AlgoSec Reviews

We use AlgoSec to provide compliance and for the ease of automating everyday security tasks. We have more than five hundred firewalls and automation is a must. This was the best product in terms of the flexibility and visibility that we needed to manage them across different regions. We can modify policy according to our maintenance schedule and time zones.

AlgoSec has reduced the need for additional manpower and we can now use the time to tackle other security-related issues. For incident response, you can automatically isolate compromised servers from the network.

It helps remove rules with limited impact on other applications. By maintaining a clean security policy, it reduces the risk from the most common attacks and also improves performance.

AlgoSec has also helped increase collaboration between departments. It helps our network department to reduce third-party involvement in policy creation and management.

So far, we are using AlgoSec Analyzer and FireFlow. The Analyzer is more for compliance, risk, and auditing. FireFlow is more for automating rule changes and installation.

Right now I am loving FireFlow for its easy to use interface. You can also get as complex as you are comfortable with. You can add email, scripts, and hooks to certain aspects of the rule creation process.

AlgoSec now has cloud products that they are rolling out. This is the next space for which everyone is dedicating more resources. We would like to see them utilize the cloud to help with performance improvement, and with various processes needed on a daily basis. We have two remote agents that help with daily processing and would like to integrate more power from the cloud to be as flexible as possible.

We use it for planning firewall changes and traffic simulation queries.

We use AFA (AlgoSec Firewall Analyzer) and FireFlow. Our network environment is mostly on-premises.

It has improved the way our organization functions in that, for our change process, we now require all changes to be planned using AlgoSec so that the security team has visibility into the changes and we're aware of any risks. We also are using the covered rules and risky-rule detection to improve our security posture.

We haven't fully implemented the processes, so we haven't measured any reduction in human error as a result of using the solution, but subjectively, it has reduced human error.

It has also helped to simplify the jobs of our security engineers.

The most valuable features for us are the functionality it provides for our two main use cases: planning firewall changes and traffic simulation queries.

We haven't used it yet to prepare for audits and ensure our firewalls are in compliance, but I think it will be very helpful for that. That's one of the main reasons we bought it.

We are using it with a couple of Cisco technologies and we're also sending events out to our Microsoft Sentinel workspace. We have a couple of other security technologies in there as well. AlgoSec integrates well with the Cisco ACI environment and with our Firepowers, our FTDs. There are still some bugs but it generally works well.

The overall visibility it gives us into our network security policies is pretty good but it has some bugs and shortcomings. It doesn't support all features on our firewalls. For instance, planning changes, which include net rules, doesn't work. It didn't integrate so well with the ACI network. It doesn't work with all firewall rules or with net rules on our firewalls.

For about 70 percent of firewall changes it does show us the risks, while for 30 percent of the changes, we can't plan because of these bugs and shortcomings.

I have been using AlgoSec for about a year.

The stability is good.

We've had no problems in terms of scalability.

I'm sure we will continue to add firewalls to it and we want to do more with the FireFlow.

Their technical support is good but it can be slow.

Neutral

The initial setup was straightforward.

We have about 10 engineers using it, and just one person who looks after it, maintenance-wise.

We used their personal services to help us set it up. We had an onboarding package. It wasn't me doing the configuration but it seemed straightforward with their support.

Our experience with them was good overall. We had some frustrations and surprises in the early days with the product not being completely compatible with our environment. But over the last year, they've been fixing the bugs which is making it much more usable. When we started, it had a lot of problems with our environment. We were only able to plan something like 40 percent of the changes, and the traffic simulations weren't working with our network environment. But now, we're up to close to 70 percent.

It took about nine months before it was properly integrated and enough of the bugs had been fixed for it to be helpful.

We are not measuring the effort saved or the errors avoided, but we think it's a good investment.

Initially, it was more expensive, but we managed to negotiate the price. It's about average now.

In addition to the standard fees, we bought the Jumpstart package to help us configure it.

We looked into Tufin. We chose AlgoSec because of its support for Cisco ACI. Tufin was just releasing that and we felt that AlgoSec was a more mature product.

At the moment, it hasn't reduced the time it takes to implement firewall rules in our organization. It's being used to improve the quality of the changes we make and improve visibility. But we haven't fully implemented the FireFlow features. That's our problem, rather than the tool. We just haven't finished implementing it.

We're only using AlgoSec for on-premises, but we do have environments in the cloud and we plan to use it for those in the future. It would help us manage these multiple environments in a single pane of glass, but for the moment we aren't using it in that way. However, we do have a number of firewalls that we have onboarded from acquisitions, so we are not just using it for our data centers. We're using it for smaller acquisitions' firewalls as well to understand the security posture of companies that we are purchasing.

My advice would be to make sure that the solution is completely compatible with whatever infrastructure you have. We should have spent more time evaluating its support for our infrastructure to avoid some of the problems or surprises we had when we implemented it.

