoSec is able to alert you immediately. Whenever there is a change, notifications are sent to the administrators because it gives you that real-time alerting and change."
  • "Since COVID-19, a number of the technical support team members have been working from home or remotely. So, we haven't gotten support people right when we need them. Sometimes, it takes a couple of hours or even days for us to get that instant support that we used to get."

What is our primary use case?

We help deploy solutions to customers around Africa and Nigeria. We deploy it, then we also provide local support to our customers. We do PoCs, deploy solutions, and provide support whenever we have the opportunity to provide solutions which solve problems of one or two customers.

Most of our clients just want to stick with AFA. Most times, we just work around AFA and do a lot of things with it. We are quite conversant with AFA's portfolio.

How has it helped my organization?

AlgoSec provides our customers with full visibility into the risk involved in firewall change requests. Most of our customers are in the financial industry. AlgoSec can analyze existing policies that you have set up on your devices, gauging the risk. For example, with PCI requirements, there needs to be a description for each firewall rule change as to why it was made. Therefore, if a change was made by one of our clients, who was unable to put a description or comment against that rule, then automatically I would need to flag that.

ActiveChange integrates with your change workflow and ticketing system. For example, a change request is made to open port 8080. Then, if the guy who was supposed to implement that change mistakenly opened port 80, then ActiveChange will say, "What was approved was 8080, but what you actually opened was 80." That actually helps to fix human errors. It helps to check everything that is being done. You can go through the analysis and see changes that were made, and AlgoSec is able to alert you immediately. Whenever there is a change, notifications are sent to the administrators because it gives you that real-time alerting and change. 

What is most valuable?

The most valuable features are:

  • Compliance reporting
  • Their immediate support team
  • Maps: You can trace the traffic and what firewall is blocking what connections, services, and websites.

You don't need to be tech-oriented to work with AlgoSec.

One of the beautiful things about AlgoSec is that it gives you templates. There are quite a number of compliance templates, depending on the industry that you are in. For example:

  • The ISO number system
  • The information security - ISMS management system
  • PCI DSS
  • FISMA Compliance. 

For our clients, they especially have to maintain ISMS and PCI DSS, as these are the two compliance regulations that they have to maintain. You can run analysis or reporting based on the templates. Within minutes, you get into the report, can see your compliance status, and what exactly you need to fix. You can clearly see what parts of the requirements you are not meeting and where you are falling short within standards. It is very clear and visible. We can customize all of this with the reporting, however the client wants it. This is one of the critical parts for most of our clients.

What needs improvement?

In late December or early January, we were trying to add another solution, but it wasn't working because there was no support for the version that we were running at that point. After they released the hotfix, that took care of this issue. That particular device was then supported. So, it has been very stable and working fine since then.

For how long have I used the solution?

I have been using it for about three years now.

What do I think about the stability of the solution?

The stability is excellent.

There have been some recent updates and hotfixes that have been released. These have taken care of a number of things, which include support for some particular firewalls.

What do I think about the scalability of the solution?

The scalability is good. We have had to scale for some of our clients who have about 10 firewalls or 10 network devices, and they wanted to have more. All we had to do was acquire more licenses, then we just scaled. It is quite seamless.

How are customer service and technical support?

I have worked with AlgoSec for about three years. Before COVID-19 struck, the technical support used to be 10 of 10. You would make a support call, someone would join you on a session, and you would get help almost instantly. Since COVID-19, a number of the technical support team members have been working from home or remotely. So, we haven't gotten to support people right when we need them. Sometimes, it takes a couple of hours or even days for us to get that instant support that we used to get. I think they are working on it. The last time that I had a support session with them, which was about two months back, I saw some relative improvements.

How was the initial setup?

We have been using the OVA file on a virtual box. Once we slam it on the VM, it is quite straightforward. Once you are done with that, then you define the IPs.

What's my experience with pricing, setup cost, and licensing?

