AlgoSec Reviews

We planned to start with AlgoSec Firewall Analyzer and later procured FireFlow as well.

We deployed Fireflow as we have been migrating the Infrastructure to SaaS, increasing in multi-vendor engagements on multiple Network and Security layers and handling requests from roaming users ends.

AlgoBot has been enabled to few users to validate their requirements and requests on their own, which has helped them to understand their current access and to create requests that are very accurate and relevant.

With respect to the environment, it's distributed with various network and security solutions, with multiple zones and a maintenance team.

Over the period of two years, we integrated the AlgoSec Firewall Analyzer and FireFlow on multiple solutions including next-generation firewalls, web security, proxies, and other network devices.

On the improvement part, we enabled the common set of policies across firewalls and proxies. This tool helped us eliminate the requirement to have L3 engineer in our other data centers and our Tier 1 and 2 engineers utilize the solution well from the configuration and maintenance areas.

We simply pass over three to four external agency audits on various particulars which we spent more time on before onboarding the solution.

One of the most valuable parts for us is to achieve the compliance standards without ample strain and burden. Defined templates assisted us to make effective on following the internal processes and the industry standard.

It enhanced the complete workflow system within six months of deployment. We eventually onboarded by integrating with multiple solutions.

We performed regular audits internally to standardize and to pass the external audits effortlessly.

In simple words, this process empowered us to define a metrics among our industry and set the development goals clearly.

Support tickets and engineer assignments are one of the few concerns we are facing these days. Initially, they were hard to co-ordinate with the technical support team and the AlgoSec management team helped us to follow the defined Service Level Agreements.

We needed to directly communicate with the integrated solution TAC Teams, let say of Palo Alto or Checkpoint, and we needed to co-ordinate jointly for addressing an issue.

The AlgoSec support team came on a joint call to address the issue on time without saying "this is not my cup of tea" and by then we were happy about the support. This happened during one of our major migrations.

Our management is expecting us to set up a CXO/CISO dashboard from AlgoSec. It would be great for us if the AlgoSec team could assist in setting up the new benchmark.

We have been using this solution for more than two years.

Over the period of two years, we have seen multiple enhancements being made available inside the product. One of the new requirements is on containers/Docker/Kubernetes where AlgoSec really needs to focus. I am not sure about the availability of the latest support release, however, these are booming technologies and we require solutions like AlgoSec to support them.

Earlier it was good. Possibly due to the pandemic, we faced a couple of challenges in getting the support on time. That said, now it's getting better.

Earlier we used to manage everything with our internal and vendor team, where lots of coordination was required. It was a long time-consuming process of gathering requirements and defining the best possible solution.

Since few of the solutions were being managed by outsourced team, it was challenging to make the solutions ready to integrate with AlgoSec during the deployment phase.

Some delays happened due to the lack of support by the external party. There were some delays due to upgrading products to make everything compatible with AlgoSec Analyzer and FireFlow.

Initially, we found this as a complex deployment. Later, it was easier than anticipated. We referred to the technical documents and AlgoPedia portal to understand more and deployed successfully within the proposed timelines.

Our in-house team took care of almost everything and the AlgoSec team did the governance.

We'd like the solution to share the complete Infrastructure details along with the business use cases with AlgoSec SE to evaluate and propose the best fit deployments and licensing.

Pricing-wise, AlgoSec still needs to support the customers.

We evaluated Skybox and Tuffin as well. Our internal team showed interest in AlgoSec right away, however, Skybox was a real challenge to differentiate.

Technical documentation and readily available solution blogs helped us to deploy the solution in a better way

AlgoPedia helped us in many ways - including sharing information on the new vulnerabilities, management of appliances, and maintaining the workflows (by providing enough insights to explore and understand).

The solution is mainly used for auditing firewall rules and inter-zone connectivity within the client environment. 

Another use case we have at the moment is to audit all changes done on the firewalls across the environment. We are also using Fireflow which significantly reduces the administration effort and time required to analyze, plan, and implement firewall changes on a day to day basis. 

Compliance reports are a big help and ensure that the client environment is up to date in terms of their security standing.

AlgoSec has definitely helped to improve the process of auditing all firewall rules and access. 

From a security standpoint, it has significantly improved an organization's standing from identifying all risky items in a given firewall policy as well as change audits, among others. 

Using Fireflow has also significantly reduced the amount of effort and time required to analyze and plan firewall changes that normally happen on a near-daily basis. 

Change audit has also reduced the effort during audit season especially when clients are running multiple-vendor firewalls.

Risky rules and compliance profiles are very valuable. With these reports, we are able to identify gaps in the client's firewall policy and this allows us to effectively remediate such gaps. 

The time and effort saved by using these compliance reports or profiles are definitely welcome. Another feature that we would use on a near-daily basis is the Fireflow and simulation query functionality. With the simulation query, one would not need to log into a specific firewall vendor console to verify if access is allowed or not; we run it through the simulation which saves us a lot of effort.

Support could be improved. Support of the KB database is extensive but still does not cover all subjects, at least from my experience. 

Another area of concern that I think could be improved is the licensing system. With the version we are currently running, it is a bit confusing since, for some reason, AlgoSec license usage is handled differently between firewall vendors. It may be a bit challenging to properly size the purchase of a new license - especially if a client is running multiple vendor firewalls in the environment.