My main use case is as a firewall analyzer module where it can be further broken down as follow: 

1) Network topology visualization: visualizes a network traffic path during troubleshooting

2) Policy optimization: uses optimization and clean-up recommendations to perform annual housekeeping of the firewall

3) PCI DSS compliance: follow the out-of-the-box checklist to prepare for a PCI DSS audit

4) Risk reduction: uses the recommendation of the risky rules to address all the critical and high-risk rules

5) Monitor changes:  monitor for firewall-config changes in real-time via email alerts

The solution has improved our organization in multiple ways. We can:

• Easily understand and provision application connectivity to accelerate application delivery and minimize outages

• Process firewall changes 4x faster, and eliminate misconfigurations and rework

• Proactively assess the impact of network changes to ensure security and continuous compliance

• Simplify and automate internal and regulatory firewall audits, and reduce time and costs

• Streamline communication across the application, network and security teams

• Deliver a tighter security policy that provides better protection against cyber-attacks

The product is great for:

1) Network topology visualization: reduces network troubleshooting effort which contributes to quickly restoring network or application outage.

2) Policy optimization: reduce/consolidate the number of rules created prior to the existence of AlgoSec Firewall Analyzer in order to free up hundreds of rule capacity before reaching the max rule limit of the firewall.

3) PCI DSS compliance: helps to highlight the area which firewall admin need to take note and address in a streamlined and structured manner.

4) Risk reduction: helps to quickly identify the risk that exists in existing rules and provide useful recommendations that help the firewall admin to remediate with ease.

5) Monitor changes: helps firewall admin to comply with security requirements of providing real-time security alert whenever a change is made, with detailed info on what was the value before and after.

The FireFlow's out-of-the-box workflow configuration/customization wizard could be improved to be more user-friendly and have a shorter learning curve. The current configuration wizard is quite complex and complicated, which will result in the need to engage with an AlgoSec professional services team to perform even the simplest workflow adjustment.

I had tried AlgoSec's direct competitor's workflow configuration wizard and found it to suit most organization requirements even though the customization capability may not be as advanced as AlgoSec.

I've used the solution for six years. 

The setup is fairly straightforward.

We did also consider Tufin.

The purpose of using the product was to attack and Analyse rule bases from a holistic perspective. The Firewall Analyzer has a rule base consolidator as well as a feature to make the rule base more permissive. It also helps to reduce rule base clutter, as well as legacy rules.

Traffic query helps us to quickly find rules that allow outbound access.

FireFlow is a useful ticketing system that integrates with many products.

We would like to use FireFlow's API to automate certain tickets that come through to leverage automation in our environment. 

An example is that we have a policy with 900 rules, which we were able to reduce to 500 rules. That's close to a 50 percent savings on the rule base.

We used the Unused rules function in Firewall Analyser to examine our rule base. This has drastic performance increases in our production firewalls.

Objects not used within rules can save even more when it comes to cleaning up rule bases. Where this is a very manual process without AlgoSec, engineers can have a level of automation by building useful reports to assist with clean up.

The most valuable feature is the Firewall Analyser, which has a number of fantastic features.

From a risk perspective, you can apply compliance Frameworks like ISO 27001 and PCI DSS against firewall rule bases to see if your rule base is compliant. If you are not then AlgoSec provides descriptive ways on how to adjust rules to make your rule base more compliant. 

Definitely, the policy-cleanup features are the main draw. Shadowed rules, rule duplication, rule consolidation, rules permitting too much access, and rule usage are very useful and help to clean up rule bases.

There are areas where auditing rule changes are not accurate. It is important to be accurate when using rule changes, as users need to be accountable for their changes; however, I cannot trust AlgoSec when rule changes come through on reports as they reflect incorrectly. I have taken this up with support and have never really had a resolution for this. 

I would like to see enhanced dashboards or build meaningful reports for executive consumption. 

AlgoSec is a fantastic product, and I would like to see more "granular" breakdowns of traffic on IPT traffic analysis for source and destination, as the way it does it currently does not allow me to self problems for rules with ANY in the destination.

We have been using AlgoSec for one and a half years.

The stability is good.

Scalability-wise, this product is good.

The technical support is always responsive and always willing to understand the issues. 

Our previous solution was not useful and did not have an intuitive interface. Support was also terrible.

The initial setup is straightforward. If you understand your infrastructure, it will be easy to deploy in a central location.

Our deployment was done through a vendor team and it took one week.

We haven't saved any money yet but we have improved the performance of certain devices.

I would suggest that you start with a VM, get a PoC with a temp license, and try it out. You will love it.

I would not like to disclose which other products, but I have used two other products that didn't even come close to AlgoSec's power.

Its a good production and good support, definitely worth it.

We primarily use the AlgoSec Firewall Analyzer.

We have more than ten cluster firewalls and we have deployed the AlgoSec solution suite. We want to check compliance status of our devices. We also need to reduce the number of rules in each of the policies.

In our new data center, we want to automate the firewall policies.

Now, we can easily track the changes in policies. With every change, AlgoSec automatically sends an email to the IT audit team. It increases our visibility of changes in every policy. 

Every month, I use the optimizer to reduce firewall rules. In the summary tab, I can easily track the number of changes in the firewall policies.

The most valuable feature is the reporting, including the policy report and regulatory compliance reports.