We have had quite a number of our prospective clients have come to us, and say, "Hey guys, we want AlgoSec," but one of their turn-offs has been the pricing. I would like it if AlgoSec would review their pricing and come down on it. The solution is quite amazing and versatile, so we would really appreciate it if the pricing could be reviewed for Nigeria because we definitely would get more sales if that happened. 

In Nigeria, quite a number of industries have been hit hard by COVID-19 and we are not a high income generating country, so a lot of people want to cut costs. When it comes to the security, companies would rather settle for less and take a step back because of the cost. They might even put infrastructures off. However, if the pricing is reasonable and affordable for people in this part of the world, then our company will definitely see more sales.

Which other solutions did I evaluate?

AlgoSec is 10 out of 10 compared to FireMon. Compared to any other solution that does firewall analysis and policy management, AlgoSec deserves 10 out 10 because of:

  • Its simplicity: Virtually everything about AlgoSec is straightforward.
  • Versatility, as far as the reporting and alerting.
  • Support, which is quite amazing.

What other advice do I have?

If you are looking for a tool that will provide you clear visibility into all the changes in your network and help people prepare well with compliance, then AlgoSec is the tool for you. Don't think twice - AlgoSec is the tool for any company that wants clear analysis into their network and policy management.

Anybody can use AlgoSec once they take all the training.

Compared with other tools on the market, the solution is 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
LT
Security Manager at a transportation company with 1,001-5,000 employees
Real User
Top 5
Makes audits much easier, providing an almost instant "yes" or "no" regarding compliance

Pros and Cons

  • "The firewall policy summarization is the most valuable feature. It helps us to cross-check the firewall ruleset. That's the main purpose of it. And of course, it monitors changes of the firewall policy. It provides full visibility into the risk involved in firewall change requests. It helps us to check for any integrity issues and conflicts with other rulesets, and of course the compliance."
  • "Now that we've moved to the VM it is more stable and independent of hardware."

What is our primary use case?

We use it for firewall ruleset management. It's mainly to manage the firewall ruleset changes and for monitoring compliance.

In our environment we use Algosec Firewall Analyzer. Our network environment is a mixture of public and private clouds. We have more than 3,000 network switches and we are managing almost 20 firewalls that are on-premises. That doesn't include the cloud firewalls because AlgoSec does not extend to that area.

How has it helped my organization?

The main benefit is mainly related to security and our network operation. It helps with firewall and ACL management. In terms of security, it helps us safeguard the firewall ruleset. It's not directly important to the business for income, but it helps us to safeguard our operations and security.

It's also good to have AlgoSec for monitoring, as a measure for security compliance, because the firewall is the gateway from on-premises to the internet or to our business partners. It plays an important role.

It makes the audit process much easier because it provides an almost instant "yes" or "no" regarding compliance. On top of that, you can generate a move-and-change record for auditing purposes. It fulfills the requirements.

Algosec's automation helps reduce human error as well. It helps ensure our firewall policy integrity. It's the kind of machine that helps cross-check those areas, and that helps. Before we really applied AlgoSec for operations, we just used it as a monitoring tool. But after we started discovering manual errors, we tried to use AlgoSec as a prerequisite, and to check the ruleset changes that would be applied to production before they were applied in production. It works well as a checker.

In addition, it has reduced our workload in terms of manual checking to some extent. The lead time for AlgoSec to check against basic, fundamental compliance is great; much better than when done by humans. It reduces the time needed for that part of the analysis. And it helps me to make sure that the applied changes are meeting compliance requirements.

What is most valuable?

The firewall policy summarization is the most valuable feature. It helps us to cross-check the firewall ruleset. That's the main purpose of it. And of course, it monitors changes of the firewall policy. It provides full visibility into the risk involved in firewall change requests. It helps us to check for any integrity issues and conflicts with other rulesets, and of course the compliance.

When it comes to integrating with the leading vendors, we haven't had any hiccups integrating Algosec with existing firewalls or network switches, router switches, ASAs, or VPNs. It has to be great. I don't think another brand name or latecomer will do better than Algosec.

For how long have I used the solution?

I have been using AlgoSec for more than seven years.

