We performed a comparison between AlgoSec, FireMon Security Manager, and Tufin Orchestration Suite based on real PeerSpot user reviews.
Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management."We have been able to increase the effectiveness of the team, allowing them to prioritize more complex and business-critical tasks in a faster manner."
"We can easily and quickly identify all of the rules on the firewall and avoid the individual review and analysis of each rule."
"I like that the firewall will analyze the tools within the risk profiles and the policy optimizations within the AFA. This can also be used to create reports for the customer with the risk profiles to optimize the firewall rules."
"Detection of malicious activities and malware is much better than other options."
"Unused rules, hidden rules, and dangerous combinations of rules are easily found and tracked by using AlgoSec."
"Firewall Analyzer is valuable because it makes searching our existing policies so simple."
"We use it for global firewall rules management to ensure global policies are applied to all regional firewalls, provide auditing and compliance."
"It enhanced the complete workflow system within six months of deployment."
"It gives us the ability to go to one place to look for potential firewall rules that are inappropriate, or which don't meet compliance. Instead of manually searching hundreds of firewalls for a policy, we can go to this one location and find the rules which are now out of compliance."
"What I like about FireMon is the ability to track changes made by network engineers on the network."
"I've been using the reports to see what is going on, and that is a helpful feature. We can track down unused rules, which helps with compliance. We can see rules that have not been used or that are duplicates or overly permissive."
"It is a good product. Previously, we were using only spreadsheets to compare the usage, but now with FireMon, we are able to clean up or review the policies to some extent. It is still a work in progress, but we are at a good stage now."
"Policy test, access path analysis, and change reports."
"The ease of use is the most valuable feature. There are a lot of products out there, but the ability to navigate through and use Firemon is very good."
"The automation that the platform provides to create tickets reduces human error and more generally, reduces the operational overhead."
"The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, headcounts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule."
"Being able to customize your own clarity to that aspect of change management."
"I like the policy topology map, which allows us to visualize the picture of the security policy of the whole organization."
"The stability is bulletproof."
"It is a great solution. If you have all the devices and firewalls in place, the amount of details that you get along with the network topology is very good."
"The features I have found most valuable are its capability to check on the firewall and the routers. Afterwards it checks out all the configs, checks the vulnerabilities, checks the risks - it checks everything that may end up causing our router to be compromised. At the end it recommendations what we should do."
"This solution helps us ensure that security policy is followed across our entire hybrid network. You can have a Unified Security Policy which reaches across all networks, so if you are having a change submitted, it doesn't matter if you're enforcing it or not. You can get an alert saying, "This is a violation." That's a value-add."
"This has helped us to better clean up and audit changes to the firewall policy."
"The most valuable feature of Tufin is we have better visibility and management of our file infrastructure."
"Needs integration to cloud ITSM tools, such ServiceNow."
"I would like to see enhanced dashboards or build meaningful reports for executive consumption."
"Cisco Firepower device support is limited in our AlgoSec system and I think AlgoSec can improve in that area."
"I believe Active Change needs to be improved because not all products are supported, and some functions cannot be implemented by Active Change either."
"The pricing for smaller installations should be lowered because sometimes there is just no ROI to add AlgoSec to the small branch offices with only 10 rules."
"We would like to have a kind of "Time Capsule" to be able to restore to a certain state from a backup."
"The process to replace a decommissioned device with a new device is not straightforward."
"I would like to be able to see what objects have the same IP, but different names in different firewalls."
"We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain date. It's just waiting for the storage to get full and then it's cleaned up. It isn't something that creates serious issues for us."
"A phone app would be nice. This is the reason why it is not perfect yet."
"Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that."
"The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly."
"The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing."
"The advanced features are complex in setting up the rules."
"To my knowledge, there's no cloud component to FireMon whatsoever. We're on the hook for any updates to versioning of the operating system or the application that runs on the operating system. It would be nice if it was a little bit more automated."
"FireMon could improve its end-user practices. As an end user, I am just trying to catch up on all the alerts. There are so many, and you still have to go through them and document what was found."
"At least in our environment, the dynamic learning of the topology needs improvement."
"The interface is like a 1990s kind of thing. It's a little ugly. There are many things that you cannot tweak, little things like the column width and how you display the information. You end up exporting everything to an Excel file and doing your work there."
"It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old."
"The documentation site is horrible as well. It has a tree structure, and you really get lost quite easily."
"I wish there was a read-only admin option. I don't like that you have to be a full admin just to see the Network Topology Map. That option is great out there if you are a user, multi-domain user, etc. However, that piece is very helpful for us, but I also don't want to be handing out admin access to every single person so they can see that network tab."
"I needed more help getting the product to work in the lab."
"One of the areas that I've had challenges with is making complicated reports."
"A limitation right now for compressed firewalls is the limited ability to see above a site level in terms of the Topology Mapping in the policy display. While Tufin's actively working on a solution, or at least they have this in the queue, from being able to view this on a higher level and how all of our site networks are connected, this ability would be useful, as we expect to have these compressed firewalls in place for quite some time."