AlgoSec Reviews

• The flagship feature used is its correlation of filtering rules (ACL/firewall).
• The audit of changes made in our environment is also very useful in the investigation of failure.

In an environment where onion layer security is strongly implemented, the filter elements can be configured in various places, and the traffic simulator proves, in this case, to be life-saving, whether in diagnostic time or in efficiency.

The AlgoSec solution has allowed us to achieve a clean-up and optimization of our filtering rules across our entire environment. The rules analysis allowed us to delegate the tool for operational purposes for the evaluation of firewall opening and audit requirements.

• The filter rules correlator allows us not only to have a clear view of the blocking points but also the quality of the filtering performed on the various firewalls highlighted by their risk index.
• Another interesting feature of the product is its ability to highlight filtering rules that would mask other more specific rules and thus lead to an optimization of the system.
• AlgoSec also allows us to have a history of changes. This feature is especially useful in the event of an outage or an unwanted change.

Although I'm very satisfied with the product, one of the ways of improving the product could lie, perhaps, in the acceleration of the analysis process and especially in the section — traffic simulation query.

Another improvement would be the support of an orchestration of different firewalls in a heterogeneous environment, mainly at the level of the management of the objects so as to have a homogeneous nomenclature.

• To manage the various network security equipment deployed
• Be able to detect unauthorized changes in those equipment.

It is still being deployed, but it shall enable reliance on more third parties out of the IT security team without losing the assurance that the configurations are under control. 

• Ability to manage all the network security equipment centrally
• Ability to delegate to local ITs the network security equipment change requests
• Ability to decrease the necessary workload to enable network connections, troubleshoot
• Ability to detect unauthorized or non-compliant changes in the network security equipment configuration.

Ability to manage more diversity of equipment, as well as simplify the management of the various workflows.

No previous solution.

Yes: Tufin.

The primary use case was the firewall policy cleaning and optimisation, plus compliance control and some change auditing.

AlgoSec provides a good optimization function that matches our needs related to other vendors. It allows us to clean useless rules and objects.

We are only using Firewall Analyzer, which is really good compared to other vendors. The other features (FireFlow and BusinessFlow) still aren't mature, and their licensing is expensive.

The production needs to be smarter and maybe have some AI capabilities to provide better firewall optimization and workflow integration.

The solution is more stable than in the past.

The report takes time, and the virtual appliance is a resource consumer.

The documentation is clear. The support is available but restricted to some requests that need advance service (not free).

Yes, AlgoSec provides a better solution for the firewall rule optimization that matches our production need.

The initial setup was simple, and only firewall integration could take time due to some complex interaction.

The implementation was in-house; the product is still simple to manage.

Reduced the firewall load due to a good rule table and then extended the firewall life cycle.

Compare with other products to see which one matches the best their needs.

Tufin, Skybox.

No.

We use the AFA to accurately determine rule use and where we can make improvements across our checkpoint estate. We have around 17 clusters of firewalls that are in constant use and frequently change rules.

AlgoSec has given us the confidence to remove unused rules, consolidate where appropriate, and prove reachability prior to searching a rule base to check access for an application or user. Breaking down a rule to specify used objects within groups and protocols used has proved invaluable for us to narrow exposure to potential threats.

A number of features are used more than others. We use the policy optimiser to search out unused objects in rules and determine when the rule was last hit accurately.

The risk and compliance area is key to ensuring we conform to company regulation. Having a number of compliance options to baseline ensures that we get the basics right before looking at advanced risks and remediation.

Finally, the traffic simulator can be used to check if a request from a user or project is already a function enabled or we have a full access change to implement.

• The maps are a little clunky and could be made easier with some automatic layout technology which assists in spacing out the devices for easier viewing.

It runs well with little intervention.

Good, it has the ability to add more devices anytime.

We use Bytes to escalate, and this has proved effective.

No. 

Straightforward, it needs to run for a period to ensure accuracy.

We used Bytes Security to assist in setup and initial optimization. 

Not really applicable.

Setup is easy; we use a VM to run it. Having knowledge in Linux is not a requirement but helps when required to update the software. Also, ensure the reseller has the ability to escalate any issues in case they can't fix it for you. Your licensing should cover the support of the product.

Yes, we looked at Tufin and FireMon.

Put it in, let it collect for up to 12 months and ensure you run regular reports. Only then can you be sure that you don't use rules. Remember, DR testing and failovers sometimes happen on a 6 or 12-month basis, and removing rules covering this will cause issues when you least expect it.

I use AlgoSec for my firewall rule optimisation, compliance baseline auditing, firewall change reviews, etc.

AlgoSec has helped tighten the rules on my firewalls, reduce the risks or exposure, and also meet regulatory compliance.

I have found the firewall optimisation feature to be very valuable because most developers don't know the ports or services their applications are running. After running the rules on any services for a short while, AlgoSec helps get the right service ports and IP addresses.

The product or service could be improved by orchestration or automation that will help in changing the rule sets on the firewalls based on the detected used services/ports and IP addresses. 

AlgoSec has been very stable compared with its pairs.

The solution's scalability is impressive.

Service/technical support are good at their job and responsive.

No, I didn't.

It is quite easy to deploy and manage.

Implemented through a vendor and their level of expertise is high.

Worth every penny, and the value realisation is great.

AlgoSec is worth every penny for the value or return of investment. 

No evaluations. AlgoSec was recommended, and we got a trial version for a period.

None.

• To change management of the rules
• History of changes
• Risk analysis and evolution of the risk factors over time.

• Transparency over the actions made in the rulebase by the different firewall operators
• Documentation of the rules.

The traffic simulation query helps to understand which rules match or don't match for a specific traffic pattern, helping troubleshoot application issues.

We use the "rules change notification" feature to inform the different firewall managers when someone made a change. The actual change comes in a PDF file attached to the e-mail, while it would be faster to have it directly embedded in the notification mail.

Depending on your network topology, the traffic simulator might have some hard time tracing the traffic path between your devices correctly. This has already been improved in the past but could still be enhanced.

The solution is very stable. Some caution is required when you do major upgrades on your firewalls to ensure that AlgoSec can still work with the new software release of the firewall.

The setup is very easy, as it comes as a virtual appliance you deploy in your own virtual environment. The setup is straightforward, and you can very quickly add your firewalls and start tracking changes, query the traffic simulator, and so on.

We used AlgoSec during a migration between firewall vendors. We needed a tool that could help evaluate the effectiveness of our existing rule base and inventory network objects.

Running AlgoSec helped us clean up years worth of obsolete rules and objects. This left us with a clean and up-to-date policy on our new firewalls.

• Policy risk mitigation identifies and helps tighten risky rules rendering the policy more secure. 
• The change management feature is great for environments with multiple firewall engineers.

The only thing I had slight issues with is the web UI which is a bit tricky to navigate. It can be difficult to find what you're looking for without having to click around for a bit, but once you get to know where things are, it's not bad.

This is the first solution of this kind I have used.

Setup is a breeze.

I did not evaluate any other solutions.

No.