What do I think about the stability of the solution?

The stability is good. When we had the appliances it ran for a couple of years. Now that we've moved to the VM it is more stable and independent of hardware.

How are customer service and technical support?

We used to be in an appliance for AlgoSec but two years ago we moved it to a VM version. The vendor supported us in that process. That was good. Other than that, we haven't needed to contact their technical support much.

I don't work directly with their technical support, my subordinate works with them. According to what I've heard so far, it's been very good and very helpful.

How was the initial setup?

The initial setup was a long time ago. I remember it being a little bit hard, but I don't think we're a good reference point because it was almost seven years ago. When we moved to the VM version two years ago, we updated our skill set and it is manageable for my people. It should be easy to integrate.

For our initial setup, I remember the Check Point firewalls were seeing some key exchange. When there is an upgrade, you need to do a key installation. That was a little bit difficult seven years ago, but I believe most people now have experience and they know how to handle that. Back then, not many people had experience on Check Point firewalls or even AlgoSec.

Overall, the deployment is easy, but because our organization has a change process, the testing process involved with that takes a longer time. The actual integration is not difficult and it won't take much time.

Rather than talking about simplifying the installation, it should be standardized. There should be more documentation for AlgoSec. The firewall vendors, and even the network equipment vendors have more "Welcome to This Type of Management Tool." They have more clear documentation.

Some of the use cases appear in the community but the vendor could set up a forum where users can share tricky experiences and how to resolve them. An actual case-scenario Knowledge Base is much better than documentation that only describes the straightforward settings.

For maintenance of Algosec we need just one person. The deployment was done by our network team. I used to be on the network team and I was the one who introduced it. Later, I transferred to the security team. I log in to the content now, but not the platform. It is now managed by one of the network team members. Across our organization, there are about five people accessing it.

What about the implementation team?

We used a system integrator to deploy it, called Dimension Data. 

What other advice do I have?

It does its job. I don't expect more than that. We use it to manage the firewall and the firewall is such a mature product, and everything is satisfied.

We don't use it to help us in speeding up setting the firewall ruleset or doing testing phases, because our development cycle is a little bit different. The developers have to state what they need and then we apply it. We only use AlgoSec to cross-check when the testing result moves to production. It doesn't help us much in the development stage.

In terms of the cloud, we are just beginning to build a CoE, a core of excellence. There are many other native solutions provided by the CSP and there are some CASPI solutions—CWP, PP, and CSPM—that will help us with the governance of firewalls or the network security policies. We haven't determined our direction yet.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Andrew Kemna
Network Infrastructure Engineer at Cigna/Express Scripts
Real User
Straightforward to set up, automation saves us time and reduces human errors

Pros and Cons

  • "The most valuable feature is the automation that can be accomplished by using scripts. If we didn't have AlgoSec, I would have to do everything manually."
  • "When we send multiple requests across at once, sometimes it causes errors and FireFlow gets stuck. In cases like this, we have to go back in and fix it."

What is our primary use case?

We use several of the AlgoSec components including the firewall analyzer (AFA) and FireFlow. We may also use CloudFlow. 

We use AlgoSec primarily for Check Point. We run a script that works with Check Point and spits out rules. We also use it to create changes. Specifically, it will create new roles and we can use it to check if there are blocks on Check Point, as well.

In the future, we may use it with Palo Alto.

How has it helped my organization?

AlgoSec gives us good visibility into our network security policies. Overall, I would rate it a ten out of ten in this regard.

Before firewall change requests are made, it provides us with full visibility into the risks that are involved. This really helps because it lets people know that they should question the traffic. It gives them alerts and those red flags really help because it doesn't require having to do a deep dive into each change request.

I have used it for replicating rules in the process of migrating to the cloud. It makes replicating rules faster and I would rate it a ten out of ten in terms of being able to help with migration such that there are no security gaps. The process is not hard at all. It will show every rule to replicate, right there on multiple firewalls at once. Overall, it's very easy.