I've been personally been using AlgoSec for more than ten years now.

The solution is very reliable. No issues encountered during daily operations.

I haven't personally done a lot of scaling projects with this product.

The technical support is all right, however, it can be improved.

Neutral

We did not previously use a different solution. 

The setup is pretty straightforward and AlgoSec did provide support during the process.

We worked in-house, with AlgoSec, and with a vendor found that both are highly knowledgeable.

I'm not part of the business team and do not analyze this aspect.

I am not part of the team in charge of licensing. 

We also looked into FireMon and Tufin.

I am part of the team providing managed security solutions and we have a number of clients that have a lot of network and security devices in their environment.

We use AlgoSec primarily to provide solutions to our clients in terms of how we can help tighten their security and optimize network performance.

AlgoSec Firewall Analyser makes this easily possible and with the help of AlgoSec's readily available reports, we are able to provide to all our clients the security and compliance report.

Before AlgoSec, our firewall rules got pretty big over time and it came to the point where it was barely manageable. Duplicate rules and objects were everywhere and there was nothing we could do about it. Performing a manual clean-up was a nightmare and near to impossible.

AlgoSec Firewall Analyser improves the firewall rules dramatically by identifying rules and objects that are not needed and consolidates rules and rule re-ordering.

It also helped our team to optimize performance and further secure the network by identifying risky rules.

I always find the policy optimization by identifying duplicate objects, shadowed rules, and unused objects pretty useful. By eliminating all these duplicate objects, unused rules, and unused objects, firewalls and other security devices will use fewer resources to process certain tasks/requests.

This will benefit both the security engineer managing the security devices and the client as they will spend less time in dealing with optimization and therefore can focus more on other important matters.

AlgoSec firewall analyzer is already an awesome product but there are still some areas that definitely need improving.

For instance, the risky rules reporting should have more information available in the risky rules report - especially when you export the data into a .CSV format. .CSV format being a text-based visualization, some information and formatting cause the reports to lose meaning and only become just another character in the file since it cannot port over some properties (like severity represented by colors).

I've used the solution for more than ten years.

We did not use a different solution previously.

The setup is pretty easy and the cost is really worth it.

We did not evaluate other options. 

One of our customers was using basic firewalls and the VPN, however, much of the policies were not applied - hence there were a lot of loopholes and hence a lot of spam and malicious activities were going on in their organization. Employees were able to use blocked sites, IT managers were not able to address the issue on their own. 

The client replaced existing solutions with AlgoSec. AlgoSec has given better visibility and better performance. IT managers who [reviously could not find loopholes were able to address them. 

Detection of loopholes and pinpointing troubleshooting areas were the key value additions that AlgoSec has provided. Its response time is fast. 

Detection of malicious activities and malware is much better than other options. 

Previously, the company was dependent on third-party solutions for audit reports. AlgoSec now provides an instant audit report. 

It has improved the management of all the firewalls (which are both cloud and on-prem) via a single console. The integration with the routers and other IT products is seamless.

The most valuable aspect of the product is the automatic application connectivity. The second best feature would be detection and response and analysis of the data. Applying security policies over the network is easy. AlgoSec instantly provides audit reports which is a most useful feature in this organization. 

Integration of the next-gen firewall, cloud firewall, routers, and load balancers is seamless and a very useful feature.

The solution offers unified and risks analytics reports features. 

AlgoSec helps IT managers automate firewall management across all hybrid environments.

The blacklisting and whitelisting of IP addresses should be improved. There are many false positives.

The cloud migration process should be more streamlined for my customer-facing issues.

The price should be less. The customers who have just started using the AlgoSec firewall management tool, as of now, have not faced any major issues apart from some small debugging. 

Improvement can be done in many areas. For example, it would be great if AlgoSec could integrate with an endpoint solution and directly integrate with firewall and endpoint solutions to bring much more visibility.  

We started deploying the application in January of this year. Currently, in our contract, we have a license for AlgoSec FireAnalyzer and FireFlow. So, at this moment, we are only working with AlgoSec FireAnalyzer. 

We are using AlgoSec to have a good view of our environment in terms of the risks and compliance and to implement rules. Our environment at this moment is only on-premises. We have servers, routers, firewalls, etc.

The visibility that AlgoSec provides about our environment is very important. Without it, we won't have visibility into various risks to our environment. AlgoSec can show us these risks and allows us to improve and close some rules. It improves the security of the network, and we can protect the data of our customers more efficiently.

It is helpful in improving the security and compliance of our environment. We can optimize our environment by improving the rules that are not used or are duplicated. FireFlow is useful in creating and implementing new rules. It allows us to automate rules implementation and have more control over rules.

Its reports are very important for compliance and understanding and mitigating risks. They show us the rules that are open or that can create risks for our environment. This information is very important for us for optimizing our environment and correcting the policies.

In our environment, we add rules in the firewall based on user logins, but currently, we can't do that with AlgoSec. AlgoSec can't create rules based on user logins. For example, generally, when we create a rule, we put IP Address, Destination IP Address, and Service Port. However, in our environment, we put IP Address, User Login, Destination IP Address, and Service Port, but AlgoSec doesn't support a rule in this format. We opened a ticket regarding this with their support two months ago, and they said that they will be able to add it in the future, but they don't know the timeframe. We are currently in the process of making changes in our environment for such rules, and after two months, we won't be using the rules that are based on user logins. We will make them consistent with the market, and we will use only the IP Address, Destination IP Address, and Service Port for rules. So, it won't be a problem for us, but this can be an improvement for other clients.