In the Intelligent Policy Tuner, the tighten permissive rules tab allows us to reduce the number of rules in each policy. I can easily control, report, and reduce the rules for policies. Also in the Rules Cleanup tab, I am removing unused rules as I feel confident in deleting these types of rules.

Our Information team read Regulatory Compliance Reports that can easily track the compliance status of each device.

Cisco Firepower device support is limited in our AlgoSec system and I think AlgoSec can improve in that area. For example, in FireFlow we can easily track using the ticketing system to integrated Check Point devices. However, with Cisco Firepower devices, we couldn't integrate with them.

We have been using AlgoSec for almost six years.

We did not use another solution prior to this one.

The pricing of AlgoSec is fair.

Before purchasing AlgoSec, we implemented a PoC with each of AlgoSec, Tufin, and FireMon.

We have more than ten clusters behind our firewall. It is essential that we track the changes in policies and the compliance status of devices. AlgoSec can easily do that.

Our company has a very large technical estate, with over 90,000 staff and 80,000 computing devices, it was imperative that we found a firewall security management tool that allowed us to speed up the process of change requests when it comes to our firewall IPS team, as they were becoming overwhelmed with the volume of requests.

AlgoSec has improved our organization in terms of improving efficiency within our firewall setup. It has added automation to working process that has helped us achieve our initial goal of reacting faster to incoming requests, which as a result of allows the relevant teams time to focus on other areas of importance.

The best feature for us is the ability to automate the change requests that come through our service desk, which is done via the tool's intelligence to analyze the conditional rules. As previously mentioned, this used to be a big time sink for the guys which is now less of an issue. This means that the company can claim back valuable man-hours for other means (also showing a labour cost saving to the board).

For the most part, this AlgoSec tool does meet our needs. If I was to think of any improvements I think the main one that stands out to me is confidence in future proofing. A good example is that we are looking at various SOAR which we'd like it to be fully compatible with (but not entirely convinced it is yet). Lastly, I have also heard a few qualms about the technical support and that it could be improved. However, this doesn't detract from the value the tool brings to our business.

The primary use of this appliance is for Firewall maintenance and monitoring. Firewalls are a critical component in all organizations. As engineers, we are tasked with more responsibilities. You want to efficiently manage your time and devices, AlgoSec helps tremendously with that.

AlgoSec has improved our organization by providing us with an appliance to assist with our daily Firewall duties. AFA & AFF assist with change detection and logging of user modifications. Also, it's a great tool when preparing for audits and ensuring your firewalls are in compliance.  

The feature I find most valuable is Change Detection email notifications. We are able to track real-time changes made.

Currently, the product is doing everything we have asked for. Its a huge component for our Firewall maintenance. One key component is the integration with ServiceNow for Firewall rule requests. This helps expedite the process and track every step from user to configuration. 

Some area's where the product can improve is with the knowledgebase. Sometimes you have to do additional reading for your particular error.

Some additional features I'd like to see are for the reports. As opposed to showing me the entire objects/rules on the change detection email for that particular firewall, I'd like to see just the changes. I think this would be beneficial to none technical personal that may get overwhelmed with all of the data.

Also, having a Linux or programming background makes troubleshooting easier. That is one challenge I'm working on now to improve fixing our issues quicker.  

So far for what the solution does, it's stable. 

The solution is very scalable so far. 

Support thus far is sufficient for our needs. Their system is very timely and engineers engage you via email first, then migrate to phone and screen share if needed. 

No previous solution.

I wasn't part of the implementation. 

I wasn't part of the implementation. 

I think we have a great ROI due to the improved visibility and management that the solution now provides us. 

I wasn't part of the setup cost. Pricing and licensing seem fair. Licensing depends on how big your organization is. We haven't had any issues with purchasing more licenses for our growth. 

This solution was in place prior to me transitioning to this role. 

No additional comments. 

Provides visibility to firewall policies. 

Single tool to engineer changes and track approvals for audit compliance.

A Central tool to track firewall requests. 

Using AlgoSec API calls to integrate with other apps (ex: central IT request portal)

Standard view of firewall policies, regardless of vendor (ex: Checkpoint and Cisco). 

Built-in reports to aid in policy cleanup (ex: unused rules or objects, covered rules).

Faster HA/DR failover - with very large databases, it takes a long time to failover / failback.

Provide even more REST API calls (ex: rule removal API)

Product and appliances have been very stable.

It easily scaled up to support our hundreds of firewalls.

Both are excellent. 

Customer service is clearly important to AlgoSec. I never get the feeling they're just trying to sell me something, they sincerely try to assist with the best solution for us.

Tech support is extremely knowledgeable and responsive. If I could score them 11, I would. 

Did not use another solution previously.

Initial deployment was straightforward. The FireFlow workflow can be configured to match the existing flow - customizing this to match any workflow permutations takes the most time. 

Through a vendor team. They were top-notch - extremely knowledgeable and great to work with.

Unknown.

Explore the possibility of running on a VM instead of dedicated hardware.

I was not part of the evaluation.

The tool is very flexible. Be sure to allocate sufficient resources to deploy & customize it.