AlgoSec Reviews

We are not personally using AlgoSec in our organization. We consult with the customer, as to why they have to buy such a solution like Firewall Analyzer. We are a distributor for the Indian market. We guide the customer to why they have to buy this kind of solution, what are the business requirements, etc. 

I have done PoCs and demos on the product.

The solution allows multi-vendor firewalls to have a centralized solution where they can analyze all the rules, duplicates rules, etc. Also, it helps them understand if a change can be automated.

We consult with big customers who have multiple locations. In every location, they have various firewalls available. With AlgoSec as our product, it has really helped with our operational tasks and activities.

If you go through that compliance report, it will give you whether your firewall is in compliance or not. It will also give you a recommendation whether you need to change it. The compliance has helped us with customers, e.g., internal audit from the quality team and external auditors.

AlgoSec integrates with multiple security vendors. It captures the rules, policies and authentication required.

It is pretty simple to use. Resources are readily available.

Firewall Analyzer and FireFlow are very helpful for IT guys, especially for multi-vendor firewalls.

We get a lot of visibility from Firewall Analyzer. It is definitely helpful to see the details of duplicate rules on the firewall. It can define the connectivity and routing.

The solution provides us with full visibility into the risk involved in firewall change requests. This is always required. For example, if you are implementing one rule for network A to network B, but you don't have that visibility in terms of network when you have multiple firewalls, then you have to deploy the rule on every firewall. However, if you have FireFlow, then FireFlow will automatically deploy this rule where it is needed.

I would like more documents and support for the cloud firewall.

We have been using it for one year. I am level 2 certified. I am familiar with AFA (Algosec Firewall Analyzer), FireFlow, and CloudFlow. I have done the online training for AppViz and AppChange.

It has been good. I have not seen any issues.

One to two people are enough for deployment and maintenance. 

The scalability is good.

The technical support is good because it is already available in India as well as the R&D. Whenever I need help, they take my call. I don't have complaints in respect to the AlgoSec support.

I also have experience with Tufin.

It is straightforward and easy to deploy. Two to three days was enough time to complete the configuration along with the device integrations.

For implementation, I always follow these steps:

1. Understand the customer's infrastructure, e.g., what are the customer expectations and primary pain points?
2. Deployment architecture
3. Hardware requirements and prerequisites
4. Port prerequisites
5. initial configuration and setup
6. Onboard devices with default configuration
7. Monitor devices for seven days, then apply the recommendation based on the AFA solution.

For the migration, it is really helpful because we all capture all their policies. We can clean up things with Firewall Analyzer. When doing a migration, we take a backup and that is really helpful for the migration process.

It has reduced the time it takes to implement firewall rules in hundreds of our customers' organizations. Without FireFlow and Firewall Analyzer, you would need one to two hours to deploy the firewall change request rule because you need to identify where to position that rule. It definitely reduces the time by half.

The pricing is good. Though, I would like if pricing could better support small businesses.

We use Cisco ACI with Check Point , FortiGate, and Palo Alto.

This technology gives us total control of our stuff, validation, and clean up of everything that we need.

If you are doing migration from on-prem to cloud, then there is definitely a very quick process and helpful process for that migration.

I would rate this product as an eight and a half out of 10.

Our primary use for AlgoSec is to automate our firewall configuration. We use the AlgoSec system to remotely configure the firewalls, making our life easier.

We are in a multisite environment with plenty of firewalls for perimeter security and LAN segregation for specific proposes. This solution helped us to make the process more dynamic.

It has reduced the workload for the firewall team thanks to the API integration with our ticketing system, doing the standard type of request automatically. Before having it, we had to create a lot of standard rules that now can now be just pushed from the AlgoSec system.

The automation of the firewall rule deployment, working together with our ticketing system, is the most valuable feature of this solution. The needs as required by a user request are automatically validated and configured in the specified firewalls without any human action. This improves the firewall team's workload.

I would be nice to have a good tool for network map discovery in the GUI to make it more user friendly and be able to check and modify network maps in graphical and more intuitive way . This will improve our network overview for new deployments and troubleshooting. 

I have been using this solution for three years.

In three years, we have only had one issue with respect to stability.

When we had the issue they responded well.

We did not use another solution before AlgoSec.

We deployed this solution using our in-house team.

The reduction in workload reduces the cost in terms of human time.

We use this solution for managing an environment with more than five thousand registered devices across firewalls, routers, balancers, and VMware. Highly critical banking environment.

We use FireFlow as our primary ticket management tool.

With AlgoSec, it was able to conduct the environment so that it was possible to get more accurate and fast information about the changes that the environment went through.

It has reduced the time for firewall rule requests to be implemented in the environment.

The most valuable feature is traffic simulation because, with this function, it has become more practical to know if something is released or blocked in my environment.

IPT is valuable because this function is of great help to have a more effective security policy.

I believe Active Change needs to be improved because not all products are supported, and some functions cannot be implemented by Active Change either.

Technical support needs to find solutions more quickly.

Active Change could implement routes in Firewalls, it should also be able to perform the creation of APP control and URL filter rules.

We have been using this solution for six years.

In general, it is a stable product. We have rarely had a problem that resulted in the total unavailability of the solution.

AlgoSec requires a large amount of processing power to perform its tasks, making it a piece of equipment that always requires monitoring to be optimally optimized.

Some troubleshooting took months to resolve. So, I think we have to improve this point.

I used Nipper and FireMon, but I started using AlgoSec due to the great recommendations I received.

The architecture was defined with one master, four slaves, and one remote.

Our internal team handled the deployment.

I do not have many details of this commercial part.

I evaluated FireMon and Nipper in addition to this solution.

Many users have the tool but don't use it with everything it can offer. What I recommend is that you explore all of the features of the product.

We are currently using this solution to audit our firewall policies (both in performance and compliance), as well as automating the creation of new rules and improving application functionality delivery. We are also using AlgoSec to automate machine provisioning (creation of new rules associated with that machine) and machine decommissioning (removal of rules associated with that machine).

With AlgoSec, we are now able to automate several time-consuming tasks. We are currently in a rule base performance improvement process and AlgoSec is an invaluable tool to accomplish this. Furthermore, we are starting rule creation automation, which will also provide some relief on our workload.

The most valuable feature for us is AlgoSec's ability to analyze rules for risks and for performance while allowing the user to submit a change request immediately based on that assessment. Additionally, the fact that it integrates seamlessly with Ansible, as well as providing an API for the users to extend based on their own needs, is a great plus for us.

The product is severely lacking in vendor support. They claim to support some devices, but when you dig deeper, it is only basic support, with enterprise-grade features for those devices being unsupported. This is a big deal for us, as several sections of our network are not fully supported which, in turn, does not allow us to fully automate rule creation. Moreover, we cannot perform end to end connectivity checks. One such feature is the lack of VRRP support on devices other than Cisco or Juniper, which causes the software to interpret a non-existent router as the next hop for a particular flow (the VIP address of the VRRP).

While this solution is somewhat stable, there is definitively room for improvement here. We've had some issues with the solution during our usage but, so far, no show stoppers. Other customers of this solution have complained that a large number of devices can severely hinder the stability of the solution.

This is a very scalable solution, built mostly on open source technology. The customer is allowed to extend its functionalities via the API to integrate with other solutions or existing automation.

Technical support is sometimes difficult to deal with as the response times are somewhat lacking. One good thing is that the case owner you are assigned to is generally the same,  which is great because, after several cases, the case owner is already familiar with your network.

The initial setup is not cumbersome at all. The documentation and training videos are definitively a big plus.

The implementation was mainly performed by us, with the help of a vendor team. The level of expertise of the third party was passable, but we were looking forward to having someone with more expertise with the product.

So far, the ROI is currently only due to the fact that rule automation has decreased the load on our support team, allowing them to work on other projects. We are also able to provide reports to auditors without losing a single day from the network support department. We simply provide AlgoSec reports and analysis.

We use the solution for change control of policies on firewalls, for service desk integrations, and for the service desk rules of network users.

We use the firewall management solution. Our environment is on-premises only. Our company works with financial institutions and they require everything to be on-premises.

There is no question that AlgoSec has reduced the time it takes to implement firewall rules. That is also true because some of our clients use firewalls from various vendors and AlgoSec allows them to implement firewall rules on those firewalls simultaneously, even though they are from different vendors. Even so, when we receive a request for a rule exception, no one controls how long this exception is valid. As a result, these exceptions are valid for a long time and accumulate one by one. With the help of AlgoSec, it is very easy to eliminate this problem. A timer is set for a given firewall rule and, when the timer runs out, a security engineer is notified that the rule is set to expire at the specified time.

In addition, large deployment cases face a large problem due to the number of firewall rules, which can slow down the performance of a firewall and overload the firewall memory. This happens in part because of duplicate rules and rules that conflict with one another. With the help of AlgoSec, we reduce the number of rules, on average, by 30 to 35 percent. AlgoSec cleans duplicate rules and conflicting rules, freeing up memory.

