Prevasio Reviews

We use AFA (AlgoSec Firewall Analyzer), FireFlow, AppViz, and CloudFlow. Our use cases depend on the customer. In general, we use it for rule optimizations, security risks, to manage rules with FireFlow, and for application visibility, as well as for optimization and automation.

AlgoSec has reduced the time it takes to implement firewall rules in our clients' organizations by 60 percent.

And the automation the tool provides has helped to reduce human error, absolutely. The flow can create some security risk controls. It makes suggestions about what is the best configuration to apply. It passes through five steps where the network administration sees which kinds of firewalls must be modified. And the security team can see the risks and which risks are mitigated by new rules. The information is helpful for different teams.

It simplifies the job of security engineers a lot. The troubleshooting and network simulation are very useful for the network team. The team that is responsible for risk has a lot of precise information about what the risks are if they apply certain rules, how to mitigate some of those risks, and which are the riskiest rules. That is all very helpful for them.

The optimizations are the most useful aspect because most customers have a very unmanaged network with a lot of rules. We use a lot of the optimizations in our reports for improving firewall rules.

It also provides our clients with full visibility into the risks involved in firewall change requests and that is very important because our clients are often banks that must be in compliance with PCI.

And when it comes to preparing for audits and ensuring that firewalls are in compliance, the solution is very useful. We are able to do it very fast. We can do a lot of iterations and get better policy rules all the time.

Although not many of our clients are migrating to the cloud, for those that are, AlgoSec is useful. The part of the process that takes a long time is the human part. We must have gap committees and approvals that take a long time. But the integration itself is very easy with AlgoSec. We have all the information in our hands about the traffic we must enable on the cloud and for making new rules. All that is automated.

Integration with Oracle on the cloud is not supported.

I would also like to see integrations with network devices in Layer 2. While it's very focused on some goals that we must apply for security, everything related to network devices, it would help if we could double-click on the network devices of Layer 2 for WiFi and other types of networks.

We have been an AlgoSec partner for five years.

It is definitely a stable solution.

It's absolutely scalable. 

Technical support is good. We can escalate when we need to.

Positive

The initial setup is easy. On average, it takes about two weeks.

Our clients have seen ROI with AlgoSec, but I don't have any numbers on that.

For the South American market, the prices are very high. We work with discounts, but it depends a lot on our commercial agent, and there is a lot of variance in pricing between different customers.

First, review all the compatibilities within different brands. You must be very clear what the different security zones are because a lot of the reports that come with AlgoSec will have a lot of false positives. You need to know what the network is like and what are the inside and outside zones, along with what the DMZ is. The security reports point out a lot of risks, but some are false. You must know why they're not true and do all the customizations for a better security rating.

We use AlgoSec to monitor multiple firewalls. AlgoSec makes it very easy to maintain and manage our policies, the configuration, and various other maintenance of a particular firewall. It fulfills our requirement and monitors the configuration as well as the policies which have been made by the network team or the administrator of the existing environment.

AlgoSec provides visibility into our network security policies. With the help of a single management control and the help of the Analyzer, we can monitor and check the gaps and the configuration of the features and functionality of the firewalls. We onboard all of our firewall devices using the single management control. We activated the analysis feature of the solution, which automatically analyzes all the firewalls. We receive notifications whenever there is a gap in any of the firewalls within our environment, giving us visibility into the configuration changes, including whether the policies are in place or not, as well as which ports are open.

AlgoSec provides full visibility into the risk involved in firewall change requests helping us prevent any misconfiguration within the firewalls in order to restrict unwanted entry into our environment.

With AlgoSec's change management and Fireflow module, the solution reduces the time it takes to implement firewall rules by pushing the rules to all the firewalls automatically from a centralized management console, which also improves productivity.

Before implementing AlgoSec, I required two to three hours to configure and set up the policies for a firewall, but with AlgoSec, the time is cut down to half an hour.

It helps reduce human error and misconfiguration by checking the built-in templates in the firewalls. If there are any gaps in the templates, the software fixes them and pushes the policy to the firewalls. 

AlgoSec has helped the organization a lot because it is an automated tool. There is no human interference required. Automation significantly reduces the chance of error when configuring the firewalls, which helps improve our security operations.

AlgoSec has eased the workload of our security operations by monitoring the log files. Previously, the security operations team received many incidents that were not valid or required monitoring, taking up a lot of their time.

The most unique feature is the ability to help fix any gaps or mismatches in the configuration of the firewall. The feature helps fill any configuration gaps that are present.

There are various compliance regulations, such as GP or GDPR, HIPAA, PCI, and PCI DSS, that need to be followed. AlgoSec has pre-built templates for each of these regulations, which helps with reporting and compliance requirements specific to each industry. AlgoSec's built-in compliance feature is unique in that it provides company details related to compliance, which is needed for our industry.

The integration of AlgoSec with various other security solutions is a plus. For example, we have integrated AlgoSec with Check Point, Fortinet, and Palo Alto. This seamless integration allows for a more secure environment.

The solution helps simplify the job of our security engineers. Managing a network with 50-100 firewalls typically requires 10 people. However, with the help of AlgoSec, two to three people can manage the same number of firewalls.

We can manage our hybrid network infrastructure whether it is in the cloud or on-premises from a single pane of glass. This allows us to provide a cohesive and consistent experience across both environments. 

When we are integrating AlgoSec with a SAML or 2FA authentication tool, there is a small drawback to the solution. When we enter our user ID and password to log in, we get redirected to the console. However, there is no option to log out from the console. We have to close the entire web page in order to log off. The logout page is a mandatory feature that is missing from AlgoSec.

AlgoSec cannot be integrated with solutions that require two-step or multi-factor authentication. Embedding multi-factor authentication capability into the solution would be a valuable feature.

I have been using AlgoSec for two years.

The solution is scalable. AlgoSec can be adapted to meet the needs of customers with more or fewer firewalls. For example, if a customer needs to analyze 50 firewalls or 100, the solution can be scaled to meet that need.

It is very stable. In the near future, we may get updates or new releases, but if they have the same bug, it won't be a problem.

We currently have 20-plus firewalls and over 1,000 end users from our various teams such as HR and Finance.

We had a great experience working with AlgoSec's professional technical team whose expertise is top-notch.

