AlgoSec Reviews

To down level firewall care so context owners and operations can be more agile in their day-to-day operations. It improves audibility and security by having instant access to firewall configurations. It has the ability to create architectures improving performance, reducing costs and KPIs. 

AlgoSec makes it quite easy to down level firewall auditing, running, and maintenance. This has given the operations team, audit, and security instant  access to firewall configurations.  

The whole platform is extremely useful. I like the auto-mapping features and configuration overview. We use this for many things, but primarily for quick reactions to security events, audit, project management, and quick operational efficiencies. 

A modernized GUI would be a nice feature upgrade. The GUI looks a little outdated. 

There are a lot of updates for the product which have been good. However, it is a pain to always have to upgrade the product. 

No stability issues.

No scalability issues.

Our experience with the support is fair. 

No.

It is pretty easy to set up and run.

We implemented it in-house. 

It has improved our performance in operations, projects, and security. 

It will reduce your operations costs with improved team performance. 

We evaluated FireMon.

Overall, the product is very good for firewall insights. 

I work at a multi-vendor firewall environment. AlgoSec is primarily used to see what firewall policies are in place, as well as PCI compliance levels.

AlgoSec has helped us save time by having one central location to view firewall policies, especially when crossing multiple vendors.

The PCI compliance feature has been helpful in preparing for audits. The Firewall Analyzer has been very helpful.

We are still waiting to implement FireFlow, and getting it into place will hopefully speed up our implementation time and help with policy standardization. There have been some difficulties in getting this portion set up in our environment.

No stability issues.

No scalability issues.

Our primary use case started as policy optimization in a multi-vendor firewall environment. Now, our primary use case is giving access to firewall policies for development teams and infrastructure specialists. We are receiving better change requests based on actual requirements and less requests for access which already exists.

Over time, firewall vendors have added features, such as rule counters, that AlgoSec traditionally has offered. However, AlgoSec continues to add capabilities that firewall vendors simply cannot provide. We have reduced the attack surface of risky rules, improved our compliance scores, and streamlined our firewall change flow all thanks to AlgoSec Firewall Analyzer.

The ease of use and "one click" reports are very manager friendly. The policy browser is a fast, efficient way to find existing access, especially when granted via membership of a group or subnet. The ability to painlessly click through and navigate group objects ("what's in this object?") to filter.

The Flash to HTML5 rewrite has been bumpy. However, as a security professional, I appreciate the improvement in the product.

I am optimistic about possibly moving beyond AFA to other products.

R&D patches to address issues that I have encountered have been timely and effective.

If a use case comes where a customer who has different firewalls, e.g., Palo Alto and Fortinet, wants a single pane of glass, where all the firewalls are visible, this is the only use case where AlgoSec would be used.

The customer has to judge, "Are they going to pay hundreds of thousands of dollars for the feature of seeing firewalls of different vendors under the same hood?" Is that the value they want versus the dollar value they are spending? Most of the time, the answer is no. Customers don't want to spend $300,000 or $400,000 just to see a single dashboard. Especially during COVID times, it has become even more impossible to sell such a product. 

From a product perspective, AlgoSec has multiple components. Its security management solution is the primary one that you need to have. You must have this in order to install the platform. 

There are some legacy customers still using AlgoSec. The benefit is the ease in management of firewalls and rules. Also, if they have a small setup, making changes to multiple firewalls at the same time is something the customer enjoys due to limited resources. When an organization becomes an enterprise, then change management comes into the picture as well as best practices, so making changes to multiple devices at the same time is not good. 

It has the capability to be an enterprise grade product, but the use cases have not been fine-tuned for that in the past four years.

There are some integration-related issues too. For example, AlgoSec does not integrate with Forcepoint, and Forcepoint Firewalls have become very prevalent these days. They also don't integrate with Aruba devices. So, the integration ecosystem of AlgoSec is very limited, which is also the case with Firemon.

These days, people are looking at products which can visualize not only their firewalls, but also their networking equipment, under a single map. Can AlgoSec do this? Yes, it can, but with very limited capacity. If I try to sell the automation story of firewall management, there are vendors, like Forcepoint, who are not supported, so if a customer has Forcepoint, then I have to straight away walk off. The worst part of the story is they don't have even a roadmap for this.

