AlgoSec Reviews

AlgoSec is used on a daily basis by both our IT and IS groups to manage BAU and FW change requests. It integrates with ServiceNow, PaloAlto, and our SIEM tool. It helps to perform FW cleanup, regulations requirement, FW migration projects, etc.

AlgoSec has helped me in the last three companies that I have worked for. I was working to do Firewall migration projects, FW cleanups of risky rules (FW policy optimization), process def between IT and IS, audit, SOC reports, GRC support, and Cloud support in both native and Hybrid environments that we use. 

The features that I have found most valuable are:

• Great visibility for High-risk firewall rules
• Mapping business risks
• Mapping risky applications
• Informative regulation reports for PCI-DSS, ISO 27001 and many more
• FW cleanup recommendation
• Easy logging capabilities with leading SIEM products in both LEEF and Syslog formats

I would like to see Bi-Directional API support in order to integrate with SOAR platforms that provide SOC automation and IRR.

Integration with CISO dashboards would be an improvement.

It would be nice to have support for IaaS, CASB, and DLP tools, which will allow full life cycle management of security incidents.

It would be nice to have an out of the box "best practices recommendation" with the relevant "what-ifs". 

This solution scaled to our entire enterprise in a seamless way.

We also used Tufin, but AlgoSec provided us better visibility and ease of use.

My advice is that you must do a POC and show value.

We did not evaluate options other than AlgoSec and Tufin.

We use the AFA to accurately determine rule use and where we can make improvements across our checkpoint estate. We have around 17 clusters of firewalls that are in constant use and frequently change rules.

AlgoSec has given us the confidence to remove unused rules, consolidate where appropriate, and prove reachability prior to searching a rule base to check access for an application or user. Breaking down a rule to specify used objects within groups and protocols used has proved invaluable for us to narrow exposure to potential threats.

A number of features are used more than others. We use the policy optimiser to search out unused objects in rules and determine when the rule was last hit accurately.

The risk and compliance area is key to ensuring we conform to company regulation. Having a number of compliance options to baseline ensures that we get the basics right before looking at advanced risks and remediation.

Finally, the traffic simulator can be used to check if a request from a user or project is already a function enabled or we have a full access change to implement.

• The maps are a little clunky and could be made easier with some automatic layout technology which assists in spacing out the devices for easier viewing.

It runs well with little intervention.

Good, it has the ability to add more devices anytime.

We use Bytes to escalate, and this has proved effective.

No. 

Straightforward, it needs to run for a period to ensure accuracy.

We used Bytes Security to assist in setup and initial optimization. 

Not really applicable.

Setup is easy; we use a VM to run it. Having knowledge in Linux is not a requirement but helps when required to update the software. Also, ensure the reseller has the ability to escalate any issues in case they can't fix it for you. Your licensing should cover the support of the product.

Yes, we looked at Tufin and FireMon.

Put it in, let it collect for up to 12 months and ensure you run regular reports. Only then can you be sure that you don't use rules. Remember, DR testing and failovers sometimes happen on a 6 or 12-month basis, and removing rules covering this will cause issues when you least expect it.

AlgoSec's Firewall Analyzer tool for rule usage and recertification. Our firewall governance group uses the AFA tool to gather object and rule usage on a recurring basis for recertification as well as research and design of new firewall rule changes.

Object and rule usage statistics enable object-level recertification of all rules. AFA usage statistics have enabled our company to establish regularly scheduled recertifications of all firewall rules across all policies.

Traffic simulation queries, policy tuner analysis and rule usage. Traffic simulation queries assist with new firewall change design and reduce manual work effort. Policy tuner analysis and rule usage enable recertification and provide additional validation for new changes.

Support/upgrade processes and documentation. The platform would benefit from additional support articles and guides on the Algopedia knowledge base.

This solution scales well from tens of devices to thousands.

Support interactions have been hit or miss. It is my understanding the AlgoSec is putting a renewed focus on support and documentation to improve this aspect going forward.

No.

Tufin

I would recommend investing the time in a full project to implement the AlgoSec suite if you will be using more than just the Analyzer piece. Fireflow and Business flow would benefit from dedicated standup time and effort to achieve the best results.