Positive

The initial setup process was a bit complex, but after having hands-on experience with AlgoSec, it became a straightforward and easy solution to use. An expert can configure the solution, or integrate it with our existing environment within seven to eight hours. We required a team of eight to ten people for the deployment consisting of network and security administrators.

The steps for our deployment were to first set up the AlgoSec server and enter the license we received from the AlgoSec team, followed by onboarding any devices needed, such as switches and firewalls, and lastly, start analyzing them. 

The implementation was completed in-house.

I would rate AlgoSec a ten out of ten.

A small part of our infrastructure is in the cloud, with the majority being on-prem.

This solution is not an SMB-level solution. It's an enterprise-class solution. AlgoSec is the perfect solution for an organization that has multiple firewalls that can't be managed by a human or small team.

We are a retail company with about 2,500 stores, and we have at least 5,000 devices just on the retail side of it. We mostly use Cisco products in our organization. From the firewall perspective, we have a multi-vendor architecture. We have Check Point, Palo Alto, and FortiGate.

We are using AlgoSec Firewall Analyzer to identify the risks, do some quality assessment of the firewall, and then do our troubleshooting. We are working towards automating our firewall process that is currently manual. We are also enabling AppViz with different application teams. So far, we have onboarded a couple of them from the SAP team. The whole idea is to keep the firewall rules transparent and relevant to the application that an application team supports.

AlgoSec FireFlow is going to be adopted soon. I'm working on the project right now, and it is almost at the end stage where we're going to deploy it to the business.

We are in a hybrid environment, and we have our presence in multiple cloud vendors such as Azure, Google, and Oracle. We have our on-prem computing systems, and we are working towards migrating most of our on-prem computing systems to the cloud.

AlgoSec's deployment in our environment is a high-availability deployment. We have active and standby nodes. We also have a load distribution node, which is a virtual system. The active and standby systems are AlgoSec appliances.

It provides overall visibility into our environment's security posture from the network access perspective. It is also helpful in eliminating human errors and keeping the standard posture for the firewall staging process.

We have onboarded all of our firewalls, and we see that AlgoSec is running its regular monitoring and analysis process to provide a hundred percent visibility into our policies.  

Based on our testing, we have seen a reduction in human error and misconfiguration. When engineers are staging the firewall policies, human errors are being eliminated in terms of them forgetting to stage a rule in one of the firewall policies. Previously, if they had to stage three or four firewalls and they didn't know the environment properly, they would easily miss one of the policies. Such things have definitely been eliminated.

FireFlow will reduce the time taken to implement firewall rules in our organization. The firewall approvals and staging process currently take about seven days. Based on what we've seen from the tests that we have run, it has reduced the duration to about one and a half days.

It also brings standardization. It recommends the way in which the objects should be named. It brings a certain amount of standardization for objects and rules creation, which has helped as well. We are also targeting to reduce the number of people managing the firewalls after the FireFlow module is in full swing.

It simplifies the job of our security engineers. There is an expectation from the engineers to have a common understanding of our architecture and design, but there is always going to be some amount of difference in the way they understand our design and architecture. AlgoSec has eliminated such differences within the team. So, it doesn't matter if I have an L1, L2, or L3 engineer to stage the rules and how complex these rules are. It eliminates the difference in skill competency between individuals within a team.

We've been using Firewall Analyzer a lot. Cybersecurity teams have been using it for identifying vulnerable rules and loosely installed services. AlgoSec Firewall Analyzer is a widely adopted module at present.

When it comes to AppViz, I like the project option using which a lot of migrations can potentially be simplified. We are planning to use it for our future migrations. When we are migrating from on-prem to cloud and have a lot of firewall rules for the applications, AppViz's project feature, especially the server migration feature within the project, would really be helpful.

We have Check Point, Palo Alto, and FortiGate firewalls, and it integrates pretty seamlessly with these firewalls. We have had no issues so far.

There is a little bit of scope for improvement in the risk profiles that come with the AlgoSec Firewall Analyzer module. Currently, AlgoSec provides only three standard zones within a risk profile. These standard zones are external, internal, and DMZ. Everybody's network is divided into different zones within a data center, but AlgoSec only provides three zones. This is a limitation that I see for the risk profile analysis. If there was an option to customize these zones, it would be great.

Risk profiles currently require a lot of understanding. The UI needs a little bit of flexibility in terms of rearranging risk rules within a profile. For example, when I create rules in a risk profile, it numbers them as Rule 1, Rule 2, Rule 3, and so on. If I delete Rule 2, it doesn't reorder them on its own. Rule 2 is deleted, but I just cannot place any other rule as Rule 2. There needs to be more flexibility in building risk profiles.

We would like to have AlgoSec integrate with Cisco SD-WAN. We are a retail company, and we have about 2,500 stores. We have the SD-WAN solution across all stores. So, we need to manage a high number of zone-based firewalls. If AlgoSec can add integration with Cisco SD-WAN in the roadmap, it would be awesome.

After you add a load distribution node, there is no dashboard to tell us how the performance has improved. I can raise a couple of tickets, or I have to do a lot of permutation and combination in terms of testing to figure out whether it has really optimized the process and latency. If we can have a performance dashboard to give us information about the performance change with the AlgoSec tool, it would be great.

We have been using the AlgoSec Firewall Analyzer module for four to five years, and we started to implement FireFlow and AppViz a year ago.

We have only one load distribution node, and we have about 140 firewalls from all the cloud and on-prem environments. So far, we were only using the Firewall Analyzer module, and we are introducing FireFlow only this year.

When I tested it, it was a little slow during the initial planning stage of the AFF module. The analysis during the AlgoSec's FireFlow requests took a lot of time, but it is something that we need to check. We might have to increase our capacity because we only have one load distribution server at present. If it could improvise in terms of the optimized or initial analysis, it would be great. That would be the expectation from a lot of firewall management engineers who would start using FireFlow. Currently, it takes more than five minutes after somebody has submitted a request. We want to reduce that, and we are looking into it.

Adding a load distribution node is a pretty easy task. It can be a physical appliance or virtual. It is straightforward.

We have about 14 to 15 people who use AlgoSec on a day-to-day basis.

I have no complaints. I would rate them an eight out of 10.

