AlgoSec Reviews

We use this solution for the management of firewalls on a client with a multi-vendor landscape and a low maturity level in terms of security operations and mechanisms. The AlgoSec tool supported the necessary transformation we were helping the client with, centralizing and simplifying the management of all firewalls in several sites across the globe.

AlgoSec is a powerful firewall management tool. I have supported a client implementing the firewall analyzer in an environment with several firewall vendors and poor management. The implementation went smoothly, with good support from the AlgoSec team. However, the configuration was tricky due to the maturity of the client and the ‘messy’ situation, and the internal know-how available regarding what was implemented on the multiple sites.

The most valuable feature is that the tool is capable of simplifying firewall management and configuration in an automated fashion. Additionally, the fact that it is also possible to implement a FW management workflow clearly supports the improvement of the 'way of working' and operation of the FW environment.

The network mapping interface could be improved in the next version. In a complex landscape, with several nodes/equipment, it can be somewhat more difficult to properly visualize the network map. It requires several zoom-in and zoom-out operations, and it is not so visually appealing. Nevertheless, it is still a valuable feature and was highly used by my team.

We evaluated other options before choosing this solution including Skybox and Palo Alto Panorama.

Do not underestimate the configuration effort, especially on a more complex landscape.

AlgoSec is used on a daily basis by both our IT and IS groups to manage BAU and FW change requests. It integrates with ServiceNow, PaloAlto, and our SIEM tool. It helps to perform FW cleanup, regulations requirement, FW migration projects, etc.

AlgoSec has helped me in the last three companies that I have worked for. I was working to do Firewall migration projects, FW cleanups of risky rules (FW policy optimization), process def between IT and IS, audit, SOC reports, GRC support, and Cloud support in both native and Hybrid environments that we use. 

The features that I have found most valuable are:

• Great visibility for High-risk firewall rules
• Mapping business risks
• Mapping risky applications
• Informative regulation reports for PCI-DSS, ISO 27001 and many more
• FW cleanup recommendation
• Easy logging capabilities with leading SIEM products in both LEEF and Syslog formats

I would like to see Bi-Directional API support in order to integrate with SOAR platforms that provide SOC automation and IRR.

Integration with CISO dashboards would be an improvement.

It would be nice to have support for IaaS, CASB, and DLP tools, which will allow full life cycle management of security incidents.

It would be nice to have an out of the box "best practices recommendation" with the relevant "what-ifs". 

This solution scaled to our entire enterprise in a seamless way.

We also used Tufin, but AlgoSec provided us better visibility and ease of use.

My advice is that you must do a POC and show value.

We did not evaluate options other than AlgoSec and Tufin.

It is currently used by the network security, audit, and internal control departments of organizations where I have deployed the application. It gives overall insight/visibility and enhances security across the enterprise.

Our company environment used old fashioned firewall devices for a long time and we hardly touched on old firewall rules. With this product, we were able to clean up our firewall rules and organize them neatly. It actually gave us a very straightforward report of what is being used, and not used, for firewall rules. 

AlgSec is used for in-depth firewall analysis and intelligent policy tuning and optimization. It helps in regulatory compliance metrics and overall firewall security optimization.

I like the auto-mapping features and configuration overview. We use this for many things, but primarily for quick reactions to security events, audit, project management, and quick operational efficiencies.

• Firewall rule optimization
• Regulatory and baseline compliance analysis/mapping
• Policy tuning
• Application discovery
• Automated Change management

The reporting portion is weaker than other competitors, although this is good enough to utilize in our environments.

Enhanced integration via API (typically, this is only known by few AlgoSec users).

The user interface could be a little more user-friendly. Other competitors have more of a dashboard look and feel. With AlgoSec, you have to launch new windows to see rule usage reports. It can be a little bit difficult when trying to find more information.

Our company was using old fashioned firewall devices.

We did POC on FireMon and AlgoSec. We chose AlgoSec for our company environment.

