We were immediately able to leverage the workflow tools in FireFlow with ActiveChange to speed up our deployment of firewall policies.

By leveraging BusinessFlow/FireFlow/ActiveChange we have been able to reduce the time from initial requirements gathering to implementation of complex firewall designs by approximately 80% without compromising our security posture. 

Additional understanding of complex routing in multiple systems.

We have had this working in our production environment for about 6 months.

The initial deployment was unsuccessful as the product had not initially support our use of virtual routing instances on Juniper SRX devices however AlgoSec engineering was quick to deploy fixes to allow us to reach our desired outcome. 

None.

None.

Top notch.

The most valuable features are the risky rules analysis and network diagram representation generated from the firewall perspective.

It has helped to detect all unauthorized changes made on my firewalls. Also, this product can identify if anyone is creating dangerous rules that can severely affect the security of my organization.

One scope of improvement is to create an architecture diagram that combines intelligence from all integrated firewalls.

I have used this product for three years.

During the early implementation phase, some stability issues were experienced. However, that is somewhat stable now.

We have not encountered any scalability issues yet.

I manage the reviews aspect, not maintenance.

We were not part of the implementation team.

We evaluated the FireMon solution prior to this product.

Prior planning is required for licensing and appliance handling if the company is looking to introduce new firewalls/security devices. This tool even integrates Cisco products to track changes on core switch or primary routers/VPNs.

• Intelligent policy tuning helps to reduce risk and improve device performance
• Traffic simulation query on a specific device

AlgoSec reduces time and costs of firewall change management, risk mitigation, and compliance audits.

AlgoSec should support these features:

• Expired time should be one of the components of firewall rules, not only source, destination
  For example: Now, in Algosec Fireflow, when creating a change request, there are only 3 component: Source, Destination and Service. I want to have expired date of the traffic

• Detect duplicate objects in different firewalls
  Now, Algosec can only detect duplicate object within one firewall. I want to detect in different firewalls
  For example: firewall 1 has objet A with IP address 1.1.1.1, firewall 2 has object B with also IP address 1.1.1.1. I want Alogsec to detect this duplication

• Show IP address of object in a report, query result
  Now, in report, query results, Algosec only displays name of the objects. I want to display IP address of these objects

3 years.

No, we haven't encountered any issues.

No, AlgoSec is stable.

No, AlgoSec fit our size and is scalable.

Very good.

Good.

No.

The initial setup was simple.

Via a partner, they're very good.

We haven't calculated ROI yet, but AlgoSec saves us labor and a lot of time.

Tufin, we selected AlgoSec because it provide some useful features that other solution didn't have.

AlgoSec is very helpful for our organization.

• Rule optimization
• Risk analysis

Saves time and labor cost in optimizing and operating our firewall system.

Find duplicate objects in different firewalls.

3 years

Mainly with log collection.

No issues.

None.

Good.

Good.

No.

Simple to setup.

Via a vendor team. They are good.

I don't have the details, but it is effective.

No.

It should support IPS devices.

Policy management.

It has improved the way we handle risky rules on firewalls.

Security Firewall Policy; Firewall Performance; Firewall Hardening.

The Tighten Permissive Rules Function could be better, we need more specific information about source, destination and service on the rule we will handle.

About 1 year.

Nope.

Nope.

Nope.

They have replied fast to all my concerns.

Excellent.

I used to use Firemon before but switched to AlgoSec because the AlgoSec product and User Interface are more friendly than Firemon.

The AlgoSec vendor in Vietnam is Misoft, I rate them excellent in experience and support.

• Risk management for the rules
• Policy optimization suggestions

AlgoSec allows me to understand the inside of the firewall and brings simplicity to very complex firewall setups.

It has helped us manage PCIDSS compliance and also improved the overall network security.

The product has several compliance checks built in for PCIDSS, ISO, SOX, etc., and also a baseline security policy. It would be nice to allow customers to build their own policy, based on the customer’s own customization and business needs.

I have used it for four years.

The application is easy to deploy in an hour and can be done via a user guide.

Support needs are rare. I only require support around twice a year. Upgrades are easily done by the user but when support is required, it is great.

Initial setup is easy because it is a virtual appliance with its own OS.

I have expertise in implementation and prefer to do it myself rather than invoke the support contract. I believe it helps me stay knowledgeable and besides, AlgoSec implementation is a breeze.

The license is perpetual but support is periodic.

I tried the ManageEngine firewall analyzer. AlgoSec has a superior firewall policy optimization algorithm.

It’s a good buy for simplifying large networks.

Firewall analyzer and traffic simulation based on configuration analyzer of all rules on the firewall. Implementation of new rules without the need for manual configuration of rules on all firewalls in the traffic path.

It helped to improve our automation and simplified the configuration of new access rules.

In our experience, AlgoSec need to improve the integration of firewall vendors, because at the moment they don't support all vendors that are out there. 

Algosec Firewall Analyzer has a feature called 'Implement on device' which automatically creates access rules based on your request and sends it to the appropriate device. At the moment, this feature can not be implemented on Fortigate firewalls or Juniper EX switches which act as a layer three device with ACL's etc. I mean they need to improve interoperability with more vendors in order to automate access rules modification on these unsupported yet equipment.

I've used this solution for approximately five months.

According to my colleagues who implemented it, there were some problems during the implementation. They contacted their support team who provided us with good support and we were able to get it implemented.

We had no issues with the performance.

It's been able to scale for our needs.

I wasn't involved in the original implementation.

It's an amazing product for those admins who have huge variety of firewall vendors and would like to be able to automate the implementation of new firewall rules for access across the network.

• Firewall rule monitoring
• Consolidated report on unused objects and rules

We use this tool for rule monitoring and cleaning up the unused objects to improve performance. The risk team uses this tool to validate the existing traffic flow for their approval.

It is currently unable to export the report to a CSV file, and I look forward to seeing it in the next version/release.

I have used it for more than four years.

Deployment was very easy; the vendor-provided documentation was good.

Technical support is 8/10.

I was able to implement it on my own.

It's a very useful product and I highly recommend everyone having this product in place on their security infrastructure.

The reports for the policy optimization are the product’s most valuable feature.

It provides better performance on our firewalls.

• Filtering in the reports
• Adjusting parameters for reports
• To be able to generate custom-made reports

For example, it would be nice if you could define a report to show the unused objects for a specific timeframe. Now, it’s for the whole log period. Or, another example would be: deny rules that have been adjusted in the last 90 days.

I have used it for about two years.

I have not encounter any deployment, stability or scalability issues. It runs very smoothly.

Technical support is very good, providing fast responses and good knowledge of their product.

Initial setup is very straightforward and it is easy to implement.

We did it in-house, as it’s easy to install on your own.

Just try it and you’ll see where the problems are in your firewall. You can easily request trial licenses.