This was a new implementation for us. The primary reason for going for AlgoSec was the FireFlow module. We haven't been able to use it for the last four years because other projects had priority, but we are implementing it this year.

We are in the traditional project management model, and we already have a DevOps process, but staging the firewall policies is a current challenge when it comes to Request to Delivery, and that is one of the reasons for working towards enabling the AlgoSec FireFlow module. Once it gets stabilized, we will integrate it into the CI/CD Pipeline where our Request to Delivery is definitely going to get better.

It was pretty good. I didn't find it too complex. It was straightforward with the administration guide that we had.

When we got it deployed, a different design engineer was there. It took them a couple of weeks to build it after the design and finalize everything.

The cybersecurity team has definitely got an ROI from the Firewall Analyzer module that we have been using so far. We are currently implementing the FireFlow module, and we are expecting an ROI from next year.

AlgoSec FireFlow is an amazing tool that automates the firewall staging process for the support teams, but I don't know if it is a patented one from AlgoSec. We are currently in the process of adopting FireFlow.

After FireFlow is installed and Firewall Analyzer gets the new policy onboarded or downloads a new policy from the Firewall Management servers, by using our risk profile, it will be able to identify the risky rules being implemented. It will give an overview to the cybersecurity team. So, the cybersecurity team will use it to define the posture of our perimeter firewalls and our internal firewalls. It is helpful, but it also depends on how good are your risk profiles. 

It is a great tool. There isn't any other tool that works in the same way. I would rate AlgoSec a nine out of 10. 

We needed something to tell us the quality of our firewall rules in terms of their implementation.

We use the following components of AlgoSec: AlgoSec Firewall Analyzer (AFA), FireFlow, AppChange, and CloudFlow.

I get reports that address the different types of things that we look for in security which it protects for, mainly things in the firewall with monitoring or compliance. With this, I felt like it is a great product.

Because of how sophisticated the product is, it allowed us to get very useful, actionable information, reducing the time it takes to implement firewall rules in our organization by 40 percent. However, we are still trying to figure out if we are going to switch to it permanently.

I felt like the compliance blueprints were more sophisticated, which is kind of what we need. The type of environment we need in order to reduce risk is to have a number of different compliance blueprints that will give us the flexibility of being able to handle multiple different kinds of audits.

We use it to assess some of the readiness of some of our projects. We use it to model what we potentially would do if we keep it on, which it looks like we probably might. So, we did use it to help with some modeling.

AlgoSec's automation helped to reduce human error and misconfigurations. They have built-in ISO and other types of compliance fabrics. That reduces errors because it does a lot of policy thinking for you. This has improved our security operations.

It empowered our security engineers because you need to have the best, top-end tool if you are looking at modern high-end threats. 

We have used the solution to implement and manage microsegmentation initiatives. That is the whole point of modeling towards, "Hey, how will this work for a specific situation in the end?" I think it's a great solution because a lot of companies are not just going to the cloud, but microsegmentation and service-delivered products. So, I feel like it is very capable and comparatively better than its peers, if not equal.

AlgoSec is very complimentary to Cisco ACI because a lot of people are doing SDN. Having that integration is critical because a lot of the applications are more geared toward ACI. So, having something that compliments but doesn't break or get in the way of what the client finds important is ideal. Because, in some cases, we are not just representing ourselves, we have to extend what the client wants.

The Analyzer was the thing that had the most value because I am all about the quality of the rules and number of the rules. I thought it was really a great product, especially because we have more than one type of firewall.

I liked the level of detail. I thought it was a good measure of what people needed to understand. It had really useful information about controlling the environment. It looked like AlgoSec has done a really good job with developing what customers might find useful.

AlgoSec provides us with full visibility into the risk involved in firewall change requests. There is a lot of competition out there. This provides a comprehensive environment where risk is properly captured, which is very valuable.

The list of tools in the AlgoSec suite all seem to complement each other, which is what we needed towards making sure that we weren't leaving anything out. So, it seemed to be comprehensive enough between all the different products.

AlgoSec helped us to gain visibility into our application connectivity flows, which was important. We have Splunk, so we need a firewall/security expert view on top of Splunk. I felt like AlgoSec gave us that information. This allowed us to show that AlgoSec could be a valuable contributor to our security environment.

It enables us to manage multiple or dispersed environments in a single pane of glass. This is good because we have a complex support model that we are trying to simplify. There are as few panes of glass as necessary. Even with a separate security pane, it is worth it. 

The API integration could potentially improve. I didn't get a chance to look and see how well this solution can integrate with ServiceNow or our GRC environment.

We demoed it for about three months.

It is a very stable product. It is definitely more stable than FireMon. I felt pretty good about it. I didn't have to worry about apologizing for the product because of integrity issues, which is usually a thing. I felt like I did not have to worry about it.

It was very scalable, which is important. One of the reasons that I was able to champion it (in terms of the demo) is because we were starting small. However, if everybody likes it, we will ramp up pretty big.

The SOC has about 10 admins. There are a lot of IP addresses. These 10 guys administer about 3,000 devices.

We haven't really had to call much. That was one thing we were trying to figure out: If we are going to get a consultant or get some a la carte stuff during the demo. We will probably look up a support agreement from the corporate side, if this goes into production. There are some people with whom we are talking about the contract on the backside.

The initial setup was pretty straightforward. We had some help, but it just seemed pretty straightforward.

Deployment took about a month because of some internal stuff. This was fine because I couldn't get a lot of buy-in time on how much time we have for development.

We run a full SDLC where we use a project management organization who uses kind of an agile/waterfall hybrid. We have multiple departments that all have a stake in terms of how we deploy the demo to make sure that everything models exactly when we turned it on.

The migration process was easy because it was a complete product. We need something ready out-of-the-box to help where we don't have to figure out the product or use cases as much because it fits the use cases with its features. AlgoSec felt like a great fit to us.

We had some in-house talent who had some experience with AlgoSec. We also contracted an integrator.

It helps to have somebody who really knows the product well enough in order to get it modeled quickly. That way, the executives who are looking at it see success quickly. 

It is worth the cost. 

I heard that the licensing was around $100,000 a year, and I don't know how accurate that is. That seemed a little high, but compared to everybody else, it seemed about the same.

I have been at other companies in the past who did bake-offs.