As we have migrated rules to the cloud, AlgoSec has given us better visibility into our application connectivity flows. This has made my life a lot easier because I can quickly tell, even before putting the request in, if the rule is needed or not needed.

AlgoSec has helped to simplify the job of our security engineers because the guys that question the traffic can see it in FireFlow. When I put a request in, the information protection people can see that request and they can use FireFlow to send a response back saying they need to explain why this is needed or provide something else in order to get the request through. Essentially, they can utilize it to question traffic, which is awesome.

The integration with Cisco works well. It's able to spot the Cisco devices perfectly and I'm sure that when we start using Palo Alto, it's going to handle them just as easily.

What is most valuable?

We can use it to create new rules. It will consider huge lists of lines of traffic in one rule at once, and multiple requests, which is amazing.

The most valuable feature is the automation that can be accomplished by using scripts. If we didn't have AlgoSec, I would have to do everything manually. It can create multiple rules for multiple requests at once. It can handle hundreds of them and in fact, it's ridiculous how much it can handle. The fact that it can also check for blocks while you're creating new requests is awesome.

Automation has helped to reduce human error and misconfigurations. It is now a lot better than it was before.

This solution has absolutely reduced the time that it takes to implement firewall rules. If we didn't have FireFlow, we would have to do a lot of things manually. With as many firewall requests as we have daily, we would lose a lot of time. For example, sometimes we get between 20 and 40 firewall requests a week and I can do all 20 of those in one day if they are okay in terms of the traffic. Trying to do 20 requests manually would take a lot more time. As it is now, I just have to put them in through an Excel sheet and it not only saves me time and stress, it saves the company money. Also, the requester is happy because it is done fast and we can do multiple requests at once. Not only does it make me happy, partly because it frees up my time to do other things, but it makes the requester happy too.

What needs improvement?

When we send multiple requests across at once, sometimes it causes errors and FireFlow gets stuck. In cases like this, we have to go back in and fix it.

For how long have I used the solution?

I have been using AlgoSec for two years.

What do I think about the stability of the solution?

This is a very stable product. During the night, it runs a little bit slow because we have a lot of things running during that time.

What do I think about the scalability of the solution?

AlgoSec is definitely scalable. Being able to check blocks and traffic, and create scripts to handle multiple requests at once, and then check blocks to see if each request is needed or not, contributes to how well it scales. I would rate scalability a ten out of ten.

My entire team, as well as people who are not from my team use it to check blocks and for other tasks. The network operations team uses it a lot to check blocks and traffic.

In the future, we will be using it for Palo Alto and in addition, I expect that our usage will increase for other use cases.

How are customer service and support?

I have not personally been in contact with technical support, although I know some people here have. They say good things about support.

How was the initial setup?

The initial setup is pretty straightforward. It's very simple.

It only took me about a week to learn, so the deployment didn't take very long.

What about the implementation team?

We had one person in-house that was responsible for the implementation. He was the product owner and was very familiar with the product. He is the one that wrote the scripts for FireFlow.

What other advice do I have?

This is definitely a product that I recommend because of its ability to handle multiple requests at once, and check blocks. Having the Firewall Analyzer and the FireFlow utilization help to make your life much easier for firewall requests.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
ITCS user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Excellent for firewall policy auditing and firewall policy automation

Pros and Cons

  • "It now takes less than half of the time it took before we had this tool to deploy the flows requested by the business."
  • "We would like to see more features in the GUI so that we don't have to work with the API as extensively."

What is our primary use case?

We've been using Algosec as our reference tool to clean our policies from old unused rules and objects and to assess rules that are categorized as risky so that we can fix those risks.

Firewall Analyzer from Algosec is our main tool for Firewall auditing and it makes our external auditors very confident on the way our policies are managed.

Fireflow from Algosec also helps us identifying which firewalls are on the way from source to destination when we need to open flows and it saves us a lot of time. We are still on our path to implement full automation of firewall policy creation with Algosec's Fireflow but the goal is to achieve it soon.

How has it helped my organization?