We are using Firewall Analyzer (AFA) to compare configurations from multiple firewalls, such as Cisco ASA, Palo Alto, Check Point, and so on. It helps us to streamline our firewall rules, identify risks, and provide better visibility. This product has significantly saved the time and human efforts in creating and deploying firewall rules. It is now easier for our cybersecurity team to analyze firewalls rules and ACLs, using them in a more efficient manner. Other features are also very important for us.

With the help of this product, we can manage all the network security equipment in a centralized way. We are also able to make requests to our security team about quick and valid changes requests, helping to minimize the workload in documentation, troubleshooting and so on. This helps to identify any wrong or unnecessary changes in the network security perimeter, making sure that all security policies and best practices are followed in our network domain. During change implementation, and especially after completion, we can validate, make sure that everything is working fine, and is up-to-date per our expectations.

It’s capability to build and present entire network topology via map makes team members to easily investigate the entire domain. Whenever new applications and services get on boarded and traffic rules and policies being created it automatically discovered those Apps and services and makes life easy. Each and every performance report can be fully automated using this and saves time in audit and compliance requirement.It also helps us to clean old and obsolete rules or those rules which are not in use otherwise it could be very difficult without this product as team have to log into each firewall and remove rules and policies

We are running multiple hybrid cloud solutions, working with cloud providers, and looking for API integrations with cloud and related interoperability. Sometimes, when we are trying to delete or disable any rule, it takes more time than expected. 

Sometimes, the web browser has issues with slowness. It can be worked out with a click or two. 

We are using Algosec Firewall Analyzer referred to as (AFA) since 2018.

This is very stable, robust product. During extreme load in business hours, it works well without any issues. 

It provides interoperability with all vendor firewalls and the scalability is much easier.

Technical support is always good whenever we contact the support team. We always get an immediate response and a solution within defined timelines.

Earlier we are not using any solution but always planning to procure solution that have ability to integrate multi vendor firewalls into single platform and after assessments and evaluations with OEM products we finally select Algosec as approved solution.  

Initial setup was very simple. Using Quickstart help, any member can take part in deployment and administration from basic to advanced level. 

Only the firewall integration could take time due to some complex interactions. 

We implemented using our own internal team and with the help of AlgoSec technical support team. AlgoSec technical support was excellent and prompt.

It provides an improvement in the firewall process load. It also helps with increasing CPU and memory utilization.

When it comes to the cost of support and licensing, it is much cheaper than other competing products.

We have tried FireMon and Tufin under a non-production environment, but the overall features of AlgoSec were best. Therefore, we choose this product for our production environment.

Excellent product to use and has tremendous support from OEM.

We have not faced many problems or issues using this product.

We also have not tested AI or ML capabilities and are very keen to start working with it now. 

Overall, it is well-maintained, robust platform tool for firewall management.

We use it for planning firewall changes and traffic simulation queries.

We use AFA (AlgoSec Firewall Analyzer) and FireFlow. Our network environment is mostly on-premises.

It has improved the way our organization functions in that, for our change process, we now require all changes to be planned using AlgoSec so that the security team has visibility into the changes and we're aware of any risks. We also are using the covered rules and risky-rule detection to improve our security posture.

We haven't fully implemented the processes, so we haven't measured any reduction in human error as a result of using the solution, but subjectively, it has reduced human error.

It has also helped to simplify the jobs of our security engineers.

The most valuable features for us are the functionality it provides for our two main use cases: planning firewall changes and traffic simulation queries.

We haven't used it yet to prepare for audits and ensure our firewalls are in compliance, but I think it will be very helpful for that. That's one of the main reasons we bought it.

We are using it with a couple of Cisco technologies and we're also sending events out to our Microsoft Sentinel workspace. We have a couple of other security technologies in there as well. AlgoSec integrates well with the Cisco ACI environment and with our Firepowers, our FTDs. There are still some bugs but it generally works well.

The overall visibility it gives us into our network security policies is pretty good but it has some bugs and shortcomings. It doesn't support all features on our firewalls. For instance, planning changes, which include net rules, doesn't work. It didn't integrate so well with the ACI network. It doesn't work with all firewall rules or with net rules on our firewalls.