It is not up to me. I just give them the information, putting the information into their hands and having them make the decision. However, I feel pretty strongly that AlgoSec could be it. Once we got rid of our third place (FireMon), I said, "Oh good. That gives AlgoSec a fighting chance." 

I have always thought it should be between Tufin and AlgoSec. That has always been the most realistic comparison to me. I didn't like FireMon's level of support. We thought AlgoSec was more scalable and efficient with better visibility. 

AlgoSec vs Tufin: I would have thought that Tufin would have won. AlgoSec kind of surprised me because: 

• We had better performance with AlgoSec.
• We were able to set it up easier. 
• The regulatory compliance matrices were better. 
• The ranking of risk in the firewall rules was better.
• The role-based access was really good at the time.

I probably wouldn't look at anything else if you're not going to integrate the API. Although a head-to-head trial is a good idea, a lot of people don't really have the time for all of that. Just start with AlgoSec. It is number one in a lot of markets for a reason.

We work with multiple security vendors for different tools and functionality. AlgoSec is an absolute leader when it comes to integrating with the leading vendors. I need to have things that are leading their sectors because that is the only way of answering security controls for risk.

We haven't had a breach as far as I know. However, I feel like if we were breached, this would be a critical tool because people would want to know what the firewalls saw. This is the best of the very best firewall tools. When you need something that tells you what is happening with top security devices and tools, this would be the first place where we would get intelligence about the breach. 

If we use AlgoSec, then we will use it 90 to 100 percent. If this solution gets the go ahead, then we may get the rest of the suite. Though, we are pretty much using the entire suite.

I would rate this solid nine (out of 10).

It helps us load the bulk of organizations. We can maintain policies using AlgoSec's fine-tuning, which is why we use its automation. Once a request has been approved and it is in our queue, we check the parts of the firewalls between source and destinations. It also helps us push policy and remove unnecessary rules.

I have used Algosec Firewall Analyzer (AFA) and FireFlow. We also use AppChange for its automation, where we can integrate our MDT tools with our AlgoSec project.

Our customers have on-premises data centers as well as infrastructure in the cloud: hybrid. We are the service provider for the cloud and our data centers are also on the cloud.

Because every organization goes with a CIS audit, it is helpful for auditing purposes. Before an audit, we clean up all the unnecessary rules, ports, etc. 

Because we get about 60 to 70 rules to deploy a week during the firewall maintenance window, we might create some duplicate rules or open duplicate ports. AlgoSec has become very helpful whenever we need to find out the nodes or subnets that have already been created, then we don't need to create the duplicate subnet of that particular IP address. We then pass this information onto our firewall and deploy it.

AlgoSec helps by doing the job of our security engineers. For example, we need four security engineers to push policies. However, if we go with Algosec and its automation tools, two engineers are sufficient to do this, but are needed from a troubleshooting perspective. Therefore, the workload should be low while using the Algosec, making the work easier for our engineers.

AFA is helpful when finding duplicate rules, subnets, and policies for your ports that have not been used in the last six months. It also helps to find out which ports have been opened for all firewalls. After that, we run the reports and share them with the customer. After getting approval from the customer, if there is a block on a particular port or ports not used in a current environment, Analyzer is helpful when placing the change request of the users. In this case, AlgoSec provides the link to the user who raises the request though the automation, which is the change request. From that change request, it comes through our ticketing tools, e.g., BMC Remedy. Then, we have to check and approve it. Once it gets approved, we deploy the particular policies, as per the user's request.

It provides visibility for the risk. Whenever unnecessary ports have been opened in our environment, whether by mistake or human error, a support ticket gets opened so we can find out about it in an easy way. After that, we can implement or block the particular ports if they are not necessary for the organization's production. The solution has become more helpful during the cleanup rules for the firewall, when we do those activities twice a month. For example, if a user raises a request two to three months ago, then we forget to block the particular port by human error. During the client's cleanup workshop, we can make things clearer, which is more useful for us when cleaning up unnecessary rules and ports from the firewall.

AlgoSec enables us to manage these hybrid environments in a single pane of glass.

It is an excellent, intelligent tool. The console is user-friendly for understanding and implementing things on firewalls. It is helpful for finding duplicate rules. 

We would like the full features of automation. That would definitely be helpful. Then, we would be capable of pushing policies to the Algosec as well as finding the path. 

We would like to get the network nodes from all the different firewall analyzers. For example, in Tufin, we can find other network tools, like router switches, which show the path between source and destination.

I have deployed AlgoSec for two customers as well as implementing their Check Point Firewalls.

It is a stable tool.

When we are not using Algosec, we have nearly 1,000 drones. Whenever we deploy or integrate Algosec with our firewall, then we see less rules, about 650 to 750. 

The technical support response time is low. This might be due to the coronavirus pandemic situation, but I am not getting full support when working with them.

The initial setup is easy, not complex. I use Google Survey data, which is very user-friendly. 

I deploy and integrate two to three firewalls in a day.

I am not managing AlgoSec because I am not part of operations. I am part of the deployment team. So, I have deployed it to a particular account, and once it's working, then the support person from my team who works on that account takes care of all the AlgoSec tools.

Two to three people manage AlgoSec across 24/5 shifts. 

It has reduced the time it takes to implement firewall rules. For example, in our environment, we have a number of unnecessary rules (about 350 rules) which are unnecessarily open on firewalls, including blocked ports, something between source and destination, duplicate nodes, and duplicate users. We can find all these things. After that, we can clean them up. From my point of view, it is more helpful for the cleanup and all of those activities as well as more helpful for the automation part, which is the change requests. If you do this activity manually, then it takes more than a month to find out the duplicates rules from firewalls by checking a PDF or exporting the rules into an Excel file. From there, we need the filter to find out the duplicate nodes. So, it definitely takes more time manually. However, if we are using AlgoSec, then we can do it in a day.

I find that Tufin and AlgoSec both have good solutions, but I would rate Tufin as 10 out of 10 where I would put AlgoSec as a nine out of 10.

We deploy microsegmentation with Guardicore.

I would rate AlgoSec as a nine out of 10. Overall, my experience with this tool and its technologies have been very good.