Another problem with AlgoSec is that it gives you the capability to make changes to hundreds of your firewalls at the same time, but big enterprises have change management policies. Change managers will never allow you to make changes to more than 10 devices at the same time, which is a feature in AlgoSec. Because, what if something goes wrong, then you have to roll back and figure out what caused the impact, e.g., which firewall did not work well. Doing that post-mortem becomes a difficult thing. So, change automation on a firewall is actually defeating the purpose of the change management policies in any organization. If you run a bank, you will not allow anyone to make changes at the same time from a single click for 10 firewalls. The bank will never allow this. So, what is the use of this automation? Even if you are using this automation, you can do it from your native firewall vendor, e.g., Panorama or FortiManager, where everyone has their own cluster managers. At least if something goes wrong, you can still call Palo Alto and tell them you are Panorama has not done the change right, causing you an impact, and this is your Palo Alto firewall. 

In this case, if I have to raise a case first, then I have to call AlgoSec and check why it has not worked. Second, I have to call the firewall vendors that their firewall is not working well, but AlgoSec has done the right job. Handling multiple vendors for such a trivial issue becomes a problem.

I have been using AlgoSec for four years. First I was a customer, then I became a partner.

If you hit a bug with mass changes, do you troubleshoot on AlgoSec or the firewall? Now, you have two products that you have to tackle for bugs. The two vendors then finger point and you waste time. That is why having the firewall and firewall manager together from a vendor, like Palo Alto, is better.

If the scope of work is just firewall management, it is easy to deploy. However, when you add the flow information, since AlgoSec can also import the flows of your firewall rules, that is live traffic. Then you include FireFlow, or it becomes a nightmare, because what you have to do is take a copy of traffic from different segments/firewalls and bring it into AlgoSec. Doing that becomes a challenge because a lot of companies, such as banks, will not allow you to sniff the firewall traffic live traffic because they have credit card information. 

These days, the traffic has changed to HTTPS, which is all encrypted. Four or five years back, it was HTTP, which was all plain text. Even if you take a mirror of the traffic, how can you decrypt it? You need a decryptor to look inside. FireFlow looks at the packet of the transaction. In order to look at the packet/payload, I have to decrypt it because now it is encrypted. But, who will decrypt it? Then you have to buy another product that does decryption.

Customers look at return on investment to determine the benefit from a product, e.g., the tangible value in return. If I go to sell AlgoSec or Firemon today, the customer will say, "I already have Palo Alto," because Palo Alto Panorama has picked up a lot in the last five years of this market. 

AlgoSec is not a cheap product. If I compare Firemon and AlgoSec, because I am also Firemon certified, Firemon is still cheaper in price than AlgoSec. That is another catch. 

AlgoSec-type products and requirements are not necessary or prevalent these days. If you look at AlgoSec, what do they have? They do firewall management, predominantly. Firewall management as a technology is dying. If you look at Palo Alto, Fortinet, Forcepoint, Cisco, or Juniper, all these firewall vendors are coming up with firewall management platforms. If you talk about Palo Alto, they have Panorama. If you talk about Juniper, they have Junos Space. If you talk about Fortinet, they have FortiManager. You can manage their firewalls using the respective vendor management consoles. The question comes, "Why would someone want to use AlgoSec to do firewall management?" The usability takes a dip in terms of capability because people trust the native vendor, e.g., someone who manages Palo Alto firewalls will do it with Panorama because Panorama is a product of Palo Alto.

AlgoSec's use case was good four years ago before FortiManager and Panorama. If you have a hundred firewalls from Fortinet, then you can manage all of them for a single FortiManager. If you have 50 Palo Alto Firewalls, you can manage those from Panorama in a single pane of glass. These solutions did not exist four years ago, and now AlgoSec is losing its essence in the market since these native vendors have been launched.

Four years ago when I started off with AlgoSec, and I'm still working with them, it was strategic. Now, it has become tactical. AlgoSec has a very good feature of doing firewall rule optimization, which has not been there in the native products. For the last couple of years, the native products also started coming up with firewall rule optimization. For example, Palo Alto (from PAN-OS 9.0 and above) was released a year and a half back. It does firewall rule analysis for you. It is the same case with Fortinet and Forcepoint. Therefore, if I have to sell products on firewall management, which does firewall rules on analysis, what is the use case that I give to customers with AlgoSec?

I am running out of AlgoSec use cases because the native vendors give you the capability to do firewall management, firewall rule analysis, and pushing conflicts to multiple firewalls from a single screen. These are the use cases of AlgoSec. This is what AlgoSec does. This story is not just limited to AlgoSec. Products like FireMon and AlgoSec and the way they used to do firewall management have become a commodity. Now, most of the firewalling vendors have the same functionality in their management console. 