Since we deployed Algosec our Firewall policies which didn't have much maintenance over more than 15 years had their policies reduced to less than half the rules by using Algosec's Firewall Analyzer to remove unused rules, unused objects withing rules, compacting several firewall rules in one rule, etc.

We were also able with Firewall Analyzer to get risk reports of our firewall policies and start tackling them to close them or at least to be aware of its existance.

Firewall Analyzer is amazon in Policy Optimization and we feel we are much more secure since we have this product. If we add a rule that poses a risk we get an alert from Firewall Analyzer which is very important to us.

We are also starting to use Fireflow and our goal is to have the policy creation automated soon. For now we are already able to identify which firewalls are on the path between point A and point B and we are on the path to full automation which will reduce a lot the workload of our team.

What is most valuable?

The feature we find the most valuable is the Firewall Analyzer for the firewall policy audits and to show external auditors we have a process to identify risks and to tackle them. It's also very important for policy clean maintenance. 

This helps us know which devices are between the source and destination on the flows that we need to open for the business. The audit tools are also very important to us because we can easily have everything that needs to be presented to the security auditors.

We are in the process of implementing FireFlow for full automation which will save us time for more important things we need to to on daily basis that are not creating firewall rules. We aim to achieve the full automation soon.

What needs improvement?

In our case it would be very important to improve support to Dell switches and also some Juniper switches, which we have a lot of in our company network. This has been our difficulty for the full automation on the Fireflow. If all our network devices were Cisco I'm sure we would have the network map complete very easily and the full automation working with much less effort.

We already asked Algosec for the support of the switches we have that are not natively supported for the future versions and we expect that we are lucky enough for them to be supported on the next releases, although there are some ways of working around non-natively supported switches to complete the network map.

For how long have I used the solution?

We have been using Algosec solution for more than 2 years now.

What do I think about the stability of the solution?

We never had issues so far in terms of stability.

What do I think about the scalability of the solution?

The solution is very scalable and allows you to add all the firewalls and devices you need.

It is also scalable on the licensing as you can start by buying only the Firewall Analyzer license with which you can start onboarding all the devices and completing the network diagram so that Algosec's has the whole picture and know all the paths from network A to B.

After that you are ready to start using FireFlow and you can buy the license only when you are ready to start deploying it.

How are customer service and technical support?

Sometimes it takes more time than expected to have answers for support tickets, but in general the customer service is good.

Which solution did I use previously and why did I switch?

Not in our case.

How was the initial setup?

The initial setup has been easy. The only difficult thing was the part in which we needed to onboard non natively supported switches. That part is a bit more complex.

What about the implementation team?

We implemented with a mix of external company and in-house. The external team was helpful and had a good expertise level.

What was our ROI?

The time we save on our daily operations is very important. We could reduce the team size with this tool as we had a trainee almost fully working on opening flows.

It also allows us to detect risks on firewall rules and fix them, keeping the company network safe.

What's my experience with pricing, setup cost, and licensing?

The price for the solution is not cheap but if you use it fully it will compensate in terms of securitization and in terms of time gained on the daily operations. It is also very helpful if your company is audited on the security part.

Which other solutions did I evaluate?

We heard about Tufin and Algosec, and after going through the specs we decided to go on a POC with Algosec and ended up buying it as it fitted our needs. We followed our Firewall integrator advice, who also recommended Algosec for our Firewall's park which is basically Fortinet and Check Point.

What other advice do I have?

We recommend trying fully automation in a controlled environment before widely deploying it to the production firewalls. It's important to gain confidence on the product.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
VS
Information Security Specialist at a financial services firm with 10,001+ employees
Real User
Provides a lot of information regarding network segmentation, and the information is very well organized

Pros and Cons

  • "Firewall Analyzer and AppViz are the most important features because they provide a lot of information regarding network segmentation. For us, this is a valuable input in order to provide network segmentation for various applications that we have developed in-house or that we bought from vendors. Our network is not properly segmented right now, but we plan to do it using AlgoSec. This is the most important feature for us right now."
  • "The Firewall Analyzer module can be improved to implement a vulnerability management solution, or they can link Firewall Analyzer with a vulnerability management solution in order to get a better overview of what's going on in our network in terms of vulnerabilities."