I am aware that AlgoSec works with multiple vendors. We use it with FTD firewalls and SonicWall firewalls. We also have to integrate it with Check Point, Cisco, and Palo Alto. So, the solution is helpful when working with different vendors. For the integration part, it is very easy and user-friendly. We need to know about their rules, admin password, and the virtual IP address of the firewalls that we have to enter. After that, it provides the information and gets the topology.

We use several of the AlgoSec components including the firewall analyzer (AFA) and FireFlow. We may also use CloudFlow. 

We use AlgoSec primarily for Check Point. We run a script that works with Check Point and spits out rules. We also use it to create changes. Specifically, it will create new roles and we can use it to check if there are blocks on Check Point, as well.

In the future, we may use it with Palo Alto.

AlgoSec gives us good visibility into our network security policies. Overall, I would rate it a ten out of ten in this regard.

Before firewall change requests are made, it provides us with full visibility into the risks that are involved. This really helps because it lets people know that they should question the traffic. It gives them alerts and those red flags really help because it doesn't require having to do a deep dive into each change request.

I have used it for replicating rules in the process of migrating to the cloud. It makes replicating rules faster and I would rate it a ten out of ten in terms of being able to help with migration such that there are no security gaps. The process is not hard at all. It will show every rule to replicate, right there on multiple firewalls at once. Overall, it's very easy.

As we have migrated rules to the cloud, AlgoSec has given us better visibility into our application connectivity flows. This has made my life a lot easier because I can quickly tell, even before putting the request in, if the rule is needed or not needed.

AlgoSec has helped to simplify the job of our security engineers because the guys that question the traffic can see it in FireFlow. When I put a request in, the information protection people can see that request and they can use FireFlow to send a response back saying they need to explain why this is needed or provide something else in order to get the request through. Essentially, they can utilize it to question traffic, which is awesome.

The integration with Cisco works well. It's able to spot the Cisco devices perfectly and I'm sure that when we start using Palo Alto, it's going to handle them just as easily.

We can use it to create new rules. It will consider huge lists of lines of traffic in one rule at once, and multiple requests, which is amazing.

The most valuable feature is the automation that can be accomplished by using scripts. If we didn't have AlgoSec, I would have to do everything manually. It can create multiple rules for multiple requests at once. It can handle hundreds of them and in fact, it's ridiculous how much it can handle. The fact that it can also check for blocks while you're creating new requests is awesome.

Automation has helped to reduce human error and misconfigurations. It is now a lot better than it was before.

This solution has absolutely reduced the time that it takes to implement firewall rules. If we didn't have FireFlow, we would have to do a lot of things manually. With as many firewall requests as we have daily, we would lose a lot of time. For example, sometimes we get between 20 and 40 firewall requests a week and I can do all 20 of those in one day if they are okay in terms of the traffic. Trying to do 20 requests manually would take a lot more time. As it is now, I just have to put them in through an Excel sheet and it not only saves me time and stress, it saves the company money. Also, the requester is happy because it is done fast and we can do multiple requests at once. Not only does it make me happy, partly because it frees up my time to do other things, but it makes the requester happy too.

When we send multiple requests across at once, sometimes it causes errors and FireFlow gets stuck. In cases like this, we have to go back in and fix it.

I have been using AlgoSec for two years.

This is a very stable product. During the night, it runs a little bit slow because we have a lot of things running during that time.

AlgoSec is definitely scalable. Being able to check blocks and traffic, and create scripts to handle multiple requests at once, and then check blocks to see if each request is needed or not, contributes to how well it scales. I would rate scalability a ten out of ten.

My entire team, as well as people who are not from my team use it to check blocks and for other tasks. The network operations team uses it a lot to check blocks and traffic.

In the future, we will be using it for Palo Alto and in addition, I expect that our usage will increase for other use cases.

I have not personally been in contact with technical support, although I know some people here have. They say good things about support.

The initial setup is pretty straightforward. It's very simple.

It only took me about a week to learn, so the deployment didn't take very long.

We had one person in-house that was responsible for the implementation. He was the product owner and was very familiar with the product. He is the one that wrote the scripts for FireFlow.

This is definitely a product that I recommend because of its ability to handle multiple requests at once, and check blocks. Having the Firewall Analyzer and the FireFlow utilization help to make your life much easier for firewall requests.

I would rate this solution a ten out of ten.

We are using the FireFlow and Firewall Analyzer components. I'm not the manager of the project, so I don't know if we are using any other module. We use FireFlow to make our firewall change requests.

As an architect, if I'm deploying something and a flow needs to be put in place, I need to go into the tool and specify the details about the flow that needs to be set in place. I also need to provide some contextual information, and then there is a whole workflow that gets started. It will first analyze the flow to determine which firewalls and modifications are required, and then there is an approval step for which someone responsible for security needs to give approval. After that, it goes to the implementation team that does the actual implementation. In the end, there is a validation step where when they say it has been implemented, you can check that the flow is open, and it works fine. You can then either close the ticket or say that it's not working and please check again or perform additional tests.

We have a mixed proprietary network. We have stuff in private clouds, and we have stuff in public clouds with major cloud providers. We have a very global and complicated network in more than 60 countries.

It has certainly improved the way our organization functions. It has simplified my job in terms of creating a request. I know at which stage of the implementation we currently are. It has provided visibility into my firewall requests. Previously, the process and the tools that we had were like a black box. You send it to somebody, and then you didn't know what was happening for two or fours weeks. Now, at least you get your tech ticket number, and you can go in, follow up, and hunt people down. 

When it comes to integrating with the leading vendors, it is okay, and it is able to give us visibility. It tells us about the Palo Altos, Checkpoints, and Fortinets that we have.

The workflow and the fact that I can follow up on a request that I've created and clearly see the status it is in are the most valuable features of this solution. When I need things to move on, for example, if the security guys didn't look at the request or the implementation is not going as it should, then I can contact people. There is a mechanism in there that clearly indicates the service level agreement we have for implementation. We can see if it is being attained.

The analysis part can be improved when I make a flow request. There should be a clear analysis of which metric part needs to be opened and which firewalls will be opened. It should give you a bit more graphical visibility about these. 

I don't know if it's possible, but there could also be policy enforcement. The reason why firewalls have problems is that standards are not being followed. If the tool that allows you to enter a request doesn't enforce standards, there's too much room for error. Automation does not solve this unless automation follows defined policies and standards. I don't know to what extent those tools can indicate the predefined policy and standards that you put in place. For instance, if you define your level of zero trust, the tool should be able to advise you on what you should do.

We have AlgoSec in our company for at least six years.

Its stability is good. I have never experienced an outage or bad performance when I needed to use the tool.

I cannot say about scalability. Our environment is big. We are a multi-national company that is active in more than 60 countries. In terms of servers and all other network equipment, the number would be towards 10,000.

In terms of users, there are a few hundred users. They are people who make all those requests. They are mostly architects because the company says that an architect needs to enter the flows for projects in most cases. There is already a group of 50 architects, and then there are people who need to do the approvals. They are the community of security or seniors, as we call them in our company. They are probably about 50 when you start counting the deputies with it. There is also a network team behind it, and that easily has a hundred people who do certain operations on AlgoSec. I would estimate that at least 200 people actually use the tool.

I have not used their support myself.

We used our standard ETSM solution for making requests. That was nothing basically. The decision of switching didn't come from me, but one of the motivating factors was to have one tool in which all firewalls could be managed. We wanted to have visibility on all the firewalls and put a process in place to request flows that can be traced to improve the service.

I have been involved in its setup from a distance. There was an architect in my team who was responsible for it. I didn't involve myself in it.

I would advise knowing what you want to get out of the tool. Why do you want to use the tool? Is it just for a workflow as we use it, or is it the analysis? It seems there are other tools that equally do workflows as well. Then it comes down to your analysis in terms of what answers are you looking for, and then you evaluate if the tool can handle the questions to get the answers.

In terms of AlgoSec providing full visibility into the risk involved in firewall change requests, what I've seen recently, which wasn't there a few years ago, is that it does risk analysis, and then it says something like no risks. The strange thing is even when it says no risks, the security people do not automatically approve the change. They still need to go over the nitty-gritty of the flow, which makes me ask the question about its value and how valuable is this. It can be two things. We either do not trust the tool, or the tool just doesn't give a correct assessment of the risks. That could be for multiple reasons. I don't know if this is something that comes out of the box and cannot be configured, or is this something where you need to tell the tool what is the security policy, and based on that, it will do the analysis. It anyways gives a score. I've seen it, but I doubt the usability of it.

It has not reduced the time it takes to implement firewall rules in our organization. For me, the speed of delivery hasn't really changed because there is still internal validation, and that process takes a long time. This is basically independent of AlgoSec.

I use it onsite and in the cloud environment. I use it in both, but I do not know which specific features AlgoSec has concerning clouds. I also don't know if it is good or bad when it comes to preparing for audits and ensuring our firewalls are in compliance.

In terms of implementation, I can't say whether automation has helped to reduce human errors and misconfiguration. I can only say from another point of view. I'm doing academic research at the moment. My research is about the evolvability of firewall rule basis. The management of rule basis is pretty complicated and the bigger they become, the more complicated it gets. I've done some fundamental research on this, and I've come up with some interesting conclusions. I know that the information that I got from algorithms that I wrote myself, which are not fairly complicated, gives a lot more visibility in terms of what's wrong within the policy, as compared to what the tools do. I'm 100% sure of that. Based on what I've seen on AlgoSec and some webinars, there is a lot of information in there, but it doesn't give the real clarity on what's wrong with my rule base.

I would rate AlgoSec a six out of 10.

I use AlgoSec Firewall Analyzer, BusinessFlow, AppViz, AppChange and CloudFlow. We use the appliances from the AlgoSec framework and the AlgoSec Firewall. The customer environment is mostly managed on-premise.  

AlgoSec has reduced the time to implement firewall rules in my customers' organizations by about 17%. AlgoSec has helped us keep our firewalls in compliance with data security regulations. It can produce many reports, like the ISO 27001, PCI DSS, and OX. It can even make recommendations to optimize your firewall based on compliance standards. 

For example, one of my clients uses the Palo Alto firewall device together with a user admin Palo Alto device. When the admin device needs to detect configuration on the Palo Alto firewall device, AlgoSec can verify if this is correct and in compliance with standards like ISO. In this example, my customer is conducting an assessment via Palo Alto based on ISO 27001. AlgoSec might provide recommendations, like passive complexity, for the firewall settings because the SMTC hasn't been configured. 

AlgoSec has good tools to manage policies and devices. Many administrators like how it helps you monitor and clean up the policy for the on-premise firewall. AlgoSec can give you recommendations to optimize your rules. It supports ITSM, and it's a powerful tool for monitoring firewall change requests.

A large company has many devices working with its firewall as well as many policies for managing router switches and networks. If a single security admin changes one policy, it impacts all the routers throughout the entire network. If you do not have a system for firewall change management, you're vulnerable to human error, misconfiguration, and other problems. AlgoSec has one central management system for managing your planning and implementation policies for your devices and firewall. This minimizes risk.

I think it's simple for AlgoSec to integrate with other security solutions. AlgoSec is supported on device firewalls like Cisco and Palo Alto. To integrate, you just have to verify that it has AlgoSec support. It's relatively easy to integrate with AlgoSec because it communicates using the SHA protocol with just a username and password.

I've used AlgoSec with Cisco ACI but only as a proof of concept. My clients are mostly using Cisco ASA with a Cisco router, Palo Alto, and Juniper.

In the new version H32, there are many, many bugs.

I've been using AlgoSec since 2019, so almost two years now.

In terms of stability, I think it's good for what our end-user wants to do. When you integrate your device on the firewall analyzer and you analyze, AlgoSec can show you the root of your device. AlgoSec can also monitor changes on the specific firewall.  

AlgoSec is powerful, easy, and manageable. It's user-friendly and deployment is easy. In my experience, it scales to my clients' needs because it helps track the policy and the changes.

AlgoSec support is good and professional. And before you contact support, you can search the reference AlgoSec portal. For example, if you have issues with the SHA and AlgoSec cannot communicate with a specific firewall. You can search on the AlgoSec help portal. The whole issue is covered on the AlgoSec portal. From the 2018 version of AlgoSec to the latest version, all the references are there on the portal. AlgoSec support responds on schedule to explain the issue and recommend ways to fix it.

I know the competitor of AlgoSec is Tufin, but I don't have experience with Tufin. If I did, maybe I could compare AlgoSec with it. At this time, I don't have any comment on its competition.