It is quite new for us. We starting working with it just a few months ago.

Its stability is good. We never had a problem where we couldn't access the platform. It is always available, and we don't have any problems related to the downtime of this platform.

At the moment, it gives us what we need. Next month, we will add new technologies to AlgoSec.

AlgoSec has a great team. They are professional and have good knowledge of AlgoSec. We have a good relationship with them, and we got good support from them.

We never had a solution like this. It is the first one in our environment.

We started its implementation in January with the help of a partner company. It was very easy to implement, and we didn't have to contact AlgoSec.

We completed the deployment in February. We put it in our environment and started the server. After that, we did the configuration and started to add our devices to AlgoSec.

We implemented it with the help of a partner company in Brazil called Logicalis. When we have any problem, we talk to them, and they are able to help us.

I would recommend this solution because AlgoSec provides a lot of reports and views of your environment. You won't be able to get this view through a firewall manager. For example, the CheckPoint firewall manager won't provide what AlgoSec provides, especially related to the compliance of your environment.

We have implemented Cisco ACI in our environment, and AlgoSec will help us to work with this new technology implemented in our environment. We will integrate AlgoSec and ACI next week.

I would rate AlgoSec a 10 out of 10.

We have actually played around quite a bit with the network flow piece of it (with the routers). That has helped us troubleshoot a few things with data flow and where it might be stopped or redirected to an incorrect location.

We use the following components of AlgoSec: AlgoSec Firewall Analyzer (AFA), FireFlow, and AppViz. We have a very limited cloud deployment at the moment.

We have a very complex network environment. It requires very specific compliance protocols to be put in place, including HIPAA compliance, PCI compliance, and HITRUST compliance. Therefore, we have very specific rules that we have to adhere to. We have 13 sites with very complex setups at each site to allow for redundancy and security, utilizing multiple vendors and technologies to achieve that. 

We are currently developing and going to have a hybrid deployment for the cloud and on-prem. Right now, 98% of our stuff is on-prem, and that will change. We are probably going to be about 75% on-prem and 25% in the cloud, which is very complex. This will allow our external vendors and external clients in as well as all our internal resources.

They have compliance rules built right into the system. Right out-of-the-box, you can run a compliance check against your environment that tells you exactly what needs to be fixed and why. Their compliance check is phenomenal. They even have a base compliance check. So, you can set your own standards to make sure that all your equipment meets those base compliances that you have for internal standards.

AlgoSec has reduced the time it takes to implement firewall rules in our organization. While our usage of it has been fairly limited to what we have tested so far, it has probably reduced the time by about 30%.

It gives us 100% visibility into our network security policies. It has given us a couple of surprises. Over the years, the network that we are administrating has been subject to people who have an idea of how a network should be set up. That differs from technician to technician or engineer to engineer. So, we are finding little pockets of hidden little self-engineered configurations and the way things were done that nobody knew about. Once the engineer left, the knowledge of that setup disappeared. You don't know about those until something either goes wrong, or you get something like AlgoSec to discover it for you, and it says, "Hey, there is this going on over here." 

It has helped us figure out how it was set up and why it was set up that way, then allowed us to engineer it so it fits a little better into our standards. We found a couple of secrets in our network that nobody would have known about. If we had an outage on those, nobody would have been able to figure them out without a tool like AlgoSec. This would have been a complete outage for our organization. Since we are healthcare insurance, that is a significant amount of money.

It has helped to simplify the job of our security engineers. We have a snapshot of where we are at with the correct data that we need to be able to fix the issues that we have. We keep finding little secret pockets of out-of-standard configurations that need to be addressed.

AlgoSec absolutely provides us with full visibility into the risk involved in firewall change requests. There is a risk analysis piece of it that allows us to go in and run that risk analysis against it, figuring out what rules we need to be able to change, then make our environment a little more secure. This is incredibly important for compliance and security of our clients. We deal a lot with patient health information that needs to be secure for physicians who are dealing with it and the patients themselves.

The most valuable for us so far has been the firewall rule analysis. Just to be able to get to a point where our infrastructure is secure and stable. The analysis runs everything that we actually need. When we run a report, we need to look at the report, then go back to the analysis because the analysis has all the information for us. We just have to match up the analysis to the report.

We have a security vendor who runs an analysis on the logs that we send them. We have multiple vendors who come in and do an annual security assessment. We have multiple vendors who come in and do an annual penetration test. We have vendors who deal with the end clients as well as vendors who deal with the servers for security, in addition to our firewalls, routers, and public interfaces. AlgoSec takes all of the information on our network, puts it into one single pane of glass where we can go and request what we need from the vendors. Plus, there are reports in AlgoSec that we can run and send out to our vendors so they have an eye into what we are looking at.

The reports are lacking information when they come out. They will not pull the URL or application information from Cisco FTDs. I know this works for Palo Alto Firewalls, which we currently do not have. If they could improve the integration with Cisco FTDs as a whole, that would be immensely helpful.

