We use it for firewall ruleset management. It's mainly to manage the firewall ruleset changes and for monitoring compliance.
In our environment we use Algosec Firewall Analyzer. Our network environment is a mixture of public and private clouds. We have more than 3,000 network switches and we are managing almost 20 firewalls that are on-premises. That doesn't include the cloud firewalls because AlgoSec does not extend to that area.
The main benefit is mainly related to security and our network operation. It helps with firewall and ACL management. In terms of security, it helps us safeguard the firewall ruleset. It's not directly important to the business for income, but it helps us to safeguard our operations and security.
It's also good to have AlgoSec for monitoring, as a measure for security compliance, because the firewall is the gateway from on-premises to the internet or to our business partners. It plays an important role.
It makes the audit process much easier because it provides an almost instant "yes" or "no" regarding compliance. On top of that, you can generate a move-and-change record for auditing purposes. It fulfills the requirements.
Algosec's automation helps reduce human error as well. It helps ensure our firewall policy integrity. It's the kind of machine that helps cross-check those areas, and that helps. Before we really applied AlgoSec for operations, we just used it as a monitoring tool. But after we started discovering manual errors, we tried to use AlgoSec as a prerequisite, and to check the ruleset changes that would be applied to production before they were applied in production. It works well as a checker.
In addition, it has reduced our workload in terms of manual checking to some extent. The lead time for AlgoSec to check against basic, fundamental compliance is great; much better than when done by humans. It reduces the time needed for that part of the analysis. And it helps me to make sure that the applied changes are meeting compliance requirements.
The firewall policy summarization is the most valuable feature. It helps us to cross-check the firewall ruleset. That's the main purpose of it. And of course, it monitors changes of the firewall policy. It provides full visibility into the risk involved in firewall change requests. It helps us to check for any integrity issues and conflicts with other rulesets, and of course the compliance.
When it comes to integrating with the leading vendors, we haven't had any hiccups integrating Algosec with existing firewalls or network switches, router switches, ASAs, or VPNs. It has to be great. I don't think another brand name or latecomer will do better than Algosec.
I have been using AlgoSec for more than seven years.
The stability is good. When we had the appliances it ran for a couple of years. Now that we've moved to the VM it is more stable and independent of hardware.
We used to be in an appliance for AlgoSec but two years ago we moved it to a VM version. The vendor supported us in that process. That was good. Other than that, we haven't needed to contact their technical support much.
I don't work directly with their technical support, my subordinate works with them. According to what I've heard so far, it's been very good and very helpful.
The initial setup was a long time ago. I remember it being a little bit hard, but I don't think we're a good reference point because it was almost seven years ago. When we moved to the VM version two years ago, we updated our skill set and it is manageable for my people. It should be easy to integrate.
For our initial setup, I remember the Check Point firewalls were seeing some key exchange. When there is an upgrade, you need to do a key installation. That was a little bit difficult seven years ago, but I believe most people now have experience and they know how to handle that. Back then, not many people had experience on Check Point firewalls or even AlgoSec.
Overall, the deployment is easy, but because our organization has a change process, the testing process involved with that takes a longer time. The actual integration is not difficult and it won't take much time.
Rather than talking about simplifying the installation, it should be standardized. There should be more documentation for AlgoSec. The firewall vendors, and even the network equipment vendors have more "Welcome to This Type of Management Tool." They have more clear documentation.
Some of the use cases appear in the community but the vendor could set up a forum where users can share tricky experiences and how to resolve them. An actual case-scenario Knowledge Base is much better than documentation that only describes the straightforward settings.
For maintenance of Algosec we need just one person. The deployment was done by our network team. I used to be on the network team and I was the one who introduced it. Later, I transferred to the security team. I log in to the content now, but not the platform. It is now managed by one of the network team members. Across our organization, there are about five people accessing it.
We used a system integrator to deploy it, called Dimension Data.
It does its job. I don't expect more than that. We use it to manage the firewall and the firewall is such a mature product, and everything is satisfied.
We don't use it to help us in speeding up setting the firewall ruleset or doing testing phases, because our development cycle is a little bit different. The developers have to state what they need and then we apply it. We only use AlgoSec to cross-check when the testing result moves to production. It doesn't help us much in the development stage.
In terms of the cloud, we are just beginning to build a CoE, a core of excellence. There are many other native solutions provided by the CSP and there are some CASPI solutions—CWP, PP, and CSPM—that will help us with the governance of firewalls or the network security policies. We haven't determined our direction yet.