What is our primary use case?

We use AlgoSec Firewall Analyzer and AppViz. We have bought the FireFlow license, but we do not use it currently. We plan to use it, but we are not using it right now. 

Firewall Analyzer is helpful for network assurance and meeting some requirements of PCI DSS. 

We use it to manage only our on-prem environment. Our network environment is mostly on-prem. We do not use cloud networking. We have an internal cloud, which is hosted in the Netherlands, but it is like a private cloud.

How has it helped my organization?

It gives us a pretty good understanding of what's going on in our network in terms of network security policies. In terms of the overall visibility that it gives into our network security policies, I would rate it a nine out of 10.

For preparing for audits and ensuring that our firewalls are in compliance, Firewall Analyzer gives a great overview of what's going on with the firewalls in terms of rules, etc. It offers a great input for auditors or for reporting to auditors.

We use Firewall Analyzer in order to monitor the PCI DSS network area. It is helpful for meeting some requirements of PCI DSS.

We work with multiple security vendors. It works when it comes to integrating it with the leading vendors. We didn't have any problems integrating with the solutions of our top three vendors.

What is most valuable?

Firewall Analyzer and AppViz are the most important features because they provide a lot of information regarding network segmentation. For us, this is a valuable input in order to provide network segmentation for various applications that we have developed in-house or that we bought from vendors. Our network is not properly segmented right now, but we plan to do it using AlgoSec. This is the most important feature for us right now. We also plan to use FireFlow in order to automate the firewall change management.

What needs improvement?

The Firewall Analyzer module can be improved to implement a vulnerability management solution, or they can link Firewall Analyzer with a vulnerability management solution in order to get a better overview of what's going on in our network in terms of vulnerabilities.

For how long have I used the solution?

We started implementing AlgoSec in April this year.

What do I think about the stability of the solution?

So far, so good. We didn't have any problems. It is pretty stable.

What do I think about the scalability of the solution?

From what I've heard and what I've read on their portal, it is pretty scalable. There are no issues around this.

How are customer service and support?

We have not opened any tickets on the portal. We have a dedicated support person who assists us in the deployment. They are pretty fast to react. If I ask them a question today, they will respond very quickly.

Which solution did I use previously and why did I switch?

We didn't have a different solution.

How was the initial setup?

It was pretty straightforward. We started implementing AlgoSec in April this year. We are not fully into production, but we have been using it since May. Technically, it took less than a month, but we still have to do some paperwork in terms of security procedures, security monitoring, etc. So, it has been all paperwork from May till today.

The patching process of this solution is also pretty straightforward. They provide monthly patches, and it doesn't take a whole bunch of people to maintain it. Just one or two people can do the job.

What about the implementation team?

Even though we had a reseller involved in this process, we did it on our own but with a little help from AlgoSec.

What was our ROI?

We have not yet seen an ROI. We are currently at the beginning of implementing the solution, and there is still a lot of time before we see a return on investment.

What's my experience with pricing, setup cost, and licensing?

Price is not my concern. If a tool does its job, it is not my concern to obtain a good price for it. If a tool is needed, we are going to buy it.

Which other solutions did I evaluate?

We evaluated other solutions such as Skybox, Tufin. We found the graphical user interface of AlgoSec to be very user-friendly. It provides the information that you need. The information that you need is very well organized as compared to other solutions.

What other advice do I have?

It depends on your needs. If you want to have a better overview of your network, AlgoSec is a tool that you can rely on. You can have an overview of your network by using your own equipment, but you have to dig in deeper. AlgoSec provides better visibility with a little amount of effort.

We haven't had any breaches in the past. We have not used it to implement and manage microsegmentation initiatives. We use it for network segmentation, which is done at the network level which includes firewalls, switches routers, and so on. Network segmentation is an ongoing process. 

I would rate it a nine out of 10.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate