AlgoSec Reviews

My main use case is as a firewall analyzer module where it can be further broken down as follow: 

1) Network topology visualization: visualizes a network traffic path during troubleshooting

2) Policy optimization: uses optimization and clean-up recommendations to perform annual housekeeping of the firewall

3) PCI DSS compliance: follow the out-of-the-box checklist to prepare for a PCI DSS audit

4) Risk reduction: uses the recommendation of the risky rules to address all the critical and high-risk rules

5) Monitor changes:  monitor for firewall-config changes in real-time via email alerts

The solution has improved our organization in multiple ways. We can:

• Easily understand and provision application connectivity to accelerate application delivery and minimize outages

• Process firewall changes 4x faster, and eliminate misconfigurations and rework

• Proactively assess the impact of network changes to ensure security and continuous compliance

• Simplify and automate internal and regulatory firewall audits, and reduce time and costs

• Streamline communication across the application, network and security teams

• Deliver a tighter security policy that provides better protection against cyber-attacks

The product is great for:

1) Network topology visualization: reduces network troubleshooting effort which contributes to quickly restoring network or application outage.

2) Policy optimization: reduce/consolidate the number of rules created prior to the existence of AlgoSec Firewall Analyzer in order to free up hundreds of rule capacity before reaching the max rule limit of the firewall.

3) PCI DSS compliance: helps to highlight the area which firewall admin need to take note and address in a streamlined and structured manner.

4) Risk reduction: helps to quickly identify the risk that exists in existing rules and provide useful recommendations that help the firewall admin to remediate with ease.

5) Monitor changes: helps firewall admin to comply with security requirements of providing real-time security alert whenever a change is made, with detailed info on what was the value before and after.

The FireFlow's out-of-the-box workflow configuration/customization wizard could be improved to be more user-friendly and have a shorter learning curve. The current configuration wizard is quite complex and complicated, which will result in the need to engage with an AlgoSec professional services team to perform even the simplest workflow adjustment.

I had tried AlgoSec's direct competitor's workflow configuration wizard and found it to suit most organization requirements even though the customization capability may not be as advanced as AlgoSec.

I've used the solution for six years. 

The setup is fairly straightforward.

We did also consider Tufin.

We use the solution for change control of policies on firewalls, for service desk integrations, and for the service desk rules of network users.

We use the firewall management solution. Our environment is on-premises only. Our company works with financial institutions and they require everything to be on-premises.

There is no question that AlgoSec has reduced the time it takes to implement firewall rules. That is also true because some of our clients use firewalls from various vendors and AlgoSec allows them to implement firewall rules on those firewalls simultaneously, even though they are from different vendors. Even so, when we receive a request for a rule exception, no one controls how long this exception is valid. As a result, these exceptions are valid for a long time and accumulate one by one. With the help of AlgoSec, it is very easy to eliminate this problem. A timer is set for a given firewall rule and, when the timer runs out, a security engineer is notified that the rule is set to expire at the specified time.

In addition, large deployment cases face a large problem due to the number of firewall rules, which can slow down the performance of a firewall and overload the firewall memory. This happens in part because of duplicate rules and rules that conflict with one another. With the help of AlgoSec, we reduce the number of rules, on average, by 30 to 35 percent. AlgoSec cleans duplicate rules and conflicting rules, freeing up memory.

At least two of our clients, when using AlgoSec extensively, have seen a reduction of at least 1.5 to two times what it would take them to implement firewall rules, by reusing predefined templates within AlgoSec. In addition, they find it extremely helpful that AlgoSec checks them for compliance. Before AlgoSec, they had to manually justify compliance of every single firewall rule, when being audited for compliance. They had to explain why it was created, which client and/or service was behind that rule, et cetera. In comparison, AlgoSec does the compliance check on each and every firewall rule making sure it is always compliant with the latest requirements and one can quickly create a report to prove it.

When it comes to preparing for audits and ensuring firewalls are in compliance, about 60 percent of our clients are financial institutions, like banks and insurance companies. They have to adhere to the strict compliance rules and AlgoSec allows us to ensure that the firewalls are in compliance with the normative requirements. IT departments are able to create PCI and DFS reports via AlgoSec that are acceptable for such audits.

In terms of working with multiple security vendors, we usually integrate AlgoSec with other service desk vendors, like ServiceNow and controllers like Cisco ACI. AlgoSec has resources on their website where we can find documentation about integrations with various systems. It was fairly easy to integrate AlgoSec with ServiceNow and Cisco ACI. Their API is understandable and very well described.

The major value, at least here in Ukraine, when integrating AlgoSec with Cisco ACI is that we see most of our clients prefer DSN systems, like Cisco ACI, for data processing. ACI contracts are treated similarly to firewall rules, i.e. permission is required for access. Some of our clients use over 400 such contracts for data processing. Implementing access rules for these systems is not easy. With the help of AlgoSec we can create a rule and AlgoSec checks it for compliance, for duplicate rules, and rule conflicts. That very much simplifies the implementation and deployment of contracts in ACI.

AlgoSec helps tremendously when it comes to reducing human errors, especially when the environment includes firewalls from disparate vendors. In that situation, the probability of human error is very high. It is difficult for me to approximate by what percent it has reduced human error but the reduction is very significant.

In addition, it has helped to simplify the job of security engineers. I’m very sure of that because, otherwise, our clients wouldn’t buy more AlgoSec user licenses.

For us, as well as for our customers, firewall management and change management are the most important features.

We see a very high demand for using containers and Dockers and therefore there is a need for managing access control to these platforms. I checked AlgoSec’s roadmap and, for now, there are no plans for developing these features.

We have worked with AlgoSec for two to three years, implementing the solution for our clients.

Everything works great. We have not seen any significant bugs.

Our deployments of AlgoSec are not large so we haven’t faced a scalability issue. The maximum AlgoSec deployment we’ve done is for about 100 endpoints and that is not a problem for AlgoSec.

We have never needed to use AlgoSec support.

To deploy AlgoSec properly it is important to understand the client's environment. To that end, we have a questionnaire that we send to our clients and that helps clarify what the client's requirements are. It also provides information on the architecture of their environments. Once we receive the questionnaire, we go over the project specifications with them to make sure they didn’t miss anything, such as integrations with other systems. 

Next, we usually do a PoC to test AlgoSec in their environment and that is when we calibrate the solution to the client’s specs and do the necessary customizations. Then we purchase the licenses and roll out AlgoSec into the client's production environment. We also provide technical support for the client for at least a year to make sure that they become familiar with the solution.

The amount of time it takes to deploy always depends on the complexity of the client’s requirements. For example, for firewall management setup without integration with other systems like a service desk or reporting systems, deployment generally takes up to one month. If we need to integrate AlgoSec with solutions like a service desk, then the deployment can take up to four months because there are major changes to the whole business process and these changes require planning, documentation, implementation, and training of end-users.

There are usually three people involved on our side: a salesperson and two engineers, with the latter actually implementing AlgoSec.

I can’t say that this is a cheap system. It's affordable for large enterprises and, in some cases, for mid-sized companies. For the majority of other companies, this solution is out of their price range.

I have hands-on experience with Tuffin and both of these products (Tuffin and AlgoSec) are equal in terms of functionality. In terms of main differences, it comes down to a personal preference.

My advice is to do a PoC. Many would simply read reviews about the solution, watch demos, and request price quotes. At that point they would note that it is not a cheap solution and stop there. That is why I strongly recommend doing a PoC. Only through using the solution can you see how easy it is to manage and implement security rules. It becomes very clear that you’ll see a return on investment in terms of the time saved by your security engineers.

Another recommendation would be to evaluate similar solutions to AlgoSec, especially for companies that are planning the implementation of DSN systems, like Cisco ACI. This is because it involves labor-intensive rules implementation, and with the help of AlgoSec it can be drastically simplified.

The overall visibility the solution provides into network security policies is not applicable to us because our clients are using AlgoSec for firewall only, for edge connectivity of their networks to the internet. We only have one client that used AlgoSec to control rules on the internal firewall, which is deployed into their data center.

The primary use case of this solution was to optimize and cleanup all the unused legacy firewall rules from multiple firewalls which was massive in terms of time and effort.

The other user case in our environment was to automate all the manual day to day firewall changes to reduce the turnaround time for application owners.

We wanted to have central visibility for our entire firewall portfolio to see the firewall flow of traffic traversing through multiple layers of firewalls.

Definitely with the help of this solution it made our life easier to optimize and clean up the task within a short span of time which provided the quick visibility of all the rules to be actioned.

Traffic Analyzer provided the centralized view for our IT SOC operations to focus mainly on high-risk firewall rules exposing with explicit any rules.

The other best feature is the Fire flow module which is in the process of implementation to automate the firewall rules changes along with the workflow model right from the requester to the implementer.

Both the modules of AlgoSec solution which has been on-boarded in our environment are amazing to use it as it provides a central end to end visibility of the firewall rules spanning across the multiple layers of the firewall.

It's helping our Risk and Compliance team to assess all our firewall rules periodically and help us to remain compliant. 

It saves a lot of manual time especially in daily operations and increases the turnaround time for business.

It has helped us internally to provide the documentation for our auditing and reporting purposes.

AlgoSec should explore integrating more multi-vendor platforms and should be looking towards ready infrastructure for providing Infrastructure as service (IAAS) on any cloud platforms as the trend and technology is gradually moving from In House platforms to Cloud platforms.

Algosec should also be exploring the integration with the open source firewalls as well.

The GUI features of Algosec solution should be more flexible to use and adopt.

We have been using this solution for one year.

In terms of scalability, it's a license-based model to add license at any point of time when you have any new firewalls added in the portfolio.

Customer service is good but needs more improvement to be on listening side of the customers.

No, this is the first time we have introduced this solution.

Our Initial setup was not so straight forward as we were exploring all the features to its depth so lots of engagement was done with OEM level to explore and implement in our environment.

We went through local vendor support however the involvement from OEM was also huge and phenomenal.

Definitely the simplicity to use this solution is the key factor to be a leader in this competition and the other factor is the response and support model.

We went through the RFP process evaluation for all the magic quadrant leaders of the  market.

I am the senior network security engineer in an environment of more than 80 firewalls ranging from ASA 5506-X to ASA 5585-X and now to FortiGate 3960E. As part of this position, I need to be able to audit firewalls and ensure that they are compliant to a number of policies.  Before AlgoSec, this was done in a very long, slow manual process, and it took days to audit even the smallest firewall. With AlgoSec, I can run a compliance report and see exactly where that firewall falls short.

AlgoSec has freed up my time to look into new solutions and complete other jobs that I have to get done. I have been able to shepherd the migration from Cisco ASA to FortiGate and using AlgoSec made that process much easier. Now, when I get a request for audit information, that information is available at a click. A PCI audit is no sweat. I know which firewalls fall under PCI, and I can provide the needed answers in minutes instead of days.  This has improved my use of time.

Policy optimization, compliance, and change reports are the most valuable. I can clean up firewall rules quickly, optimizing the rule set and moving on in hours. Before, I was looking at days. Compliance is a breeze. The change reports are helpful to see changes over time and also be a "second set of eyes" when looking into issues. 

The mapping tool is helpful. 

Traffic queries are a great help when troubleshooting a problem, especially if the traffic is going through two or more firewalls.

I can't think of specific improvements. If anything, the product has been improving in usefulness constantly. 

I have been using AlgoSec Firewall Analyzer for approximately two and a half years now.

Product hotfixes are released regularly and are a breeze to install. I have dealt with other products that always promising to fix bugs, but it takes months or longer for the next patch to appear. AlgoSec is on top of this and in my opinion is a real leader with bug fixes.

Technical support is the best that I have ever dealt with. I have yet to have a support engineer tell me that they couldn't fix a problem or that it was sunspots (Cisco TAC). They have gone above and beyond multiple times. I never hesitated to call as they have never made me feel that the problem is the user, even though I am sure that there were times it has been.

I have never had a problem that the technical support wasn't willing to dig into and get resolved.

Not really. We used a homegrown VBScript that would parse the configurations on our firewalls for auditing. This didn't help at all with compliance.

The setup is not difficult. The professional services were outstanding in installation and knowledge transfer.

We implemented through a vendor team. Their expertise was outstanding. They made sure to spend a lot time doing knowledge transfer.

The initial cost was high for us, but we have always been behind the tech curve and cost has always been the limiting factor. That attitude has changed. Now, we look for the best, not simply the cheapest.

We did look at a couple of other solutions. FireMon and Qualsys are the only two I remember.

It has saved my bacon a number of times and is a great arrow to have in your quiver of tools.

Our primary use for AlgoSec is to automate our firewall configuration. We use the AlgoSec system to remotely configure the firewalls, making our life easier.

We are in a multisite environment with plenty of firewalls for perimeter security and LAN segregation for specific proposes. This solution helped us to make the process more dynamic.

It has reduced the workload for the firewall team thanks to the API integration with our ticketing system, handling the standard types of requests automatically. Before having it, we had to create a lot of standard rules that now can now be just pushed from the AlgoSec system.

It has also helped in terms of firewall monitoring. Automatic alerts are sent to the security team so we can react quicker in case something goes wrong or a thread is detected going through the firewall. This is made possible using the simple reports.

The most valuable feature of this solution from an operations perspective is the automation of the firewall rule deployment, working together with our ticketing system.

Any new needs are requested by a user using the internal webpage request. This request is automatically validated against a set of standard rules. If the request is compliant, the new rule sets are automatically configured in the specified firewalls without any human action. This reduces the firewall team's workload and improves efficiency.

It would be nice to have a good tool for network map discovery in the GUI to make it more user-friendly. I would also like to be able to check and modify network maps in a graphical and more intuitive way. This will improve our network overview for new deployments and troubleshooting.