We are actually in the process of purchasing AlgoSec. We have gone through a proof of concept with them. Right off the bat, running through that proof of concept with them was absolutely fantastic. Usually, they have an offsite proof of concept server that you connect up to, then kind of take a look at their technology to see how everything works and if you like it. However, we have a different setup onsite for some of our firewall rules. We wanted to make sure that their application/appliance worked on our internal environment. They were more than willing to set up an onsite PoC for us so we could make sure everything did work.

The stability is fantastic. We haven't had an issue with stability at all.

Two people are needed for maintenance (someone for backup plus me). Maintenance on it is fairly limited. It is very automated in the way that it handles all our data and firewall needs.

The scalability is easy, just add more licenses if needed, then turn up another virtual machine. It is pretty straightforward.

There will probably be a dozen of us actually utilizing AlgoSec. This will mainly be the network and security team, then the security team themselves.

During deployment, the technical support fixed our issue within 30 minutes of the phone call.

We are in the process of doing microsegmentation right now. That is one of the reasons why we started looking into a utility like this because we needed to get that current snapshot of where we are at and where we need to go. AlgoSec is beyond phenomenal for helping to create and manage this type of initiative. With the automation piece and the fact that we can take a look at the traffic that is currently running through our firewalls and automate the rules being created for that. This will take a lot of manual work off of our shoulders that would have taken many man-hours to be able to implement.

We ran into some errors/issues, so it probably took us a week to fully deploy it. The process was straightforward except for the typos that we had in the programming. Without those typos, it would have been up within half a day.

We had an implementation strategy that we laid out beforehand and went forward with that.

James, the AlgoSec engineer who was working with me, spent about two weeks on and off with me trying to get the solution up and running, and he was successful at it. This was so we could utilize their proof of concept in our environment to make sure that it would fit our needs.

Because we went from having no unified tool to having AlgoSec, it has improved our security platform by probably 80% in just the short time that we have had and used it. It is invaluable. There is no question in my mind that it is a tool for anybody who has multiple sites, firewalls, and routers. It is something that everybody needs to look into getting because it is invaluable.

Even if we were to pay the first quote that we got, AlgoSec would be worth it. Just having the automation and that overall look into your security platform, you can't be without it.

We are working with our finance department right now to be able to purchase it. The AlgoSec team is doing everything that they can in their power to get the costs down to where our budget is. They have worked a lot on it. They have cut the cost in half for us so far by questioning, "This is in the quote. Is this something that is actually needed?" They have pulled some stuff out and cut our costs down by 50% for the product itself.

There were four of us involved in the evaluation of the product.

We compared this tool to two other different tools. Even with their higher-end solution, when we had the full budget for this, AlgoSec was less expensive than some of the other top tools. We looked at FireMon and Tufin. The reason why we said, "No," when we had budget to FireMon and Tufin is because they were not pulling in the application data or URL data. 

AlgoSec actually pulls application data and URL data in. AlgoSec is a little easier to use than the other solutions. Cisco recommended AlgoSec to us.

Don't trust what you think you know about your network. There are surprises everywhere, and sometimes it takes a utility like this to find those.

Don't don't hesitate. Go get it. If somebody came and asked me for an analysis tool, AlgoSec would be at the top of my list.

The integration is fine.

Migration to the cloud is on our roadmap. 

We have not set up any automation quite yet, but that is on the roadmap. That will make the tool even better.

I would rate this solution as a nine (out of 10).

If a use case comes where a customer who has different firewalls, e.g., Palo Alto and Fortinet, wants a single pane of glass, where all the firewalls are visible, this is the only use case where AlgoSec would be used.

The customer has to judge, "Are they going to pay hundreds of thousands of dollars for the feature of seeing firewalls of different vendors under the same hood?" Is that the value they want versus the dollar value they are spending? Most of the time, the answer is no. Customers don't want to spend $300,000 or $400,000 just to see a single dashboard. Especially during COVID times, it has become even more impossible to sell such a product. 

From a product perspective, AlgoSec has multiple components. Its security management solution is the primary one that you need to have. You must have this in order to install the platform. 

There are some legacy customers still using AlgoSec. The benefit is the ease in management of firewalls and rules. Also, if they have a small setup, making changes to multiple firewalls at the same time is something the customer enjoys due to limited resources. When an organization becomes an enterprise, then change management comes into the picture as well as best practices, so making changes to multiple devices at the same time is not good. 

It has the capability to be an enterprise grade product, but the use cases have not been fine-tuned for that in the past four years.

There are some integration-related issues too. For example, AlgoSec does not integrate with Forcepoint, and Forcepoint Firewalls have become very prevalent these days. They also don't integrate with Aruba devices. So, the integration ecosystem of AlgoSec is very limited, which is also the case with Firemon.

These days, people are looking at products which can visualize not only their firewalls, but also their networking equipment, under a single map. Can AlgoSec do this? Yes, it can, but with very limited capacity. If I try to sell the automation story of firewall management, there are vendors, like Forcepoint, who are not supported, so if a customer has Forcepoint, then I have to straight away walk off. The worst part of the story is they don't have even a roadmap for this.