Our primary use cases for this solution are:

1. Business Security and Automation
2. Faster change management solution
3. Network Security device analyzing and optimization

• AlgoSec helps to analyze the risk, optimize the rules and policies, and improve performance in network security devices such as firewalls.
• It helps to perform the network security changes four times faster than the normal change request process.
  
• It assists in provisioning the application rapidly, which increases the organization's revenue.
• The ASMS (AlgoSec Security Management Solution) is fully focused on business security and automation. It ensures business security and agility.

The features that we have found to be most valuable are:

• Risk Analyzing: Has helped to identify the risks in security network devices in a very short time, which increases and improves security overall.
• Policy optimization and IPT: Has helped to identify the garbage rules and improve the device performance. Also, has assisted in removing any rules causing IPT failure.
• Compliance: Helps prepare for the audit in a short time, and assists with continuous compliance.
• Active push: It is capable of pushing the changes and configuration from AlgoSec itself, which decreases manual errors during implementation and configuration. 

This product could be improved in several ways, including:

• More device support - such as barracuda devices
• An automated rollback process and options in active push. when we do a active push Algosec takes a policy backup for recovery purpose. if we did any change using active push from Algosec and if the customer wanted to rollback the particular configuration, better if Algosec able provide automated rollback process through AFF rather creating a manual a ticket. 
• Software-defined WAN integration and support 
• Application-aware policy identification and optimization - now a days most of NGFW are creating applications (such as Salesforce, Skype for business etc..) aware policies using their application database. normally destination object will be these applications and not the legacy objects that we created in firewall. if Algosec able to understand these application it will be good move for future market. 

We are very impressed with the stability of this solution. The product is very user-friendly and does not cause many technical problems while in operation. Sometimes we might have issues with newly supported device integration and features.

AlgoSec has multiple form factors such as a hardware appliance, VM appliance, and software. The customer can choose the most suitable solution for their environment. Further, AlgoSec has three main components and the customer can purchase them phase by phase, based on their requirements and budget. It can scale up to the total ASMS solution using the same resources.

As per my experience, AlgoSec provides very good customer service and technical support. They are very friendly and their response time and SLA are very impressive.

We did not use another solution before this one.

The initial setup is very straightforward and easy. Further, AlgoSec provides better documentation and self-support services where we can learn, reference, and be empowered.

We are a value-added distributor of AlgoSec and have implemented this solution for many customers in addition to ourselves. Our customers are happy with the implementation.

Our return on investment with this solution is between one and two years.

The setup for this solution is not very costly. The licensing is very easy to set up, with flexible licensing methods such as subscription and perpetual. The pricing itself is also flexible, with it being related to the number of devices and applications.

Before selecting this product, we evaluated Tufin.

This solution is very useful for any type of organization with multiple network security devices such as firewalls, routers, etc, and have the goal of achieving business security and automation.

AlgoSec has main three components that can be purchased in different phases if required. They are:

• AFA: AlgoSec Firewall Analyzer
• AFF: AlgoSec FireFlow
• ABF: AlgoSec BusinessFlow

Firewall and Compliance.  We use the product to support the firewall review process and risk of over 400 firewalls

We are able to quickly review 100's of firewalls and stay compliant.  The product has been invaluable to our information security department

Policy review and compliance.  We are now using the AlgoSec FireFlow feature to help us automate the firewall ACL submission process and implementation of firewall rules.

Product has improved quite a bite in the years we have been using the product. We look forward to completing the AlgoSec Fireflow implementation and piloting the Business flow product.  AlgoSec continues to improve their product every year. 

This solution was implemented to provide risk analyse, audit on rules, and changes, as well as giving visibility to the application or project manager on firewall rules that are linked to their servers for a massive datacenter migration. 

For a massive migration, it permits project/application owners to estimate and anticipate changes which are needed autonomously and only involve the security administrator for implementation of the rules. This permits us to save a lot of time and make some firewall policy clean up. Then, when we add firewall change requests to management through this tool, it decreases the time for design and implementation significantly.

The Firewall Analyser feature is the most important and valuable part of this tool. This provides quick and simple visibility on the firewall's risk assessment in regards to compliance's referential that can be also customised to fit our organisation's requirements. 

