AlgoSec Reviews

AlgoSec is used on a daily basis by both our IT and IS groups to manage BAU and FW change requests. It integrates with ServiceNow, PaloAlto, and our SIEM tool. It helps to perform FW cleanup, regulations requirement, FW migration projects, etc.

AlgoSec has helped me in the last three companies that I have worked for. I was working to do Firewall migration projects, FW cleanups of risky rules (FW policy optimization), process def between IT and IS, audit, SOC reports, GRC support, and Cloud support in both native and Hybrid environments that we use. 

The features that I have found most valuable are:

• Great visibility for High-risk firewall rules
• Mapping business risks
• Mapping risky applications
• Informative regulation reports for PCI-DSS, ISO 27001 and many more
• FW cleanup recommendation
• Easy logging capabilities with leading SIEM products in both LEEF and Syslog formats

I would like to see Bi-Directional API support in order to integrate with SOAR platforms that provide SOC automation and IRR.

Integration with CISO dashboards would be an improvement.

It would be nice to have support for IaaS, CASB, and DLP tools, which will allow full life cycle management of security incidents.

It would be nice to have an out of the box "best practices recommendation" with the relevant "what-ifs". 

This solution scaled to our entire enterprise in a seamless way.

We also used Tufin, but AlgoSec provided us better visibility and ease of use.

My advice is that you must do a POC and show value.

We did not evaluate options other than AlgoSec and Tufin.

The automation and orchestration of security-related change requests on our selected firewall (in our case Checkpoint) to decrease the time it takes to raise, manipulate, and execute change requests. This is all done with minimal interaction from our Firewall and IPS team, allowing them to more effectively use their time.

It has eased the process of streamlining our firewall configuration management considerably. Our firewall and IPS team now has the ability to budget their time and focus on other tasks, rather than dealing with repetitive change request functions. This has enabled the team to work much more efficiently and effectively.

The feature we found most useful is the automation of the change process within our organization for firewalls. This feature has reduced the number of mundane tasks the firewall and IPS team undertake on a regular basis. We have been able to increase the effectiveness of the team, allowing them to prioritize more complex and business-critical tasks in a faster manner.

In terms of integrations, we would like to see a greater number with the upcoming and next-generation tools (i.e. SOAR and a selection of other SIEMs). This has been a problem for us, as we are going through the process of enhancing our security and some of the products we are looking at are lacking built-in support (integration). 

It is currently used by the network security, audit, and internal control departments of organizations where I have deployed the application. It gives overall insight/visibility and enhances security across the enterprise.

Our company environment used old fashioned firewall devices for a long time and we hardly touched on old firewall rules. With this product, we were able to clean up our firewall rules and organize them neatly. It actually gave us a very straightforward report of what is being used, and not used, for firewall rules. 

AlgSec is used for in-depth firewall analysis and intelligent policy tuning and optimization. It helps in regulatory compliance metrics and overall firewall security optimization.

I like the auto-mapping features and configuration overview. We use this for many things, but primarily for quick reactions to security events, audit, project management, and quick operational efficiencies.

• Firewall rule optimization
• Regulatory and baseline compliance analysis/mapping
• Policy tuning
• Application discovery
• Automated Change management

The reporting portion is weaker than other competitors, although this is good enough to utilize in our environments.

Enhanced integration via API (typically, this is only known by few AlgoSec users).

The user interface could be a little more user-friendly. Other competitors have more of a dashboard look and feel. With AlgoSec, you have to launch new windows to see rule usage reports. It can be a little bit difficult when trying to find more information.

Our company was using old fashioned firewall devices.

We did POC on FireMon and AlgoSec. We chose AlgoSec for our company environment.

Our primary use case for this solution is FW analysis and compliance.

We have hundreds of FWs to manage and check. It is normal that similar rules, and perhaps not so good ones, can be set up. AlgoSec helps to make our network security better and improves our internal customer relationships by using FireFlow.

AlgoSec helps us to manage hundreds of FWs and take care of policy compliance.

The most valuable features are the FW report, traffic simulation, and the FireFlow system to help manage requests.

We have a complaint about the compliance check, in that sometimes we want to keep rules rather than merge them.

This is a stable solution.