Another problem with AlgoSec is that it gives you the capability to make changes to hundreds of your firewalls at the same time, but big enterprises have change management policies. Change managers will never allow you to make changes to more than 10 devices at the same time, which is a feature in AlgoSec. Because, what if something goes wrong, then you have to roll back and figure out what caused the impact, e.g., which firewall did not work well. Doing that post-mortem becomes a difficult thing. So, change automation on a firewall is actually defeating the purpose of the change management policies in any organization. If you run a bank, you will not allow anyone to make changes at the same time from a single click for 10 firewalls. The bank will never allow this. So, what is the use of this automation? Even if you are using this automation, you can do it from your native firewall vendor, e.g., Panorama or FortiManager, where everyone has their own cluster managers. At least if something goes wrong, you can still call Palo Alto and tell them you are Panorama has not done the change right, causing you an impact, and this is your Palo Alto firewall. 

In this case, if I have to raise a case first, then I have to call AlgoSec and check why it has not worked. Second, I have to call the firewall vendors that their firewall is not working well, but AlgoSec has done the right job. Handling multiple vendors for such a trivial issue becomes a problem.

I have been using AlgoSec for four years. First I was a customer, then I became a partner.

If you hit a bug with mass changes, do you troubleshoot on AlgoSec or the firewall? Now, you have two products that you have to tackle for bugs. The two vendors then finger point and you waste time. That is why having the firewall and firewall manager together from a vendor, like Palo Alto, is better.

If the scope of work is just firewall management, it is easy to deploy. However, when you add the flow information, since AlgoSec can also import the flows of your firewall rules, that is live traffic. Then you include FireFlow, or it becomes a nightmare, because what you have to do is take a copy of traffic from different segments/firewalls and bring it into AlgoSec. Doing that becomes a challenge because a lot of companies, such as banks, will not allow you to sniff the firewall traffic live traffic because they have credit card information. 

These days, the traffic has changed to HTTPS, which is all encrypted. Four or five years back, it was HTTP, which was all plain text. Even if you take a mirror of the traffic, how can you decrypt it? You need a decryptor to look inside. FireFlow looks at the packet of the transaction. In order to look at the packet/payload, I have to decrypt it because now it is encrypted. But, who will decrypt it? Then you have to buy another product that does decryption.

Customers look at return on investment to determine the benefit from a product, e.g., the tangible value in return. If I go to sell AlgoSec or Firemon today, the customer will say, "I already have Palo Alto," because Palo Alto Panorama has picked up a lot in the last five years of this market. 

AlgoSec is not a cheap product. If I compare Firemon and AlgoSec, because I am also Firemon certified, Firemon is still cheaper in price than AlgoSec. That is another catch. 

AlgoSec-type products and requirements are not necessary or prevalent these days. If you look at AlgoSec, what do they have? They do firewall management, predominantly. Firewall management as a technology is dying. If you look at Palo Alto, Fortinet, Forcepoint, Cisco, or Juniper, all these firewall vendors are coming up with firewall management platforms. If you talk about Palo Alto, they have Panorama. If you talk about Juniper, they have Junos Space. If you talk about Fortinet, they have FortiManager. You can manage their firewalls using the respective vendor management consoles. The question comes, "Why would someone want to use AlgoSec to do firewall management?" The usability takes a dip in terms of capability because people trust the native vendor, e.g., someone who manages Palo Alto firewalls will do it with Panorama because Panorama is a product of Palo Alto.

AlgoSec's use case was good four years ago before FortiManager and Panorama. If you have a hundred firewalls from Fortinet, then you can manage all of them for a single FortiManager. If you have 50 Palo Alto Firewalls, you can manage those from Panorama in a single pane of glass. These solutions did not exist four years ago, and now AlgoSec is losing its essence in the market since these native vendors have been launched.

Four years ago when I started off with AlgoSec, and I'm still working with them, it was strategic. Now, it has become tactical. AlgoSec has a very good feature of doing firewall rule optimization, which has not been there in the native products. For the last couple of years, the native products also started coming up with firewall rule optimization. For example, Palo Alto (from PAN-OS 9.0 and above) was released a year and a half back. It does firewall rule analysis for you. It is the same case with Fortinet and Forcepoint. Therefore, if I have to sell products on firewall management, which does firewall rules on analysis, what is the use case that I give to customers with AlgoSec?

I am running out of AlgoSec use cases because the native vendors give you the capability to do firewall management, firewall rule analysis, and pushing conflicts to multiple firewalls from a single screen. These are the use cases of AlgoSec. This is what AlgoSec does. This story is not just limited to AlgoSec. Products like FireMon and AlgoSec and the way they used to do firewall management have become a commodity. Now, most of the firewalling vendors have the same functionality in their management console. 

Companies, like RedSeal, or even to an extent, Skybox, are better built because they take the story to the next level. They don't just look at firewalls. They also look at the network, vulnerabilities, risk, governance, compliance, architecture issues, and incident response. This is the story which customers love to see because none of the native vendors are providing this. 

RedSeal and Skybox are doing firewall management for free. They don't charge you for it. On top of it, they do:

• Complete network visualization.
• Give you best practice conflict checks.
• Security architecture issues.
• Risk analysis of every IP asset in your organization.
• Vulnerability prioritization.

AlgoSec has been amazing, but it did not evolve well with time. If you look at AlgoSec from a cloud perspective, it does not support service chaining. So, if I have Palo Alto Firewall in the cloud, which has become very common, they can't detect that firewall. If I ask them to detect Oracle Cloud, they can't detect that. The problem about cloud, even if I'm doing service chaining with VMware NSX and Palo Alto, which is a very famous integration, they can't detect them. They cannot detect these because they are new things which have happened in the market in the last three years. So, they aren't able to catch up. The legacy part is good, but they are not able to catch up on the latest stuff, like service chaining. With anything new, AlgoSec is unfortunately running behind. 

