One of the most popular comparisons on IT Central Station is AlgoSec vs Tufin
Which of these two solutions would you recommend for Firewall Security Management? Why?
It very depends what you expect from such system. Tufin and AlgoSec have another approach to same things. The better way to take decision is to make an PoC with both systems. You can than discover if both of them covers all configuration features of Firewall, L3 devices, Load Balancers, Cloud Services, Proxy etc, which you are using in your Network Infrastructure. There is no simple answer for such question.
Neither, I would go with FireMon. They are the market leader. when it comes to Traffic Flow Analysis, Scalability, architecture and vision, they are the clear leader.
I agree with the other members: It depends on ... In my PoCs the differences between Algosec and Tufin have been very small. If flexibilty of the workflow module is very important to you than you should prefer Algosec. I found the service of Tufin better and more flexible than that of Algosec. The evaluation should be determined by your requirements. Based on the results and its weight you should choose your favorite.
It depends largely on your environment. If you are in a service provider environment I would go with Algosec as the mapping seems to be more flexible supports vrf's and mpls, however if you are in a corporate environment tufin is probably more suitable especially if your environment isn't especially big.
From a Service Provider's point of view, there are some additional points to proof:
4. Accuracy of topology path analysis - Can they cover IPv6 in the same way as IPv4? And can they support you for aligning IPv6 transport with IPv4 transport in a Dual-Stack environment (customer typically doesn't mind about IP version, the communication has to work - see POTS vs. IP-telephony)?
10. Licensing model - Could the licensing model support "Pay per use" or similar approaches, because Customers are coming and going?
11. Self-Service and Multi-tenancy: How could customers be allowed to do changes, analysis and reports by them self? How could we ensure, that no customer impacts other customers?
Unfortunately, I am not able to finally answer the question: Evaluation should include a Proof-of-Concept - I suggest to have a look at Tufin, Algosec and Firemon.
Important points for Evaluating Security Policy Management solution
1. Accountability monitoring –
Can you monitor change accountability for compliance with internal policies and regulatory
requirements with the Security Policy Management solution?
2. Impact of scale on accurate change monitoring –
For 10 FW policies (or more) configure reports to run once a day (common configuration for the Security
Policy Management solution reporting).
Can the Security Policy Management solution:
(a) Provide accurate monitoring for each change that occurred between the reports?
(b) Provide up‐to‐date risk and compliance analysis for decision making and remediation in between
(c) Provide trusted change design and implementation in between reports (avoid recommending a
change to a rule that was removed or modified)
3. Maturity of workflow offering –
How easy is it to build a multi‐step workflow?
How easy is it to configure several levels of conditional assignments?
4. Accuracy of topology path analysis –
Can the Security Policy Management solution provide an accurate analysis of your network?
Can they cover NAT, MPLS, HSRP, or IPsec tunnels for all your devices? How does it impact topology
5. Accuracy of change design and implementation –
Submit a ticket with multiple access requests that are correlated either in source or destination IP
address and validate the change design recommendation is accurate and aligned with the original
6. Definition and enforcement of network segmentation security policy –
How easy is it to define and manage zones?
Can you view and understand the enterprise security policy?
Can you centrally manage violations and exceptions?
7. Fortinet FortiManager support –
Does the Security Policy Management solution monitor and manage administrative domain (ADOM)
policies, saved or installed, or FortiGate device policies?
8. Visibility across various private and public cloud platforms –
Does the Security Policy Management solution provide automated discovery for Amazon AWS
resources and applications?
Does the Security Policy Management solution support integration with OpenStack?
9. Overlapping IPs –
If you have overlapping IPs in your network, can the Security Policy Management solution support you?
10. Licensing model –
How easy is it to switch a license between an old firewall and its replacement in case of migration?
Hope these above Important points will help you for Evaluating Security Policy Management solution.
BTW...Tufin Does this,,!!
How important is it to have a firewall security management solution in place? How does it contribute to one's firewall security? What are the potential issues that could arise without a firewall security management solution?
Let the community know what you think. Share your opinions now!