Improve the dashboarding capability for FireFlow which is currently very limited in terms of presentation and customisation. 

Not really. Sometime after the version upgrade, a few bugs appeared. 

Not yet. 

At the beginning, support was good. 

Now as support is composed of several levels, default standard support at Level 1 is to answer by upgrading to the latest released version, if you are not using it yet.

We did not have such a tool before installing AlgoSec for a firewall policy audit with reports. We had a homemade tool for change management.  

Find a good integrator.

We went through a vendor team. His expertise was medium.

We evaluated differents solution when launching the project, like Tufin. This one was the most mature.

We use AlgoSec to integrate firewalls. I'm a senior network security engineer and we are customers of AlgoSec.

Security ratings and security rules analysis are two valuable features. In general, it's a very good and stable solution. 

I believe the customization of dashboards should be simplified and more user-friendly. Customization inside the domain level needs to be improved.

The solution is stable although there are occasionally issues with patches, but they are generally resolved quickly. The solution is extensively and regularly used for compliance reports. 

The solution is scalable. We have close to 30 firewall admins.

The technical support is good. The only drawback is that the product is not very user-friendly and it's too expensive to contact support each time we have a problem. 

The initial setup was carried out using professional support and the company was happy with the integrator. We moved our ticketing up to AlgoSec using FireFlow. I wasn't around but I think it took some time.

The license was initially renewed every three years but it's now done on an annual basis. I'm not aware of any additional costs. 

I rate this solution eight out of 10. 

I have been implementing AlgoSec for different end customers. None of the environments are on the cloud, they're on-premise applications. Some of them have been planned, but a majority of them are for virtual instances. I have implemented four or five end-customers and also supported them with AlgoSec.

I deploy and maintain AlgoSec for customers for test purposes. I use it before doing anything on the customer's premises. For testing purposes, I have used it in my own environment also, but the majority of the time I'm using it in the customers' environment.

I have integrated AlgoSec with Check Point, Palo Alto, some older Cisco versions like WSN, Fortinet firewalls, and Cisco ASA.

The features that I like are the monitoring and the alerts. It provides real-time monitoring, or at least close to real-time. I think that is important. I like its way of organizing, also. It is pretty clear. I also like their reporting structure - the way we can use AlgoSec to clear a rule base, like covering and hiding rules. For example, if the customer is concerned about different standards, like ISO or PZI levels, we can all do the same compliance from AlgoSec. We can even track the change monitoring and mitigate their risks with it. You can customize the workflows based on their environment. I find those features interesting in AlgoSec.

The visibility is pretty clear from top to bottom, even interconnected maps and zones.

We can always customize the standard risk profiles. But even within the standard one, before doing any changes, when you go with the flow, they always inform you. Before implementing the change, you get the visibility there. You get the visibility with risks.

This is important because the places that I have worked have different departments for risk handling. So whenever we go through the flows before implementing, that part goes through the risk department and gets their approval first. With AlgoSec you get to know the risk profile before implementing the change. That way you get to know the risks that you are taking with that particular change. So it's important.

It has helped to reduce the time that it takes to implement firewall rules. In some places where I work, they fill a form and send it to a particular manager. For example, if an end-user fills it and he sends it to his manager, then it gets his approval and he sends it to the risk department, and gets their approval, and sends it back to the person who implements. There's a chain that takes a longer period of time and even their paper costs. That gets reduced when they use a workflow from AlgoSec. They always get automatic notifications when the change moves on to the next level so they know exactly which stage the change is in.

It is helping to reduce those policy changes by more than 50%.

You can face audits in two ways. You can either do it from AlgoSec. I have used it like that for periodic audits. You can always plan it. Either you can go from one of your rules, clean up your rule base and improve the standards of your risks and all the other areas in the AlgoSec reports. Or else, you can go for a PCR level report and you can prepare it stage-by-stage and commit up to a certain standard. I have used both methods. You can also do reports for the particular changes and check how much your environment is improved after you follow the report and do the particular change that they suggest. For example, reordering or combining your rules or removing some of the unused objects. Then you can run a report and see how much it gets improved. So in terms of auditing, which they can run every six or eight months, or once in a year, you can always turn on your audit before it comes to that level. You can always prepare for your audit by scheduling reports.