I have used all the components: CloudFlow, Firewall Analyzer, FireFlow, and Algo Bot (which I have used to optimize policies). I have not used AppViz a lot because it just came out. If you talk about the complete suite, then AppViz gives you application-related visibility. However, when you don't have a rich integration ecosystem versus a native firewalling vendor, like Palo Alto, who does give this. What is the use of having AlgoSec (or Firemon)?

I would rate this solution as a seven out of 10. The product is good, but the issue is with AlgoSec's use cases.

We use AlgoSec Firewall Analyzer and FireFlow. 

Our primary infrastructure is all on-premise. We tend to leverage only SaaS components of the public cloud. We have over ninety sites including branch offices and Data Centers.

We have over on hundred firewalls and we are a PCI compliant organization. So, we use it for all of our change control around all of our firewall ACL deployments, as well as our risk profiling. We use Fireflow for the change management and audit control. The IT security department uses it for ACL reviews and ACL change requests.

Specifically, with FireFlow, we've managed to integrate that into our overall change advisory and request for change control process: requests flow through a ticket, through AlgoSec Fireflow, through our IT security department for approvals. We've taken advantage of all that. We generally do not have any out-of-band changes and those that happen are logged, tracked and reported on.

The Active Change component has helped reduce human error and given people more confidence the ACL changes have been applied as they requested.

AlgoSec has helped to simplify the job of our security auditors. Primarily, from an audit perspective, it's much faster than it ever was because they can review the ACLs all in one tool now, as opposed to asking for plain text CSV dumps of firewall rules. They can also respond a lot faster now to requests for ACLs as to whether or not they're valid or required because they can review the traffic simulator.

AlgoSec enables us to manage our dispersed environments in a single pane of glass for the firewalls. Seeing all of those firewalls in one view, we no longer need to use things like the Cisco ASDM for day-to-day ACL management. 

AlgoSec gives us a high level of confidence that our ACLs and our risk components are actually in line with our expectations. Because we run a lot of our firewalls as an internal change control boundary, we rely on them heavily to segregate security zones. It gives us a high level of confidence that things like third-party networks that ride on the backbone are segregated and appropriately defined.

The features I find the most valuable are the:

• Duplicate objects
• Unused rules
• Duplicate rules.

The traffic simulation has been really valuable, especially with other business units that aren't familiar with the firewalls but are looking to see whether or not traffic they're using or going to be putting on the network through projects is going to be impacted.

The overall visibility that AlgoSec gives into our network security policies is high. Our firewalls are our primary control boundary on the LAN. They give us the most amount of visibility we can get at that layer without microsegmentation.

AlgoSec provides us with full visibility into the risk involved in firewall change requests. That feature is important to us because we're a heavily risk-averse organization when it comes to IT control and changes, It allows us to verify, for the most part, that the controls that IT security is putting in place are being maintained and tracked at the security boundaries.

It has reduced the time it takes to implement firewall rules. We can sometimes do 20 to 30 ACL either adds, removes, or changes in a week. In some cases those changes are now down to minutes. Prior to AlgoSec, we would have to do all the manual verification which meant potentially logging into every related firewall, checking every ACL, and making sure that we got the placement correct.

We have a fairly complex routing environment that AlgoSec struggled with. The initial period when we were doing an installation with their support desk was fairly challenging.

I have been using AlgoSec for about a year and a half to two years.

We have not had any issues with stability.

So far, we haven't had any issues with scalability. We're at 100+ firewalls, all of them logging directly to the product without issue, and we're using it daily.

We've had a mixed experience with their support. It's swung the gamut from someone who will just reference their own publicly available knowledge base right up to someone going directly to the developers. That process has felt inconsistent. I never know which one I'm getting.

We were not previously using another solution. We chose AlgoSec because we knew that we were going to be managing ACLs globally at a rapid rate going forward and we needed a solution for that.

For our implementation strategy, we used their JumpStart process where they actually had an AlgoSec representative come to us and get us through the implementation. That resource was here for about a week. By the end of the week, it was up and running enough for us to complete the more organization specific components of the implementation.

We had three staff involved in the deployment and there's typically a team of about five of us involved in the daily maintenance and operations. We were all part of the JumpStart. 

About a dozen people now use the tool regularly and that number continues to increase.

For us, on the network team specifically, we're a small team relative to the number of devices that we manage. Having so many firewall rule changes come in on a regular basis, we were likely going to lose a body if not two, just to managing ACL adds and changes.

Initially, the licensing was a little bit unclear. We run a of our firewalls with high availability solutions and how licenses got presented and accounted for was unclear. Overall though, the licensing is pretty straightforward.

The licensing and support cost is fairly significant, likely out of reach for any small and most medium sized businesses without a significant security requirement.

We looked at Tufin and FireMon. At the time, FireMon was cloud-based and we had a policy that didn't allow us to use it.

We had met with AlgoSec a couple of times over the years at Cisco Live. We were familiar with their platform.

My advice would be to be ready to find out the things you probably didn't know. For us, there were a lot of rules that were implemented that weren't being used, a lot of objects that were duplicates.  We were unknowingly hoarding all kinds of configuration data that was no longer relevant.