Companies, like RedSeal, or even to an extent, Skybox, are better built because they take the story to the next level. They don't just look at firewalls. They also look at the network, vulnerabilities, risk, governance, compliance, architecture issues, and incident response. This is the story which customers love to see because none of the native vendors are providing this. 

RedSeal and Skybox are doing firewall management for free. They don't charge you for it. On top of it, they do:

• Complete network visualization.
• Give you best practice conflict checks.
• Security architecture issues.
• Risk analysis of every IP asset in your organization.
• Vulnerability prioritization.

AlgoSec has been amazing, but it did not evolve well with time. If you look at AlgoSec from a cloud perspective, it does not support service chaining. So, if I have Palo Alto Firewall in the cloud, which has become very common, they can't detect that firewall. If I ask them to detect Oracle Cloud, they can't detect that. The problem about cloud, even if I'm doing service chaining with VMware NSX and Palo Alto, which is a very famous integration, they can't detect them. They cannot detect these because they are new things which have happened in the market in the last three years. So, they aren't able to catch up. The legacy part is good, but they are not able to catch up on the latest stuff, like service chaining. With anything new, AlgoSec is unfortunately running behind. 

I have used all the components: CloudFlow, Firewall Analyzer, FireFlow, and Algo Bot (which I have used to optimize policies). I have not used AppViz a lot because it just came out. If you talk about the complete suite, then AppViz gives you application-related visibility. However, when you don't have a rich integration ecosystem versus a native firewalling vendor, like Palo Alto, who does give this. What is the use of having AlgoSec (or Firemon)?

I would rate this solution as a seven out of 10. The product is good, but the issue is with AlgoSec's use cases.

We are security consultants based in India. We provide solutions to our customers and implement for them. We deploy AlgoSec on cloud and on-premise, depending on the customer. The use case is generally for companies that have multiple firewall vendors. If you have FireEye, for example, you can create the rules according to your environment. But if you have four different kinds of firewalls, and you want to allow or block something, you need the configuration on all the firewalls. AlgoSec simplifies that process. Many of our clients in India use this solution. We are official partners of AlgoSec. 

This solution will cut down operating costs in any company. 

It's a bit difficult for a network engineer to login on the firewall and make the changes and in that sense, AlgoSec is a lifesaver. You don't need to log in on each separate firewall, you just login on AlgoSec and make changes on all the firewalls from one single pane of glass. You can get the logs from all the firewalls to your AlgoSec as well. And if you see any blocked traffic, you can delete it at the point it gets blocked. If you have five firewalls, it will show which firewall is getting blocked and that can be automated. It's a very powerful and useful tool that can be customized to your requirements. One of the main features is that you can configure all the rules in one place. It also provides a complete report of Euro firewall rules that complies with security authorities such as GDPR.

If we talk about Cloud and SDN Platforms it support AWS, Azure etc.... 

I'd like to see this solution support some other Cloud platforms as well such as Alibaba and a GCP to give the customer flexibility. 

It's a very reliable and stable product because it's not dependent on any hardware, and is installed on a one-to-one machine. 

Scalability in this case really depends on whether the customer is able to provide the resources or not. It requires resources including memory, RAM, and those sorts of things. From a software point of view, I'd say it is very scalable. 

I haven't needed to access technical support because their documentation was so clean and in such a format that I was able to implement without any issues. My customers use it and they are pretty happy with it, because there is good customer support available in India.

The initial setup is very straightforward. You just find the resources on the virtual machine and download.

Licensing is on an annual basis. The best part is that if you have two or three firewalls, but you are using them in a cluster, it's counted as one. This is a basic aspect of the licensing with AlgoSec. I think the licensing is pretty good because they now have all the compliance issues sorted. 

If any user or customer has firewalls, maybe 15 or 20 plus, definitely go for this product. It cuts down operating costs. The benefit of AlgoSec is that you only need one engineer to do all the configurating, rather than separate engineers for the different firewalls. Not only that but you can automate as well. Obviously you have to integrate a texting management tool, but you can integrate and follow the focus.

I rate this solution a 10 out of 10. 

The primary use of this solution is to extract Risky Rules reports obtained from our Firewalls, check the rules, and proceed with changes on the Firewall as needed. In these reports, we also see the traffic being applied for different rules.

The traffic used for different Firewall rules can be obtained and then, we have a clear idea of the use for different rules. If some service or protocol is more often used or not, we can see.

