AlgoSec Reviews

I work at a multi-vendor firewall environment. AlgoSec is primarily used to see what firewall policies are in place, as well as PCI compliance levels.

AlgoSec has helped us save time by having one central location to view firewall policies, especially when crossing multiple vendors.

The PCI compliance feature has been helpful in preparing for audits. The Firewall Analyzer has been very helpful.

We are still waiting to implement FireFlow, and getting it into place will hopefully speed up our implementation time and help with policy standardization. There have been some difficulties in getting this portion set up in our environment.

No stability issues.

No scalability issues.

Orchestrating a big network environment with 2600 Layer 3 devices for different brands. The environment spans several hundreds locations across all continents.

It gives control and visibility to the end users. It also lowers the burden of the security department.

• Its ability to describe the business, getting firewall rules as a result. 
  
• Creates the possibility for security engineers to obtain visibility on the complete environment.

Needs better integration between modules and also a better troubleshooting methodology. There are still a few improvements to be done in the user interface.

The HA solution is not good.

The HA solution is not good.

They provide good support, but sometimes lack the knowledge on a specific use case. It has improved in the last six months

No previous solution was used.

The initial setup was extremely complex due to our large environment.

As a partner of the vendor, we do the implementation at the customer site.

Use the entire suite for its best benefits.

Tufin was also evaluated.

Firewall Analyzer (AFA) to analyze configs from production firewalls of various types.

AFA has helped us to spot risky rules, overlapping rules and helps prioritize remediation efforts. We have a variety of firewalls and look forward to expanding services such as FireFlow.

In AFA, the ability to trend rule usage and drill into traffic seen hitting that rule is powerful for cleanup of overly permissive rules.

No issues with stability.

No issues with scalability.

Customer service has been helpful and responsive.

Skybox Security. However, Skybox is has less actionable output than Algosec. 

Setup does take some time to customize to your environment.

• ABF application centric
• Risk and compliance
• Zone matrix
• Conditional workflow
• IPT
• Active change 

It improved a lot in our flow database. In the past, application owners did not know their application connectivity. AlgoSec helps with this and our users are able to documents their rules.

ABF: It is application-centric. which helps to track changes in the application from day one.

Compliance: It helps to have a zone matrix and capture risks.

ABF needs to be more integration with AFF/AFA. We needs object level permissions and application level recertifications.

No stability issues.

No scalability issues.

We used a different network security policy management tool, but we felt it would not be able to fulfill our requirements and address our previous gap. We were looking for a place where we could keep our rules and also track ownership of each rule in the application.

The initial setup was straightforward.

We implemented through a vendor team, whose expertise level was high.

We are satisfied with our ROI.

We evaluated all of AlgoSec's competitors and chose AlgoSec as it was the best.

The product could be improved by adding additional tools for troubleshooting, not only for the firewall, but for other devices like switch and dynamic routing display. Also, it would be good if it could retrieve all information regarding Cisco Nexus switches and devices.

It would be interesting if the product could automate the switch configuration and create a dynamic map of the entire network.

In the VMware platform, sometimes the application is frozen and we have to reload the machine.

Not at all.

The technical services personnel are very confident and provide good assistance.

No previous solution was used.

The initial setup process is excellent.

The in-house implementation was good for FireFlow.

To down level firewall care so context owners and operations can be more agile in their day-to-day operations. It improves audibility and security by having instant access to firewall configurations. It has the ability to create architectures improving performance, reducing costs and KPIs. 

AlgoSec makes it quite easy to down level firewall auditing, running, and maintenance. This has given the operations team, audit, and security instant  access to firewall configurations.  

The whole platform is extremely useful. I like the auto-mapping features and configuration overview. We use this for many things, but primarily for quick reactions to security events, audit, project management, and quick operational efficiencies. 

A modernized GUI would be a nice feature upgrade. The GUI looks a little outdated. 

There are a lot of updates for the product which have been good. However, it is a pain to always have to upgrade the product. 

No stability issues.

No scalability issues.

Our experience with the support is fair. 

No.

It is pretty easy to set up and run.

We implemented it in-house. 

It has improved our performance in operations, projects, and security. 

It will reduce your operations costs with improved team performance. 

We evaluated FireMon.

Overall, the product is very good for firewall insights. 

Since approximately 2005, I have used AlgoSec in almost all of the companies that I have worked at. AlgoSec Firewall Analyzer (AFA) continues to be my favorite product, as well as the core of other AlgoSec products. My teams use AFA to validate firewall (FW) changes, see hidden and complex rules, identify dangerous combinations of rules across many enterprise firewall situations, and enable a risk-based approach to firewall rules and associated risk management.

AlgoSec is able to provide a consistent view into all of an organization's firewalls, regardless if the management is done by different companies, e.g., Check Point's, Cisco's, and Palo Alto's firewall policies are presented to the security team in a consistent format. This enables risk management decisions to be made without detailed understanding or experience in various underlying firewall technologies or management systems.

AFA is the best feature. It shows consistent information regardless of the underlying platform. Unused rules, hidden rules, and dangerous combinations of rules are easily found and tracked by using AlgoSec.

• I would like to see continued expansion to other firewall versions, platforms, and vendors. 
• I would also like to see continued work on the roadmap.

ABF and compliance modules.

AlgoSec contributes more in the security space for our company, especially in automatically finding the high risk and medium risk rules instead of manually reviewing over a few thousand rules. 

Also, ABF is a wonderful module where you can keep the footprint for your firewall rules up-to-date, like CMDB.

ABF is a key module for us, which we are using like an application center where we can keep our firewall rules for each application up-to-date. 

The compliance module is one of the best features which can help anyone to perform security review with predefined security matrix configurations. The compliance module can save a lot of time for security reviews and provide full visibility of the risk required in firewall change requests.

ABF is not very mature compare to AFA and AFF, but the module and concepts are quite good. I would suggest more concentration on ABF, especially on object and application permissions. 

We used a different Network Security Policy Management Solutions (NSPM) tool, but we felt that it would not be able to fulfill our requirements and address the gap which we had before.

We were looking for a place where we could keep our rules and also track ownership of each rule in the application.

I personally feel that the cost is quite expensive. AlgoSec is charging for each function, e.g., Active change, Application ABF license, etc. 

It is worth spending the cost for visibility on security. Of course, security is not cheap.

We evaluated three marketing leaders in the NSMP industry. However, we are not interested in highlighting anyone here.