Setting up AlgoSec is very simple and easy. Because I'm using the VMware appliance for AlgoSec, you can just download everything. After that, you just configure the IP address for AlgoSec, set up a username, and verify your configuration license. For the VMware appliance, it takes maybe 30 minutes to deploy AlgoSec.

Licensing AlgoSec is easy. To license AlgoSec, you must get a MAC address on the AlgoSec server, then you can deploy the AlgoSec server in your environment. And if you get a MAC address, you must update on the AlgoSec portal to request the license

I would rate it a nine out 10. It would get a perfect 10 if they fixed the many bugs in the new version.

We use FireFlow. Our environment is a mixture of private and public platforms. We have been aggressively moving infrastructure up to the cloud, so everything that used to be on-prem now is all pretty much in the cloud. We have hundreds of servers and instances up in the cloud. On-prem, we still have the same. It's a couple of hundred servers on-prem that we use for the day-to-day business functions as well.

AlgoSec would help to manage our multiple environments if we had CloudFlow but we don't have that license.

Back in 2016, we migrated firewall vendors over to Palo Alto Networks. During that time when we migrated, we had over 4,000 security rules. Using AlgoSec, we were able to trim it down by some ridiculous amount, around 72%.

AlgoSec has a built-in feature for identifying risks. It'll inform the user if we have rules that allow a certain protocol open to the internet that we shouldn't. It identifies applications that are permitted in our network that pose a risk. Some examples include SNMPv1 without it being secured and that sort of thing. AlgoSec notifies us of those risks. There are also cleanup tasks it assists with. Obviously, the simpler the ruleset of your firewalls, the easier it is to manage and the less confused administrators get. AlgoSec is able to help keep the firewall ruleset simple while still maintaining its security posture.

AlgoSec provides us with full visibility into the risk involved in firewall change requests. We perform risk analysis before adding rules anyway. Even if AlgoSec said a rule is risky or not risky, it's not something we rely on heavily. We have other tools and processes to identify if the rule we added is going to be introducing risks or not.

The overall visibility that AlgoSec gives into our network security policies is pretty high. It's very clever in the logic it uses to provide insights, especially into risks and clean-up tasks. It's very valuable. It saved a lot of hours on the cleanup tasks for sure. It has saved us days to weeks.

AlgoSec's automation helped to reduce human error and misconfigurations to an extent. If I'm considering duplicate rules and human error, then yes for sure. But if not, then no, not really.

It implements and manages micro-segmentation initiatives. We recently did a project on that. We did the service segmentation using natively built reporting functionality in the firewalls. After that, we used AlgoSec to clean up those rules and trim them down. So it's not exactly to create micro-segmentation but more to manage it. It performed very well for that role, which is the experience we've had with that specific function in the past with it as well.

AlgoBot is a Slack chatbot that they've designed to help people identify if the firewalls are going to allow or block specific network traffic. We leveraged this to allow our staff to check themselves if the firewalls are going to be blocking traffic or not. That saves us logging into the firewalls and running the query off the host. We give them the power to use it and it saves us time.

AlgoSec has features to prepare for audits and ensure our firewalls are in compliance. But we have all the tools to measure compliance and security framework stuff we're doing.

We work with multiple security vendors. It's rather difficult to integrate the vendors. AlgoSec is a platform that hasn't really been developed as much as we would like to just because of its complexity to set up. If it was easy to set up and easy to get integrations with other companies, then we would be doing it. But the thought is that we are relatively stretched thin in our team as it is and the complexity of configuring AlgoSec doesn't make it any easier.

Overall, setting up new features is something that needs improvement in my eyes.

It has a cool feature where it has multiple firewall rules that say "You're allowing this IP page address to talk to this IP address on port A, port B, and port Z." For example, if AlgoSec detects that that rule was being used but it's only being used for port B and C, then it'll actually notify you that this rule can be trimmed down and you can remove port A, as it's not being used by your rules anymore. That's something we really like as well.

We installed AlgoSec in 2017.

The stability has been okay. The main uptime is fine. We haven't had any issues where it's randomly turned off. 

Every now and then we need to restart the AlgoBot feature to keep it running. We found that every couple of days, it just dies. We're not too sure why.

We haven't really done much scaling. We've just kept it isolated to one machine and ran everything from there for AlgoSec.

We're using it for firewalls. Our company depends quite heavily on the management and how up-to-date the rules are in the firewall. We definitely rely on AlgoSec to produce accurate information for one of our critical network components. We may be leveraging AlgoSec more in the future to assist with the cloud but it's still early days and we don't know for certain.

Technical support is average. In simple support cases, everyone's very helpful. When we upgraded to the new version of AlgoSec, we had a technical support staff member helping us through every step. But then some other simple cases were a bit more challenging. It would often take quite a few weeks and things wouldn't get done. They would say the issue was fixed in the next software patch when it wasn't. It's been mostly good but a few times they've missed the mark a bit.

The initial setup of the virtual machine or the appliance was straightforward. Even getting the devices we wanted AlgoSec to ingest was straightforward as well. 

It has a network map and it uses configuration from each firewall to draw a network map. Then, it uses that map to do logic of what rules and IP addresses can go where. That part was complicated because there were some very specific issues where one firewall wasn't being ingested properly. That took a while to work through and the fix wasn't what anyone really expected it to be at all.

It took us a couple of weeks to fully deploy. We got the main brunt of AlgoSec working in around a week. Fixing it with AlgoSec support took a little bit longer just because of its complexity.

The deployment required two staff members. It was another security engineer and myself. We are also the only two people who use it. 

It only requires one person for maintenance. That might be due to the limited amount of pages we have enabled within AlgoSec. It's definitely not full-time. It's just every now and then we do health checks. We have a number of monitoring tools on the box. So if it's not responding to the pings, if it can't talk out to the internet, we just get automated alerts. That's really how we determine if the box is healthy or not. Aside from that, it hasn't had any other issues.

We have definitely seen ROI. The number of rules in the firewall is the main way we've seen it. We went from around 3,500 to 4,000 all the way down to six rules. And that was over a couple of weeks. It was very quick and AlgoSec was the driver for that. If we still had 4,000 rules, then I'd be in a much bigger team trying to manage that. Because we only have a couple of hundred, it's not completely manageable, but it's a lot more manageable than a couple of thousand for a couple of people.