Overall, I would rate AlgoSec a solid eight out of 10.

We use the solution for change control of policies on firewalls, for service desk integrations, and for the service desk rules of network users.

We use the firewall management solution. Our environment is on-premises only. Our company works with financial institutions and they require everything to be on-premises.

There is no question that AlgoSec has reduced the time it takes to implement firewall rules. That is also true because some of our clients use firewalls from various vendors and AlgoSec allows them to implement firewall rules on those firewalls simultaneously, even though they are from different vendors. Even so, when we receive a request for a rule exception, no one controls how long this exception is valid. As a result, these exceptions are valid for a long time and accumulate one by one. With the help of AlgoSec, it is very easy to eliminate this problem. A timer is set for a given firewall rule and, when the timer runs out, a security engineer is notified that the rule is set to expire at the specified time.

In addition, large deployment cases face a large problem due to the number of firewall rules, which can slow down the performance of a firewall and overload the firewall memory. This happens in part because of duplicate rules and rules that conflict with one another. With the help of AlgoSec, we reduce the number of rules, on average, by 30 to 35 percent. AlgoSec cleans duplicate rules and conflicting rules, freeing up memory.

At least two of our clients, when using AlgoSec extensively, have seen a reduction of at least 1.5 to two times what it would take them to implement firewall rules, by reusing predefined templates within AlgoSec. In addition, they find it extremely helpful that AlgoSec checks them for compliance. Before AlgoSec, they had to manually justify compliance of every single firewall rule, when being audited for compliance. They had to explain why it was created, which client and/or service was behind that rule, et cetera. In comparison, AlgoSec does the compliance check on each and every firewall rule making sure it is always compliant with the latest requirements and one can quickly create a report to prove it.

When it comes to preparing for audits and ensuring firewalls are in compliance, about 60 percent of our clients are financial institutions, like banks and insurance companies. They have to adhere to the strict compliance rules and AlgoSec allows us to ensure that the firewalls are in compliance with the normative requirements. IT departments are able to create PCI and DFS reports via AlgoSec that are acceptable for such audits.

In terms of working with multiple security vendors, we usually integrate AlgoSec with other service desk vendors, like ServiceNow and controllers like Cisco ACI. AlgoSec has resources on their website where we can find documentation about integrations with various systems. It was fairly easy to integrate AlgoSec with ServiceNow and Cisco ACI. Their API is understandable and very well described.

The major value, at least here in Ukraine, when integrating AlgoSec with Cisco ACI is that we see most of our clients prefer DSN systems, like Cisco ACI, for data processing. ACI contracts are treated similarly to firewall rules, i.e. permission is required for access. Some of our clients use over 400 such contracts for data processing. Implementing access rules for these systems is not easy. With the help of AlgoSec we can create a rule and AlgoSec checks it for compliance, for duplicate rules, and rule conflicts. That very much simplifies the implementation and deployment of contracts in ACI.

AlgoSec helps tremendously when it comes to reducing human errors, especially when the environment includes firewalls from disparate vendors. In that situation, the probability of human error is very high. It is difficult for me to approximate by what percent it has reduced human error but the reduction is very significant.

In addition, it has helped to simplify the job of security engineers. I’m very sure of that because, otherwise, our clients wouldn’t buy more AlgoSec user licenses.

For us, as well as for our customers, firewall management and change management are the most important features.

We see a very high demand for using containers and Dockers and therefore there is a need for managing access control to these platforms. I checked AlgoSec’s roadmap and, for now, there are no plans for developing these features.

We have worked with AlgoSec for two to three years, implementing the solution for our clients.

Everything works great. We have not seen any significant bugs.

Our deployments of AlgoSec are not large so we haven’t faced a scalability issue. The maximum AlgoSec deployment we’ve done is for about 100 endpoints and that is not a problem for AlgoSec.

We have never needed to use AlgoSec support.

To deploy AlgoSec properly it is important to understand the client's environment. To that end, we have a questionnaire that we send to our clients and that helps clarify what the client's requirements are. It also provides information on the architecture of their environments. Once we receive the questionnaire, we go over the project specifications with them to make sure they didn’t miss anything, such as integrations with other systems. 

Next, we usually do a PoC to test AlgoSec in their environment and that is when we calibrate the solution to the client’s specs and do the necessary customizations. Then we purchase the licenses and roll out AlgoSec into the client's production environment. We also provide technical support for the client for at least a year to make sure that they become familiar with the solution.

The amount of time it takes to deploy always depends on the complexity of the client’s requirements. For example, for firewall management setup without integration with other systems like a service desk or reporting systems, deployment generally takes up to one month. If we need to integrate AlgoSec with solutions like a service desk, then the deployment can take up to four months because there are major changes to the whole business process and these changes require planning, documentation, implementation, and training of end-users.

There are usually three people involved on our side: a salesperson and two engineers, with the latter actually implementing AlgoSec.

I can’t say that this is a cheap system. It's affordable for large enterprises and, in some cases, for mid-sized companies. For the majority of other companies, this solution is out of their price range.

I have hands-on experience with Tuffin and both of these products (Tuffin and AlgoSec) are equal in terms of functionality. In terms of main differences, it comes down to a personal preference.