I believe that it could be better, and make sure different scenarios are possible.

The customer support is very good. They really show that they want to make the product better, and take care of the customer's needs.

We did not use a previous solution.

The initial setup is straightforward. The complexity sometimes comes from the fact that the company scenario is not so easy.

We implemented the solution internally with support from AlgoSec.

We did evaluate other options, but I am not sure of the reasons for choosing this one because it was a management decision.

Our primary uses for this solution are for risk and compliance, policy optimization, and change management automation.

For instance, with AlgoSec Firewall Analyzer Policy Optimization we can easily find unused rules, shadowed rules, unattached objects, and much more. This allows us to clean-up and thus improve performance.

With AlgoSec we can improve performance, simplify manageability, and tighten security. One of the quick wins is to view our device status easily, with out-of-the-box dashboards and charts. A nice capability is the reporting, with a dedicated BI tool having access to all of our key AlgoSec data.

One of the best features is the possibility to monitor all policy changes in near real time and to receive automatic alerts on changes. The AlgoSec Firewall Analyzer security rating visibility is also very useful, helping identify and mitigate firewall policy risks.

The reporting component of AlgoSec Firewall Analyzer is something that, in my view, has room for improvement.

It will be welcome in a future version the possibility of having greater granularity, for example when defining the information that we want to see in the reports, to define customized reports by group / user and to make a scheduled sent of the reports.

Being more specific, in our use case for operational teams the report to send would only be the summary of changes of all the rules of a day by Firewall. Focused, without adding unnecessary information.

Other use case is for GRC teams. The report to send should only be the summary of risk changes of a week or a month, per Firewall. Again focused, without adding unnecessary information.

Very stable, with no issues to report.

This solution has a great scalability capacity.

The customer service for this solution is ok.

Although we had not previously used any solution for Security Policy Management, AlgoSec emerged as a great solution with broad vendor support and a dynamic attitude.

The initial setup is straightforward, but also complex because of the onboarding of different vendors.

Be prepared for a long deployment and optimization time, which in the end is typical for these kinds of solutions.

Our implementation was done using a vendor and in-house mixed team with good expertise.

We have looked at the main competitors, which are FireMon and Tufin.

Enjoy Firewall Security Management and Automation.

We are currently using this solution to audit our firewall policies (both in performance and compliance), as well as automating the creation of new rules and improving application functionality delivery. We are also using AlgoSec to automate machine provisioning (creation of new rules associated with that machine) and machine decommissioning (removal of rules associated with that machine).

With AlgoSec, we are now able to automate several time-consuming tasks. We are currently in a rule base performance improvement process and AlgoSec is an invaluable tool to accomplish this. Furthermore, we are starting rule creation automation, which will also provide some relief on our workload.

The most valuable feature for us is AlgoSec's ability to analyze rules for risks and for performance while allowing the user to submit a change request immediately based on that assessment. Additionally, the fact that it integrates seamlessly with Ansible, as well as providing an API for the users to extend based on their own needs, is a great plus for us.

The product is severely lacking in vendor support. They claim to support some devices, but when you dig deeper, it is only basic support, with enterprise-grade features for those devices being unsupported. This is a big deal for us, as several sections of our network are not fully supported which, in turn, does not allow us to fully automate rule creation. Moreover, we cannot perform end to end connectivity checks. One such feature is the lack of VRRP support on devices other than Cisco or Juniper, which causes the software to interpret a non-existent router as the next hop for a particular flow (the VIP address of the VRRP).

While this solution is somewhat stable, there is definitively room for improvement here. We've had some issues with the solution during our usage but, so far, no show stoppers. Other customers of this solution have complained that a large number of devices can severely hinder the stability of the solution.

This is a very scalable solution, built mostly on open source technology. The customer is allowed to extend its functionalities via the API to integrate with other solutions or existing automation.

Technical support is sometimes difficult to deal with as the response times are somewhat lacking. One good thing is that the case owner you are assigned to is generally the same,  which is great because, after several cases, the case owner is already familiar with your network.

The initial setup is not cumbersome at all. The documentation and training videos are definitively a big plus.

The implementation was mainly performed by us, with the help of a vendor team. The level of expertise of the third party was passable, but we were looking forward to having someone with more expertise with the product.