At least two of our clients, when using AlgoSec extensively, have seen a reduction of at least 1.5 to two times what it would take them to implement firewall rules, by reusing predefined templates within AlgoSec. In addition, they find it extremely helpful that AlgoSec checks them for compliance. Before AlgoSec, they had to manually justify compliance of every single firewall rule, when being audited for compliance. They had to explain why it was created, which client and/or service was behind that rule, et cetera. In comparison, AlgoSec does the compliance check on each and every firewall rule making sure it is always compliant with the latest requirements and one can quickly create a report to prove it.

When it comes to preparing for audits and ensuring firewalls are in compliance, about 60 percent of our clients are financial institutions, like banks and insurance companies. They have to adhere to the strict compliance rules and AlgoSec allows us to ensure that the firewalls are in compliance with the normative requirements. IT departments are able to create PCI and DFS reports via AlgoSec that are acceptable for such audits.

In terms of working with multiple security vendors, we usually integrate AlgoSec with other service desk vendors, like ServiceNow and controllers like Cisco ACI. AlgoSec has resources on their website where we can find documentation about integrations with various systems. It was fairly easy to integrate AlgoSec with ServiceNow and Cisco ACI. Their API is understandable and very well described.

The major value, at least here in Ukraine, when integrating AlgoSec with Cisco ACI is that we see most of our clients prefer DSN systems, like Cisco ACI, for data processing. ACI contracts are treated similarly to firewall rules, i.e. permission is required for access. Some of our clients use over 400 such contracts for data processing. Implementing access rules for these systems is not easy. With the help of AlgoSec we can create a rule and AlgoSec checks it for compliance, for duplicate rules, and rule conflicts. That very much simplifies the implementation and deployment of contracts in ACI.

AlgoSec helps tremendously when it comes to reducing human errors, especially when the environment includes firewalls from disparate vendors. In that situation, the probability of human error is very high. It is difficult for me to approximate by what percent it has reduced human error but the reduction is very significant.

In addition, it has helped to simplify the job of security engineers. I’m very sure of that because, otherwise, our clients wouldn’t buy more AlgoSec user licenses.

For us, as well as for our customers, firewall management and change management are the most important features.

We see a very high demand for using containers and Dockers and therefore there is a need for managing access control to these platforms. I checked AlgoSec’s roadmap and, for now, there are no plans for developing these features.

We have worked with AlgoSec for two to three years, implementing the solution for our clients.

Everything works great. We have not seen any significant bugs.

Our deployments of AlgoSec are not large so we haven’t faced a scalability issue. The maximum AlgoSec deployment we’ve done is for about 100 endpoints and that is not a problem for AlgoSec.

We have never needed to use AlgoSec support.

To deploy AlgoSec properly it is important to understand the client's environment. To that end, we have a questionnaire that we send to our clients and that helps clarify what the client's requirements are. It also provides information on the architecture of their environments. Once we receive the questionnaire, we go over the project specifications with them to make sure they didn’t miss anything, such as integrations with other systems. 

Next, we usually do a PoC to test AlgoSec in their environment and that is when we calibrate the solution to the client’s specs and do the necessary customizations. Then we purchase the licenses and roll out AlgoSec into the client's production environment. We also provide technical support for the client for at least a year to make sure that they become familiar with the solution.

The amount of time it takes to deploy always depends on the complexity of the client’s requirements. For example, for firewall management setup without integration with other systems like a service desk or reporting systems, deployment generally takes up to one month. If we need to integrate AlgoSec with solutions like a service desk, then the deployment can take up to four months because there are major changes to the whole business process and these changes require planning, documentation, implementation, and training of end-users.

There are usually three people involved on our side: a salesperson and two engineers, with the latter actually implementing AlgoSec.

I can’t say that this is a cheap system. It's affordable for large enterprises and, in some cases, for mid-sized companies. For the majority of other companies, this solution is out of their price range.

I have hands-on experience with Tuffin and both of these products (Tuffin and AlgoSec) are equal in terms of functionality. In terms of main differences, it comes down to a personal preference.

My advice is to do a PoC. Many would simply read reviews about the solution, watch demos, and request price quotes. At that point they would note that it is not a cheap solution and stop there. That is why I strongly recommend doing a PoC. Only through using the solution can you see how easy it is to manage and implement security rules. It becomes very clear that you’ll see a return on investment in terms of the time saved by your security engineers.

Another recommendation would be to evaluate similar solutions to AlgoSec, especially for companies that are planning the implementation of DSN systems, like Cisco ACI. This is because it involves labor-intensive rules implementation, and with the help of AlgoSec it can be drastically simplified.