We use the FireFlow tool to create the rule to be validated and applied in the appropriate Firewall. FireFlow can install the rule automatically.

This solution has improved our Security in our Firewalls. This has helped to restrict rules, delete rules that are too permissive, and create a configuration that complies with our security policy.

The reports are very useful for determining whether our Firewalls are compliant with our security rules and directives.

The feature that I've found most valuable is the risk classifications for different rules. The number of different risky rules that we have for each Firewall is determined automatically. 

The traffic used or not for every service is very useful to check if some service is needed or not. In cases where it is not used, we can delete or disable it.

The FireFlow tool is very useful with the automatic installation of rules into Firewalls. It detects the router and applies the new rules, which saves us time in manual configuration.

There are sometimes issues with the Risky Rules reports where the number of hits is registering zero, but we know that this is incorrect because we have checked the rules and see that they are indeed registering traffic.

Sometimes the Trust setting on Firewall rules is changing to trusted by itself.

I have been using AlgoSec for more than one year.

I have very good impressions of AlgoSec stability.

The scalability is very good.

I did not use another solution prior to this one.

I did not evaluate other options before choosing AlgoSec.

Overall, I think this tool is very useful and we think that it's difficult to improve.

AlgoSec is a global tool that has been purchased to get a centralized view of our infrastructure. This enables us to review our security posture and implement a compliance strategy.

AlgoSec is also used for in-depth firewall analysis and intelligent policy tuning and optimization. It helps in regulatory compliance metrics and overall firewall security optimization. It is currently used by the network security, audit, and internal control departments of organizations, giving overall insight/visibility and enhancing improved security across the enterprise.

It has been really helpful in automating changes. This helps us to reduce operational work drastically. The product has centralized visibility, unified management, and reporting across an entire hybrid environment. It can be deployed on-premises, in a private cloud, public cloud, and in SDN platforms. It automatically discovers applications and their connectivity flows, then associates connectivity with their underlying firewall rules.

AlgoSec's solutions are incredibly powerful, providing us with intelligent process improvement that has directly translated into the highest level of security and compliance for our internal network.

AlgoSec is one of the most complete security management solutions on the market. It manages security and compliance based on the applications that power our business. It is one product combining multiple tools. This makes a real difference compared to its competitors.

It helps us deploy new business applications quickly and securely. It ties cyber threats directly to critical business processes.

Using AlgoSec is a double benefit to us. By using this solution we can reduce the cost and the number of errors in our daily operation and also expand our offerings. 

It has reduced our audit preparation efforts and costs drastically and maintains continuous compliance.

AlgoSec delivers a rich set of change management workflows and enables zero-touch change processes if no risks are identified.

AlgoSec proactively analyzes all risks in the network security policy, across multi-vendor firewalls and cloud security groups.

AlgoSec is the only solution that supports the entire security policy management lifecycle from application connectivity discovery, through migration, maintenance, and decommissioning. Independent testing describes it as ‘one of the most complete security management solutions on the market’.

It seamlessly integrates with all leading brands of traditional and NGFWs, cloud security controls, routers, and load balancers.

The graphical user interface is much better than in other products.

The GUI has not been upgraded for a long time and could use updating.

We have been using AlgoSec for several years.

I'm sure we will use this solution for ten more years, at least, as long as it continues to do what is promised.

This product is ready to work within a next-generation infrastructure environment. It simplifies and automates network security policy management to make your enterprise more agile, more secure and more compliant – all the time.

Overall, this is a complete product that helps our organization on a daily basis.

I mainly use this application to check the flows. I work for a big company in the network team which needs to check the flows every day.

This application is very nice. We save a lot of time with troubleshooting the flows and we can detect in a few seconds what flows are right or wrong.

The AlgoSec Firewall Analyzer is for me the most valuable thing in this application. I don't know how much time we saved with this application, but I now know that without it, we would lose several hours every day solving networks incidents.

We also use the AlgoSec FireFlow to generate and manage the tickets concerning the flows.

I think that AlgoSec could improve the application by improving the treatment speed.

If AlgoSec could make few seconds less to analyze research, theses few seconds will be used by my team to be more efficient.

I mean, in the Traffic Simulation Query, it will be wonderful if Algosec could find a way to make the research faster than now. In fact, we are often waiting arround 1,30 min to see the results.

Maybe something can be done to make this reasearch faster?

No, it is my first application for this kind of work.

It was not my work to choose this solution; a project team did it.