For about 70 percent of firewall changes it does show us the risks, while for 30 percent of the changes, we can't plan because of these bugs and shortcomings.

I have been using AlgoSec for about a year.

The stability is good.

We've had no problems in terms of scalability.

I'm sure we will continue to add firewalls to it and we want to do more with the FireFlow.

Their technical support is good but it can be slow.

Neutral

The initial setup was straightforward.

We have about 10 engineers using it, and just one person who looks after it, maintenance-wise.

We used their personal services to help us set it up. We had an onboarding package. It wasn't me doing the configuration but it seemed straightforward with their support.

Our experience with them was good overall. We had some frustrations and surprises in the early days with the product not being completely compatible with our environment. But over the last year, they've been fixing the bugs which is making it much more usable. When we started, it had a lot of problems with our environment. We were only able to plan something like 40 percent of the changes, and the traffic simulations weren't working with our network environment. But now, we're up to close to 70 percent.

It took about nine months before it was properly integrated and enough of the bugs had been fixed for it to be helpful.

We are not measuring the effort saved or the errors avoided, but we think it's a good investment.

Initially, it was more expensive, but we managed to negotiate the price. It's about average now.

In addition to the standard fees, we bought the Jumpstart package to help us configure it.

We looked into Tufin. We chose AlgoSec because of its support for Cisco ACI. Tufin was just releasing that and we felt that AlgoSec was a more mature product.

At the moment, it hasn't reduced the time it takes to implement firewall rules in our organization. It's being used to improve the quality of the changes we make and improve visibility. But we haven't fully implemented the FireFlow features. That's our problem, rather than the tool. We just haven't finished implementing it.

We're only using AlgoSec for on-premises, but we do have environments in the cloud and we plan to use it for those in the future. It would help us manage these multiple environments in a single pane of glass, but for the moment we aren't using it in that way. However, we do have a number of firewalls that we have onboarded from acquisitions, so we are not just using it for our data centers. We're using it for smaller acquisitions' firewalls as well to understand the security posture of companies that we are purchasing.

My advice would be to make sure that the solution is completely compatible with whatever infrastructure you have. We should have spent more time evaluating its support for our infrastructure to avoid some of the problems or surprises we had when we implemented it.

The solution is mainly used for auditing firewall rules and inter-zone connectivity within the client environment. 

Another use case we have at the moment is to audit all changes done on the firewalls across the environment. We are also using Fireflow which significantly reduces the administration effort and time required to analyze, plan, and implement firewall changes on a day to day basis. 

Compliance reports are a big help and ensure that the client environment is up to date in terms of their security standing.

AlgoSec has definitely helped to improve the process of auditing all firewall rules and access. 

From a security standpoint, it has significantly improved an organization's standing from identifying all risky items in a given firewall policy as well as change audits, among others. 

Using Fireflow has also significantly reduced the amount of effort and time required to analyze and plan firewall changes that normally happen on a near-daily basis. 

Change audit has also reduced the effort during audit season especially when clients are running multiple-vendor firewalls.

Risky rules and compliance profiles are very valuable. With these reports, we are able to identify gaps in the client's firewall policy and this allows us to effectively remediate such gaps. 

The time and effort saved by using these compliance reports or profiles are definitely welcome. Another feature that we would use on a near-daily basis is the Fireflow and simulation query functionality. With the simulation query, one would not need to log into a specific firewall vendor console to verify if access is allowed or not; we run it through the simulation which saves us a lot of effort.

Support could be improved. Support of the KB database is extensive but still does not cover all subjects, at least from my experience. 

Another area of concern that I think could be improved is the licensing system. With the version we are currently running, it is a bit confusing since, for some reason, AlgoSec license usage is handled differently between firewall vendors. It may be a bit challenging to properly size the purchase of a new license - especially if a client is running multiple vendor firewalls in the environment.

I've been personally been using AlgoSec for more than ten years now.

The solution is very reliable. No issues encountered during daily operations.

I haven't personally done a lot of scaling projects with this product.

The technical support is all right, however, it can be improved.

Neutral

We did not previously use a different solution. 

The setup is pretty straightforward and AlgoSec did provide support during the process.