The overall visibility the solution provides into network security policies is not applicable to us because our clients are using AlgoSec for firewall only, for edge connectivity of their networks to the internet. We only have one client that used AlgoSec to control rules on the internal firewall, which is deployed into their data center.

We have deployed the first brick of AlgoSec solution suite, Algosec Firewall Analyzer (AFA).

We wanted to get a live Network Mapping and to directly be able to check if a flow is allowed or not, without needing to test and then check the logs. We also need to check for compliance, baselines, and risks over our network.

This solution provides visibility and comprehension of the network in our organization. It assists us in network security reviews and audits. In the end, a lot of time, we add context and build a security matrix matching our own standards. The optimization tools are much appreciated by the network operators.

The What-if analysis allows us to check the security rating under hypothetical rules that may be implemented on our firewalls.

Baseline compliance allows you to run and check the results of commands on the Firewalls and Routers. This solution is perfect for checking compliance against best practices, as proposed by the CIS.

The user interface is better than some competitors, but it is starting to get old. Space is not always fully used, especially for the risk and compliance part. As example today, Excel file should be used to deal with network segment definition and risk matrix, it is hard to do it directly from user interface and there is no way to organize, order a set of test.

Priority should be to improve the user interface for the risk and compliance part, making it more responsive and user-friendly.

We have had no problem with stability to this point. We have High Availability and have tested it correctly. Disaster recovery mode is also available.

Scalability seems to be one of the strongest points of this solution. Worldwide architecture with remote agents, or slave master architecture. Be careful in terms of how you will deal with the log management as to not impact your network. A distributed architecture can help.

We have one ongoing ticket to solve an issue with SSO. They are working on it seriously.

We did not use another solution prior to this one.

The initial setup is long. The more knowledge you have of your network, the faster it will be.

We implemented with the help of Orange Cyberdefense.

Their expert is very good, and honest with respect to the solution's capabilities.

Licenses are provided by firewall and routers. Do not underestimate the number of routers because the price can be significantly reduced as you buy more licenses. Same if you go for more than one product (i.e. FireFlow, BusinessFlow)

Before choosing this solution we evaluated FireMon and Tufin.

We have been using AlgoSec mainly to review/filter duplicate firewall rules and policies.

It helped us clear out almost half the work by identifying the rules automatically with no manual work, which is very cool.

The analysis and visualization part has given us a great insight into our perimeter security architecture. Also, the top 100 policy report usage is a pretty cool feature that I like the most. It also helps us from an auditing standpoint as well to make sure we meet our compliance demands.

I think the product is great from an overall observation, sometimes speed is an issue but I think it could be improved a little bit from a parsing perspective.

• It can identify the policy rules in the firewall that have a high risk and could have an impact on network infrastructure.
• It suggests solutions to these issues, and provide compliance reports by standardizing PCI-DSS, ISO 27001, SOX and more.
• It can monitor policy changes, and who made those changes.
• It generates a topology of the network when it has scanned the network.
• Using the network mapping, it identifies bottlenecks.

We have improved the performance of the firewall to handle requests and responses to/from clients as reduces the number of policies that are needed when the network is exposed to high risk.

They need to improve auditing of IP tables, as only monitoring them does not reduce their vulnerabilities.

I used it for nine to ten months.

No issues encountered.

It is quite stable for 24-hour network monitoring.

There is no problem in the process of scanning and monitoring firewalls, and IP tables in
considerable quantities.

8/10 as they were quite fast in responding to my issues.

10/10 as the technical support provide assistance if there is a problem via both email and telephone.

I have not used a different solution previously.

The initial set up is a bit complicated, because you have to open special ports in the firewall, and give open access to be able to read the configuration topology mapping in the firewall. This means that the process of scanning and monitoring AlgoSec can run smoothly.
Unlike the case with the initial setup for monitoring IP tables, you must use the root access serve (sudo su) so that the process of scanning and monitoring AFA could run smoothly.

We implemented this in-house.

The advantage is that it can really optimise configuring firewall policy rules, and can
reduce the configuration that is vulnerable. It can provide solutions to make policy rules more simple and efficient.

If you want to conduct an audit of firewall and want to optimize the configuration, you can try and use AlgoSec.

I didn't evaluate other options.

Be patient and careful when doing the initial configuration of the firewall with AFA, but after the process is completed, everything has to run smoothly.

An example screenshot of network mapping results from AFA. Network mapping can
be useful also to detect if there is a connection network traffic is interrupted and can assist in documenting the topology that is owned.

The following screenshot shows an example of the policy rules that need to optimized, so you can improve the performance of firewall and its security level.

The following screenshot shows the result of scanning AFA reports that compliance with ISO 27001.