So far, the ROI is currently only due to the fact that rule automation has decreased the load on our support team, allowing them to work on other projects. We are also able to provide reports to auditors without losing a single day from the network support department. We simply provide AlgoSec reports and analysis.

Our primary use cases for this solution are:

1. Business Security and Automation
2. Faster change management solution
3. Network Security device analyzing and optimization

• AlgoSec helps to analyze the risk, optimize the rules and policies, and improve performance in network security devices such as firewalls.
• It helps to perform the network security changes four times faster than the normal change request process.
  
• It assists in provisioning the application rapidly, which increases the organization's revenue.
• The ASMS (AlgoSec Security Management Solution) is fully focused on business security and automation. It ensures business security and agility.

The features that we have found to be most valuable are:

• Risk Analyzing: Has helped to identify the risks in security network devices in a very short time, which increases and improves security overall.
• Policy optimization and IPT: Has helped to identify the garbage rules and improve the device performance. Also, has assisted in removing any rules causing IPT failure.
• Compliance: Helps prepare for the audit in a short time, and assists with continuous compliance.
• Active push: It is capable of pushing the changes and configuration from AlgoSec itself, which decreases manual errors during implementation and configuration. 

This product could be improved in several ways, including:

• More device support - such as barracuda devices
• An automated rollback process and options in active push. when we do a active push Algosec takes a policy backup for recovery purpose. if we did any change using active push from Algosec and if the customer wanted to rollback the particular configuration, better if Algosec able provide automated rollback process through AFF rather creating a manual a ticket. 
• Software-defined WAN integration and support 
• Application-aware policy identification and optimization - now a days most of NGFW are creating applications (such as Salesforce, Skype for business etc..) aware policies using their application database. normally destination object will be these applications and not the legacy objects that we created in firewall. if Algosec able to understand these application it will be good move for future market. 

We are very impressed with the stability of this solution. The product is very user-friendly and does not cause many technical problems while in operation. Sometimes we might have issues with newly supported device integration and features.

AlgoSec has multiple form factors such as a hardware appliance, VM appliance, and software. The customer can choose the most suitable solution for their environment. Further, AlgoSec has three main components and the customer can purchase them phase by phase, based on their requirements and budget. It can scale up to the total ASMS solution using the same resources.

As per my experience, AlgoSec provides very good customer service and technical support. They are very friendly and their response time and SLA are very impressive.

We did not use another solution before this one.

The initial setup is very straightforward and easy. Further, AlgoSec provides better documentation and self-support services where we can learn, reference, and be empowered.

We are a value-added distributor of AlgoSec and have implemented this solution for many customers in addition to ourselves. Our customers are happy with the implementation.

Our return on investment with this solution is between one and two years.

The setup for this solution is not very costly. The licensing is very easy to set up, with flexible licensing methods such as subscription and perpetual. The pricing itself is also flexible, with it being related to the number of devices and applications.

Before selecting this product, we evaluated Tufin.

This solution is very useful for any type of organization with multiple network security devices such as firewalls, routers, etc, and have the goal of achieving business security and automation.

AlgoSec has main three components that can be purchased in different phases if required. They are:

• AFA: AlgoSec Firewall Analyzer
• AFF: AlgoSec FireFlow
• ABF: AlgoSec BusinessFlow

The AlgoSec Firewall analyzer has helped us to analyze and optimize our firewall by evaluating the rules and services. These include routing, access rules, and restricting both applications and servers.

This solution has helped my client to analyze and assess whether any service or routes are needed for connections that are going to be created. It has also optimized the efficiency of the firewall by evaluating the rule set.

This solution helps us to save time, making the job more efficient for our network engineer.

The features that are most valuable are the interactive topology map and the traffic simulation queries.

The MAP helps us by generating a network topology map and checking the routing table for every device that is connected. The traffic simulation queries help us to check the connection between two objects. This allows us to gather information about the devices pertaining to blocked traffic or services that we need to add.

The MAP has a persistent issue with a firewall that is using a double BVI (Bridge Virtual Interface). In this configuration, it cannot give the correct and proper topology, so the traffic simulation query cannot run properly between the source and destination.

We have used other firewall products and it is very complex to check if any connections are down or blocked.