My advice is to do a PoC. Many would simply read reviews about the solution, watch demos, and request price quotes. At that point they would note that it is not a cheap solution and stop there. That is why I strongly recommend doing a PoC. Only through using the solution can you see how easy it is to manage and implement security rules. It becomes very clear that you’ll see a return on investment in terms of the time saved by your security engineers.

Another recommendation would be to evaluate similar solutions to AlgoSec, especially for companies that are planning the implementation of DSN systems, like Cisco ACI. This is because it involves labor-intensive rules implementation, and with the help of AlgoSec it can be drastically simplified.

The overall visibility the solution provides into network security policies is not applicable to us because our clients are using AlgoSec for firewall only, for edge connectivity of their networks to the internet. We only have one client that used AlgoSec to control rules on the internal firewall, which is deployed into their data center.

We help deploy solutions to customers around Africa and Nigeria. We deploy it, then we also provide local support to our customers. We do PoCs, deploy solutions, and provide support whenever we have the opportunity to provide solutions which solve problems of one or two customers.

Most of our clients just want to stick with AFA. Most times, we just work around AFA and do a lot of things with it. We are quite conversant with AFA's portfolio.

AlgoSec provides our customers with full visibility into the risk involved in firewall change requests. Most of our customers are in the financial industry. AlgoSec can analyze existing policies that you have set up on your devices, gauging the risk. For example, with PCI requirements, there needs to be a description for each firewall rule change as to why it was made. Therefore, if a change was made by one of our clients, who was unable to put a description or comment against that rule, then automatically I would need to flag that.

ActiveChange integrates with your change workflow and ticketing system. For example, a change request is made to open port 8080. Then, if the guy who was supposed to implement that change mistakenly opened port 80, then ActiveChange will say, "What was approved was 8080, but what you actually opened was 80." That actually helps to fix human errors. It helps to check everything that is being done. You can go through the analysis and see changes that were made, and AlgoSec is able to alert you immediately. Whenever there is a change, notifications are sent to the administrators because it gives you that real-time alerting and change. 

The most valuable features are:

• Compliance reporting
• Their immediate support team
• Maps: You can trace the traffic and what firewall is blocking what connections, services, and websites.
  

You don't need to be tech-oriented to work with AlgoSec.

One of the beautiful things about AlgoSec is that it gives you templates. There are quite a number of compliance templates, depending on the industry that you are in. For example:

• The ISO number system
• The information security - ISMS management system
• PCI DSS
• FISMA Compliance. 

For our clients, they especially have to maintain ISMS and PCI DSS, as these are the two compliance regulations that they have to maintain. You can run analysis or reporting based on the templates. Within minutes, you get into the report, can see your compliance status, and what exactly you need to fix. You can clearly see what parts of the requirements you are not meeting and where you are falling short within standards. It is very clear and visible. We can customize all of this with the reporting, however the client wants it. This is one of the critical parts for most of our clients.

In late December or early January, we were trying to add another solution, but it wasn't working because there was no support for the version that we were running at that point. After they released the hotfix, that took care of this issue. That particular device was then supported. So, it has been very stable and working fine since then.

I have been using it for about three years now.

The stability is excellent.

There have been some recent updates and hotfixes that have been released. These have taken care of a number of things, which include support for some particular firewalls.

The scalability is good. We have had to scale for some of our clients who have about 10 firewalls or 10 network devices, and they wanted to have more. All we had to do was acquire more licenses, then we just scaled. It is quite seamless.

I have worked with AlgoSec for about three years. Before COVID-19 struck, the technical support used to be 10 of 10. You would make a support call, someone would join you on a session, and you would get help almost instantly. Since COVID-19, a number of the technical support team members have been working from home or remotely. So, we haven't gotten to support people right when we need them. Sometimes, it takes a couple of hours or even days for us to get that instant support that we used to get. I think they are working on it. The last time that I had a support session with them, which was about two months back, I saw some relative improvements.

We have been using the OVA file on a virtual box. Once we slam it on the VM, it is quite straightforward. Once you are done with that, then you define the IPs.

We have had quite a number of our prospective clients have come to us, and say, "Hey guys, we want AlgoSec," but one of their turn-offs has been the pricing. I would like it if AlgoSec would review their pricing and come down on it. The solution is quite amazing and versatile, so we would really appreciate it if the pricing could be reviewed for Nigeria because we definitely would get more sales if that happened. 

In Nigeria, quite a number of industries have been hit hard by COVID-19 and we are not a high income generating country, so a lot of people want to cut costs. When it comes to the security, companies would rather settle for less and take a step back because of the cost. They might even put infrastructures off. However, if the pricing is reasonable and affordable for people in this part of the world, then our company will definitely see more sales.

AlgoSec is 10 out of 10 compared to FireMon. Compared to any other solution that does firewall analysis and policy management, AlgoSec deserves 10 out 10 because of:

• Its simplicity: Virtually everything about AlgoSec is straightforward.
• Versatility, as far as the reporting and alerting.
• Support, which is quite amazing.

If you are looking for a tool that will provide you clear visibility into all the changes in your network and help people prepare well with compliance, then AlgoSec is the tool for you. Don't think twice - AlgoSec is the tool for any company that wants clear analysis into their network and policy management.

Anybody can use AlgoSec once they take all the training.

Compared with other tools on the market, the solution is 10 out of 10.