I don't actually know what the pricing is. We had a quote to get some professional services done for a couple of weeks. From my perspective, the cost was reasonable. It was 30,000 AU dollars for a few weeks. For the business that was unreasonable because they were trying to cut costs. But I would have seen that as a reasonable price to put on a few weeks of PS.

It has not really reduced the time it takes to implement rules in my organization. We use AlgoSec more for the clean-up after the fact. It's more of an after the fact tool that we use it for.

It definitely has not helped simplify my job. It just cuts out the middleman of having to ask someone a very specific question. Identifying those are very hard to do, and we wouldn't be doing it if we didn't have AlgoSec to do it for us.

If we had a couple of thousand rules in the firewall, it would be a number of increased things that the business would need to consider. We would need an additional firewall administrator to manage these rules. Rules would take a lot longer to be introduced into the firewalls. There's a delay in a developer spinning up a new server and then the firewall actually allows that new server through. There's just the overall complexity and documentation would take a lot longer if we had multiple rules. Even just the cleanup and management like general overhead would be significantly more.

If you look at it that way, AlgoSec has saved the business maybe a couple of years of salary. It's simplified the rules to such a point where it's manageable. The rules are still manageable by fewer administrators. There is more human work. There's more flexibility for staff to be working in other areas as opposed to having multiple people assigned to the firewalls, looking at complex rule sets.

It does the job. It's very good at taking something complex and simplifying it into something that's a lot easier to understand and manage.

It's one of those tools that takes a little bit of time to get set up and used to, but once it does, it's very powerful with what it can do.

I would rate AlgoSec a seven out of ten. The functionality on the platform is extremely good. But getting it set up and the complexity to install new features and stuff like that, brings it down a little bit.

We use it for firewall ruleset management. It's mainly to manage the firewall ruleset changes and for monitoring compliance.

In our environment we use Algosec Firewall Analyzer. Our network environment is a mixture of public and private clouds. We have more than 3,000 network switches and we are managing almost 20 firewalls that are on-premises. That doesn't include the cloud firewalls because AlgoSec does not extend to that area.

The main benefit is mainly related to security and our network operation. It helps with firewall and ACL management. In terms of security, it helps us safeguard the firewall ruleset. It's not directly important to the business for income, but it helps us to safeguard our operations and security.

It's also good to have AlgoSec for monitoring, as a measure for security compliance, because the firewall is the gateway from on-premises to the internet or to our business partners. It plays an important role.

It makes the audit process much easier because it provides an almost instant "yes" or "no" regarding compliance. On top of that, you can generate a move-and-change record for auditing purposes. It fulfills the requirements.

Algosec's automation helps reduce human error as well. It helps ensure our firewall policy integrity. It's the kind of machine that helps cross-check those areas, and that helps. Before we really applied AlgoSec for operations, we just used it as a monitoring tool. But after we started discovering manual errors, we tried to use AlgoSec as a prerequisite, and to check the ruleset changes that would be applied to production before they were applied in production. It works well as a checker.

In addition, it has reduced our workload in terms of manual checking to some extent. The lead time for AlgoSec to check against basic, fundamental compliance is great; much better than when done by humans. It reduces the time needed for that part of the analysis. And it helps me to make sure that the applied changes are meeting compliance requirements.

The firewall policy summarization is the most valuable feature. It helps us to cross-check the firewall ruleset. That's the main purpose of it. And of course, it monitors changes of the firewall policy. It provides full visibility into the risk involved in firewall change requests. It helps us to check for any integrity issues and conflicts with other rulesets, and of course the compliance.

When it comes to integrating with the leading vendors, we haven't had any hiccups integrating Algosec with existing firewalls or network switches, router switches, ASAs, or VPNs. It has to be great. I don't think another brand name or latecomer will do better than Algosec.

I have been using AlgoSec for more than seven years.

The stability is good. When we had the appliances it ran for a couple of years. Now that we've moved to the VM it is more stable and independent of hardware.

We used to be in an appliance for AlgoSec but two years ago we moved it to a VM version. The vendor supported us in that process. That was good. Other than that, we haven't needed to contact their technical support much.

I don't work directly with their technical support, my subordinate works with them. According to what I've heard so far, it's been very good and very helpful.

The initial setup was a long time ago. I remember it being a little bit hard, but I don't think we're a good reference point because it was almost seven years ago. When we moved to the VM version two years ago, we updated our skill set and it is manageable for my people. It should be easy to integrate.

For our initial setup, I remember the Check Point firewalls were seeing some key exchange. When there is an upgrade, you need to do a key installation. That was a little bit difficult seven years ago, but I believe most people now have experience and they know how to handle that. Back then, not many people had experience on Check Point firewalls or even AlgoSec.

Overall, the deployment is easy, but because our organization has a change process, the testing process involved with that takes a longer time. The actual integration is not difficult and it won't take much time.

Rather than talking about simplifying the installation, it should be standardized. There should be more documentation for AlgoSec. The firewall vendors, and even the network equipment vendors have more "Welcome to This Type of Management Tool." They have more clear documentation.

Some of the use cases appear in the community but the vendor could set up a forum where users can share tricky experiences and how to resolve them. An actual case-scenario Knowledge Base is much better than documentation that only describes the straightforward settings.

For maintenance of Algosec we need just one person. The deployment was done by our network team. I used to be on the network team and I was the one who introduced it. Later, I transferred to the security team. I log in to the content now, but not the platform. It is now managed by one of the network team members. Across our organization, there are about five people accessing it.

We used a system integrator to deploy it, called Dimension Data. 

It does its job. I don't expect more than that. We use it to manage the firewall and the firewall is such a mature product, and everything is satisfied.

We don't use it to help us in speeding up setting the firewall ruleset or doing testing phases, because our development cycle is a little bit different. The developers have to state what they need and then we apply it. We only use AlgoSec to cross-check when the testing result moves to production. It doesn't help us much in the development stage.

In terms of the cloud, we are just beginning to build a CoE, a core of excellence. There are many other native solutions provided by the CSP and there are some CASPI solutions—CWP, PP, and CSPM—that will help us with the governance of firewalls or the network security policies. We haven't determined our direction yet.