We worked in-house, with AlgoSec, and with a vendor found that both are highly knowledgeable.

I'm not part of the business team and do not analyze this aspect.

I am not part of the team in charge of licensing. 

We also looked into FireMon and Tufin.

I am part of the team providing managed security solutions and we have a number of clients that have a lot of network and security devices in their environment.

We use AlgoSec primarily to provide solutions to our clients in terms of how we can help tighten their security and optimize network performance.

AlgoSec Firewall Analyser makes this easily possible and with the help of AlgoSec's readily available reports, we are able to provide to all our clients the security and compliance report.

Before AlgoSec, our firewall rules got pretty big over time and it came to the point where it was barely manageable. Duplicate rules and objects were everywhere and there was nothing we could do about it. Performing a manual clean-up was a nightmare and near to impossible.

AlgoSec Firewall Analyser improves the firewall rules dramatically by identifying rules and objects that are not needed and consolidates rules and rule re-ordering.

It also helped our team to optimize performance and further secure the network by identifying risky rules.

I always find the policy optimization by identifying duplicate objects, shadowed rules, and unused objects pretty useful. By eliminating all these duplicate objects, unused rules, and unused objects, firewalls and other security devices will use fewer resources to process certain tasks/requests.

This will benefit both the security engineer managing the security devices and the client as they will spend less time in dealing with optimization and therefore can focus more on other important matters.

AlgoSec firewall analyzer is already an awesome product but there are still some areas that definitely need improving.

For instance, the risky rules reporting should have more information available in the risky rules report - especially when you export the data into a .CSV format. .CSV format being a text-based visualization, some information and formatting cause the reports to lose meaning and only become just another character in the file since it cannot port over some properties (like severity represented by colors).

I've used the solution for more than ten years.

We did not use a different solution previously.

The setup is pretty easy and the cost is really worth it.

We did not evaluate other options. 

I have been implementing AlgoSec for different end customers. None of the environments are on the cloud, they're on-premise applications. Some of them have been planned, but a majority of them are for virtual instances. I have implemented four or five end-customers and also supported them with AlgoSec.

I deploy and maintain AlgoSec for customers for test purposes. I use it before doing anything on the customer's premises. For testing purposes, I have used it in my own environment also, but the majority of the time I'm using it in the customers' environment.

I have integrated AlgoSec with Check Point, Palo Alto, some older Cisco versions like WSN, Fortinet firewalls, and Cisco ASA.

The features that I like are the monitoring and the alerts. It provides real-time monitoring, or at least close to real-time. I think that is important. I like its way of organizing, also. It is pretty clear. I also like their reporting structure - the way we can use AlgoSec to clear a rule base, like covering and hiding rules. For example, if the customer is concerned about different standards, like ISO or PZI levels, we can all do the same compliance from AlgoSec. We can even track the change monitoring and mitigate their risks with it. You can customize the workflows based on their environment. I find those features interesting in AlgoSec.

The visibility is pretty clear from top to bottom, even interconnected maps and zones.

We can always customize the standard risk profiles. But even within the standard one, before doing any changes, when you go with the flow, they always inform you. Before implementing the change, you get the visibility there. You get the visibility with risks.

This is important because the places that I have worked have different departments for risk handling. So whenever we go through the flows before implementing, that part goes through the risk department and gets their approval first. With AlgoSec you get to know the risk profile before implementing the change. That way you get to know the risks that you are taking with that particular change. So it's important.

It has helped to reduce the time that it takes to implement firewall rules. In some places where I work, they fill a form and send it to a particular manager. For example, if an end-user fills it and he sends it to his manager, then it gets his approval and he sends it to the risk department, and gets their approval, and sends it back to the person who implements. There's a chain that takes a longer period of time and even their paper costs. That gets reduced when they use a workflow from AlgoSec. They always get automatic notifications when the change moves on to the next level so they know exactly which stage the change is in.

It is helping to reduce those policy changes by more than 50%.