An API to connect to Palo Alto Prisma and Zscaler to be used after SD-WAN deployment would be a helpful feature. We have discussed this with AlgoSec and are hoping to see it in the near future. 

We have been using the AlgoSec solution for four years.

We did not use a solution like this one previously. This is the first time.

I'm part of the team that uses the AlgoSec solution, not on the finance IT team.

We primarily use the AlgoSec Firewall Analyzer.

We have more than ten cluster firewalls and we have deployed the AlgoSec solution suite. We want to check compliance status of our devices. We also need to reduce the number of rules in each of the policies.

In our new data center, we want to automate the firewall policies.

Now, we can easily track the changes in policies. With every change, AlgoSec automatically sends an email to the IT audit team. It increases our visibility of changes in every policy. 

Every month, I use the optimizer to reduce firewall rules. In the summary tab, I can easily track the number of changes in the firewall policies.

The most valuable feature is the reporting, including the policy report and regulatory compliance reports.

In the Intelligent Policy Tuner, the tighten permissive rules tab allows us to reduce the number of rules in each policy. I can easily control, report, and reduce the rules for policies. Also in the Rules Cleanup tab, I am removing unused rules as I feel confident in deleting these types of rules.

Our Information team read Regulatory Compliance Reports that can easily track the compliance status of each device.

Cisco Firepower device support is limited in our AlgoSec system and I think AlgoSec can improve in that area. For example, in FireFlow we can easily track using the ticketing system to integrated Check Point devices. However, with Cisco Firepower devices, we couldn't integrate with them.

We have been using AlgoSec for almost six years.

We did not use another solution prior to this one.

The pricing of AlgoSec is fair.

Before purchasing AlgoSec, we implemented a PoC with each of AlgoSec, Tufin, and FireMon.

We have more than ten clusters behind our firewall. It is essential that we track the changes in policies and the compliance status of devices. AlgoSec can easily do that.

Our company has a very large technical estate, with over 90,000 staff and 80,000 computing devices, it was imperative that we found a firewall security management tool that allowed us to speed up the process of change requests when it comes to our firewall IPS team, as they were becoming overwhelmed with the volume of requests.

AlgoSec has improved our organization in terms of improving efficiency within our firewall setup. It has added automation to working process that has helped us achieve our initial goal of reacting faster to incoming requests, which as a result of allows the relevant teams time to focus on other areas of importance.

The best feature for us is the ability to automate the change requests that come through our service desk, which is done via the tool's intelligence to analyze the conditional rules. As previously mentioned, this used to be a big time sink for the guys which is now less of an issue. This means that the company can claim back valuable man-hours for other means (also showing a labour cost saving to the board).

For the most part, this AlgoSec tool does meet our needs. If I was to think of any improvements I think the main one that stands out to me is confidence in future proofing. A good example is that we are looking at various SOAR which we'd like it to be fully compatible with (but not entirely convinced it is yet). Lastly, I have also heard a few qualms about the technical support and that it could be improved. However, this doesn't detract from the value the tool brings to our business.

We have implemented the AlgoSec ASMS solution with the AFA Firewalls analyzer, AFF Fireflow, and AppViz application security,

We are using all these modules to have a more tightened and secure environment. The AFA we are using is it to optimize and clean the firewalls' rules and to comply with the cybersecurity policies and standards. 

The Fireflow is integrated with the ticketing system to simplify and facilitate the opening of tickets process and document it for later reference.

The AppViz module is used to secure and optimize access to the applications in a secure way.

The solution has allowed us to:
• Easily prove compliance during internal or external audits
• Has reduced resources needed to manage firewall changes

With the AlgoSec firewall analyzer, it now takes us half the time to deploy firewall changes and policy optimization.

The AFA also provided us with the flexibility and intelligence that reduces human error and risk.

It allows the security compliance team to focus more on providing a better level of security and compliant devices than on the process and changes.

AlgoSec Firewall Analyzer offers great security policy visibility and the analysis has changed the firewalls management and operation, including firewall rulesets cleaning, optimization, tuning, and ensuring compliance with the company and PCI-DSS requirements.

Also, the fact that this firewall management solution will reduce the resources needed to manage the firewall changes the management processes and audits.

It leads to a quick response to any type of audit whether it's an internal audit or an external audit.

Releasing hot fixes or patches is late compared to other security products.

Also, the integration with the Cisco FTD security group tagging is still not supported, so we cannot get the rules with SGT-ACL, and still there is no clear roadmap to support such a feature.

The user interface can be more friendly. They could work on enhancing it by adding step-by-step guides in the GUI of the AlgoSec AFA.

It's better to give some priority to the integration with other security systems and enhance this capability.

I've used the solution for about two years.

I did not use another solution previously.

I did not evaluate other options.