It's pretty easy when it comes to integrating with the leading vendors. If you want to integrate, they have proper documentation. Their documentation is very good. I have to give them credit for that. You can always follow it. Integrations are pretty easy and much easier than with some of the similar competitive products that I have used. I don't want to mention names, but AlgoSec is much easier because of their proper documentation. For example, when you are integrating a particular device or application, you know the things that you need to do because they have the proper documentation before doing it. It takes less time to integrate compared to some of the other products in the field.

I have come up with two cases of misconfigurations in some rules. One of them is with change requests when you have a single object and you just have to amend it to the particular rule but not to other specific rules. The other thing is what rule it's covering. It's not a misconfiguration, actually, and you can amend it. I have come up with some situations like that. Before coming back to my stage, it is always clear from the other risks and level of approval. So I did come up with that kind of a scenario but it's not actually a misconfiguration.

AlgoSec has helped to simplify the job of security engineers because you can always monitor your risks and know that your particular configurations are up-to-date, so it reduces the effort of the security engineers. You can always get top to bottom. For example, if you talk about the rule base of a particular firewall and access to some particular things, you can always get a clean one with the required security. So rather than going here and there, they can always use this tool to do the automation and their decision-making.

I haven't yet configured with Cisco ACI, but in the next one and a half months, I'll be integrating it with an ACI structure.

I expect the value of bringing AlgoSec and ACI together will be good. It'll be like an extension. If you integrate AlgoSec, it's not like a single point. If you connect it with the ACI fabric it will be challenging. I haven't really experienced it in full, because I am still in the designing phase and I haven't done the full implementation, but I feel like it'll be interesting and challenging. Since I have not experienced it or yet done the implementation combining these two, I cannot fully say how it will be. It's a question mark. But I'm expecting it to be a little bit challenging because the visibility differs.

AlgoSec needs improvement with its support level.

I know that they have 3D architecture like SMB and enterprise on top of that. Some people consider this as a noncritical device. But because it's not as critical as a firewall, some people think that the support level does not need to be equal to a firewall level of support. But if some people are monitoring and managing firewalls through AlgoSec, the level of support should be equal to a firewall level. It shouldn't be dragging over two or three days. I know that they have three levels of support, but at the very first level, I believe you should be able to directly contact the tech and get a solution as soon as possible.

The only problem I have with AlgoSec is just its level of support, not with the product. Not with the organization or the documentation or anything else, but if I need any additional support, the only problem is the time it takes to get it.

I've been using AlgoSec for two and a half to almost three years now.

I use AlgoSec Firewall Analyzer and FireFlow.

It is generally stable. As I mentioned, the only problem the customers are worried about is the technical response time from AlgoSec. If you have to contact tech support the project will get delayed. The customers are comparing it because, for example, in their environment they have Palo or Check Point, and their support levels are much higher. With them, when you open a ticket, after a few minutes you can check and get the opinion from the tech or check if an engineer is available. If it's a critical issue, you can always talk to him within hours and fix the issue. So they always compare that level to AlgoSec's support level. That's the only issue that we have to explain to them. The customer's opinion is this is a non-critical device because this is not a firewall. But we manage firewalls so that kind of level of support should be given.

In terms of scalability, the maximum that I have tried with AlgoSec is six clusters. Its scalability is good. The way that we can work with it is good because with every device you can see everything on the same dashboard. If you want to check the monitoring, you can always select the device to see. You can check the status by clicking the device. It's the same structure. The scalability is good but I have only worked with a maximum of six clusters so I can't tell you exactly when it comes to a high number of hours, if it is good or bad, but for the six that I have worked with, it's good.

We do have plans to increase usage of AlgoSec. I have explained to some of the customers about the application integrations, the visibilities, and the rule-based optimizations by using this feature. In terms of features, I am expecting that they'll amend that component to their environment. Since we are a system integrating company, when we propose a solution for a particular customer, we always propose to do firewalls. Therefore, we always add AlgoSec. When we are proposing it, we always submit AlgoSec automatically.