You can face audits in two ways. You can either do it from AlgoSec. I have used it like that for periodic audits. You can always plan it. Either you can go from one of your rules, clean up your rule base and improve the standards of your risks and all the other areas in the AlgoSec reports. Or else, you can go for a PCR level report and you can prepare it stage-by-stage and commit up to a certain standard. I have used both methods. You can also do reports for the particular changes and check how much your environment is improved after you follow the report and do the particular change that they suggest. For example, reordering or combining your rules or removing some of the unused objects. Then you can run a report and see how much it gets improved. So in terms of auditing, which they can run every six or eight months, or once in a year, you can always turn on your audit before it comes to that level. You can always prepare for your audit by scheduling reports.

It's pretty easy when it comes to integrating with the leading vendors. If you want to integrate, they have proper documentation. Their documentation is very good. I have to give them credit for that. You can always follow it. Integrations are pretty easy and much easier than with some of the similar competitive products that I have used. I don't want to mention names, but AlgoSec is much easier because of their proper documentation. For example, when you are integrating a particular device or application, you know the things that you need to do because they have the proper documentation before doing it. It takes less time to integrate compared to some of the other products in the field.

I have come up with two cases of misconfigurations in some rules. One of them is with change requests when you have a single object and you just have to amend it to the particular rule but not to other specific rules. The other thing is what rule it's covering. It's not a misconfiguration, actually, and you can amend it. I have come up with some situations like that. Before coming back to my stage, it is always clear from the other risks and level of approval. So I did come up with that kind of a scenario but it's not actually a misconfiguration.

AlgoSec has helped to simplify the job of security engineers because you can always monitor your risks and know that your particular configurations are up-to-date, so it reduces the effort of the security engineers. You can always get top to bottom. For example, if you talk about the rule base of a particular firewall and access to some particular things, you can always get a clean one with the required security. So rather than going here and there, they can always use this tool to do the automation and their decision-making.

I haven't yet configured with Cisco ACI, but in the next one and a half months, I'll be integrating it with an ACI structure.

I expect the value of bringing AlgoSec and ACI together will be good. It'll be like an extension. If you integrate AlgoSec, it's not like a single point. If you connect it with the ACI fabric it will be challenging. I haven't really experienced it in full, because I am still in the designing phase and I haven't done the full implementation, but I feel like it'll be interesting and challenging. Since I have not experienced it or yet done the implementation combining these two, I cannot fully say how it will be. It's a question mark. But I'm expecting it to be a little bit challenging because the visibility differs.

AlgoSec needs improvement with its support level.

I know that they have 3D architecture like SMB and enterprise on top of that. Some people consider this as a noncritical device. But because it's not as critical as a firewall, some people think that the support level does not need to be equal to a firewall level of support. But if some people are monitoring and managing firewalls through AlgoSec, the level of support should be equal to a firewall level. It shouldn't be dragging over two or three days. I know that they have three levels of support, but at the very first level, I believe you should be able to directly contact the tech and get a solution as soon as possible.

The only problem I have with AlgoSec is just its level of support, not with the product. Not with the organization or the documentation or anything else, but if I need any additional support, the only problem is the time it takes to get it.

I've been using AlgoSec for two and a half to almost three years now.

I use AlgoSec Firewall Analyzer and FireFlow.

It is generally stable. As I mentioned, the only problem the customers are worried about is the technical response time from AlgoSec. If you have to contact tech support the project will get delayed. The customers are comparing it because, for example, in their environment they have Palo or Check Point, and their support levels are much higher. With them, when you open a ticket, after a few minutes you can check and get the opinion from the tech or check if an engineer is available. If it's a critical issue, you can always talk to him within hours and fix the issue. So they always compare that level to AlgoSec's support level. That's the only issue that we have to explain to them. The customer's opinion is this is a non-critical device because this is not a firewall. But we manage firewalls so that kind of level of support should be given.

In terms of scalability, the maximum that I have tried with AlgoSec is six clusters. Its scalability is good. The way that we can work with it is good because with every device you can see everything on the same dashboard. If you want to check the monitoring, you can always select the device to see. You can check the status by clicking the device. It's the same structure. The scalability is good but I have only worked with a maximum of six clusters so I can't tell you exactly when it comes to a high number of hours, if it is good or bad, but for the six that I have worked with, it's good.