I did not find the initial set up very complex. It's advanced, but not complex. Their documentation for implementation is very good.

It really depends on the customer. Some places, when you go for a POC or a deployment, we can always plan and tell them that if they are integrating these kinds of things, these are the levels of provisions that we need. These are the things that they need to do from their end. 

The POC for some customers goes three or four days because of their delays. But with some customers it goes fairly quickly, like a day and a half or two days. For one customer it took five days because they had a procedure where you have to fill a form and send it before creating your user for AlgoSec when it's with the firewall integrations. Because of that, it took a little bit longer. So depending on that I give it three to five maximum days to integrate four or five clusters. It really shouldn't have taken that long to do the work. Then you need to contact different teams to get the support. It all causes delays.

In terms of implementation strategy, I'm always looking at what their components are. I always have to go with the Firewall Analyzer components and to check what type of devices  they are willing to integrate for this particular unit. I check if it is a Check Point cluster, or the Palo cluster, or a Forti cluster, and what the additional features are that they are looking for. Based on that, I complete the Firewall Analyzer unit as soon as I can. Since I have worked with the product, I have similar use cases. What are the things that we can use to demonstrate for firewall change flow? I'm always asking for input from them. What are the things that you need for base level policy changes, etc...?

In terms of actually deploying AlgoSec, most of the time it's me only. But I have to contact the other end. There is always a direct contact person and a support team when it comes for integrating the firewalls. 

When it comes to maintaining AlgoSec, we have another colleague also. They can always give the support.

I have seen improvements of ROI at companies. Although customers might have a department, they recruit new people to use AlgoSec reports to analyze their risk, monitor the alerts, and check their daily tasks. I have seen new implementaton by a banking customer who obviously see the value.

I'm on the technical side so I don't have a clear picture about pricing and licensing. But as far as I know, if a customer asks for a 24/7 support, the pricing level is much higher, relative to normal 8 - 5 support.

Recently, we proposed AlgoSec and there were other companies who proposed other solutions. During the technical discussions, I was the one who did the demonstration, and we were able to say that whatever features they are looking for, we can always provide it with AlgoSec. When they finally released the tenders we were in the top three options and the second place for technical. The only problem was the pricing with AlgoSec.

The other company gave much a lower price. We couldn't match the AlgoSec price level to that particular vendor. I think the company and customer were really impressed with our presentation and demonstration that we gave. They even told us if we can reduce our pricing by a certain level, they can take us because they are impressed with our product, but the pricing won't do. But when we tried to AlgoSec to reduce the cost so we can get this deal they couldn't match it to that level. Unfortunately, we lost the customer.

It was not a one day effort that we put into submitting these documents, to comply to their requirements, and do a demonstration. They were convinced to take this product, but because of the pricing issue we lost it. We all got disappointed about the support level.

I find AlgoSec more organized than some of the other products. With some other products, you have to go here and there to check it, but with AlgoSec it's more organized. But, I find some of the other products more customizable than AlgoSec. It takes a little bit of time to do the customization, for example, if you need to change or add some special level of approval or if you need to add three different levels of approvals for a particular workflow. To do that, sometimes you have to contact AlgoSec's regional support. But with other products that I know, it's just a matter of adding a particular character to the workflow. In some cases I have found other products that are useful, but in terms of organization, I find AlgoSec easier and more manageable than some of the other products.

I have learned so many lessons here. A secure environment is your main asset. When you have a secure environment you can always run your business smoothly, do your changes smoothly, and do your daily tasks smoothly. A secure and safe environment is the key to a successful IT business. That's the main point that I've learned from this.

If you're implementing, I always recommend AlgoSec and to check whether it can cater to their needs. Most of the time, it is capable. It's capable of handling your requirements most of the time.

On a scale of one to ten, I would give AlgoSec a seven.

This is taking into consideration the support and everything else. Any talks about AlgoSec and you need to consider their support level.