We do have plans to increase usage of AlgoSec. I have explained to some of the customers about the application integrations, the visibilities, and the rule-based optimizations by using this feature. In terms of features, I am expecting that they'll amend that component to their environment. Since we are a system integrating company, when we propose a solution for a particular customer, we always propose to do firewalls. Therefore, we always add AlgoSec. When we are proposing it, we always submit AlgoSec automatically.

I did not find the initial set up very complex. It's advanced, but not complex. Their documentation for implementation is very good.

It really depends on the customer. Some places, when you go for a POC or a deployment, we can always plan and tell them that if they are integrating these kinds of things, these are the levels of provisions that we need. These are the things that they need to do from their end. 

The POC for some customers goes three or four days because of their delays. But with some customers it goes fairly quickly, like a day and a half or two days. For one customer it took five days because they had a procedure where you have to fill a form and send it before creating your user for AlgoSec when it's with the firewall integrations. Because of that, it took a little bit longer. So depending on that I give it three to five maximum days to integrate four or five clusters. It really shouldn't have taken that long to do the work. Then you need to contact different teams to get the support. It all causes delays.

In terms of implementation strategy, I'm always looking at what their components are. I always have to go with the Firewall Analyzer components and to check what type of devices  they are willing to integrate for this particular unit. I check if it is a Check Point cluster, or the Palo cluster, or a Forti cluster, and what the additional features are that they are looking for. Based on that, I complete the Firewall Analyzer unit as soon as I can. Since I have worked with the product, I have similar use cases. What are the things that we can use to demonstrate for firewall change flow? I'm always asking for input from them. What are the things that you need for base level policy changes, etc...?

In terms of actually deploying AlgoSec, most of the time it's me only. But I have to contact the other end. There is always a direct contact person and a support team when it comes for integrating the firewalls. 

When it comes to maintaining AlgoSec, we have another colleague also. They can always give the support.

I have seen improvements of ROI at companies. Although customers might have a department, they recruit new people to use AlgoSec reports to analyze their risk, monitor the alerts, and check their daily tasks. I have seen new implementaton by a banking customer who obviously see the value.

I'm on the technical side so I don't have a clear picture about pricing and licensing. But as far as I know, if a customer asks for a 24/7 support, the pricing level is much higher, relative to normal 8 - 5 support.

Recently, we proposed AlgoSec and there were other companies who proposed other solutions. During the technical discussions, I was the one who did the demonstration, and we were able to say that whatever features they are looking for, we can always provide it with AlgoSec. When they finally released the tenders we were in the top three options and the second place for technical. The only problem was the pricing with AlgoSec.

The other company gave much a lower price. We couldn't match the AlgoSec price level to that particular vendor. I think the company and customer were really impressed with our presentation and demonstration that we gave. They even told us if we can reduce our pricing by a certain level, they can take us because they are impressed with our product, but the pricing won't do. But when we tried to AlgoSec to reduce the cost so we can get this deal they couldn't match it to that level. Unfortunately, we lost the customer.

It was not a one day effort that we put into submitting these documents, to comply to their requirements, and do a demonstration. They were convinced to take this product, but because of the pricing issue we lost it. We all got disappointed about the support level.

I find AlgoSec more organized than some of the other products. With some other products, you have to go here and there to check it, but with AlgoSec it's more organized. But, I find some of the other products more customizable than AlgoSec. It takes a little bit of time to do the customization, for example, if you need to change or add some special level of approval or if you need to add three different levels of approvals for a particular workflow. To do that, sometimes you have to contact AlgoSec's regional support. But with other products that I know, it's just a matter of adding a particular character to the workflow. In some cases I have found other products that are useful, but in terms of organization, I find AlgoSec easier and more manageable than some of the other products.

I have learned so many lessons here. A secure environment is your main asset. When you have a secure environment you can always run your business smoothly, do your changes smoothly, and do your daily tasks smoothly. A secure and safe environment is the key to a successful IT business. That's the main point that I've learned from this.

If you're implementing, I always recommend AlgoSec and to check whether it can cater to their needs. Most of the time, it is capable. It's capable of handling your requirements most of the time.

On a scale of one to ten, I would give AlgoSec a seven.

This is taking into consideration the support and everything else. Any talks about AlgoSec and you need to consider their support level.