AlgoSec is slow when it is loaded with too many firewalls and policies. A plan to take care of heavy usage is to be considered. Support of all firewalls and policy features to be enabled. AlgoSec should support in identifying most hit rules and re-ordering existing firewall rules - this is a very key to manage firewall CPU. A clustering of AlgoSec can also be considered. A group of AlgoSec servers managing large client bases geographically or datacenter-wise or function-wise. A head reporting unit and child processing units.
They need to improve the web interface to be a little more interactive and friendly. It's still not bad, yet it could improve. They could improve AlgoSec academy, as there are some bugs when it comes to advancing resources. When trying to do the certification, I got stuck in one module, which prevented me from completing the certification. The only downside of AlgoSec is that it seems to need some updates as it relates to UX and potentially some more outlined integrations. Specifically with cloud platforms and tools.
Country-specific regulations should be added when required. Doing this on my own with baseline compliance is quite difficult. Additionally, I would like AlgoSec to provide suggestions such as "this object includes that object" for my objects on the Check Point firewall. For my Fortigate manager, the support of the active change feature is important to me. Lastly, the FireFlow interface could be simplified a bit more. I agree that it is user-friendly, but on the other hand, it can be difficult to organize and find certain things.
Cyber Security Expert at Soitron Siber Güvenlik Servisleri
User
Top 20
2023-12-24T20:57:00Z
Dec 24, 2023
Enhancements that allow for more automated policy management, change workflows, and orchestration can significantly streamline network security operations. Advanced analytics and reporting capabilities that provide deeper insights into network traffic, security policy effectiveness, compliance, and risk management can be beneficial. Features that allow security policies to be defined and managed based on specific applications' needs would be ideal.
Staff Software Engineer and Machine Learning Scientist at Google
User
Top 10
2023-11-16T21:36:00Z
Nov 16, 2023
While AlgoSec provides comprehensive visibility and management of security policies across hybrid environments, there is an opportunity to further expand its intelligence capabilities. Specifically, AlgoSec could look to incorporate more machine learning to analyze network traffic patterns and application behavior to detect anomalies indicative of emerging threats and policy violations. Going beyond just mapping connections, it can automatically flag high-risk flows and unusual events for further investigation.
Regional Sales Manager - South India at Exclusive Networks
User
Top 10
2023-11-16T07:46:00Z
Nov 16, 2023
The solution needs improvements in the following areas: * Algosec does not support vendors like Sophos, SonicWall, Forecepoint, and so on. * Traffic simulation and fire flow need to be improved. * The solution has insufficient documentation. * They need to improve tech support in India. * Deleting objects from each firewall is tedious, and it has to be done manually. * An effective topology diagram can be provided. * It is a challenge to combine different security vendors. * To upgrade, we have to upload package files which can be downloaded from the Algosec website, however, downloading takes time.
Network & Security Engineer at ALTEPRO solutions a.s.
User
Top 20
2023-09-06T13:23:00Z
Sep 6, 2023
While AlgoSec offers many advantages, there are some areas for improvement. Certain features, like comments in FireFlow, could be made more customizable. Additionally, some features require a learning curve and may necessitate support from AlgoSec, which can be challenging at times. While AlgoSec offers many advantages, there are some areas for improvement. Certain features, like comments in FireFlow, could be made more customizable. Additionally, some features require a learning curve and may necessitate support from AlgoSec, which can be challenging at times.
IT Support Specialist at Taarak India Private Limited
User
Top 20
2023-09-01T13:22:00Z
Sep 1, 2023
To provide comprehensive instructions on product integration, a manual page can be added to the dashboard at the integration point. This will make it simple for the system administrator to incorporate new goods, even if they are unfamiliar with them thoroughly. Every time we integrate a new product, we shouldn't have to wait for coordinated work with a product specialist. Due to the fact that AlgoSec's user interface is less friendly than that of other programs, it might not be appropriate for persons with little experience in security or IT. It does, however, allow for more customization. As a result, the interface can be regarded as more sophisticated.
Introducing greater flexibility in editing alerts would be a highly appreciated improvement. The solution currently faces visibility and compatibility challenges when it comes to Palo Alto firewalls, making it difficult to generate reports. Since the reports heavily rely on logging, the product encounters obstacles with Palo Alto's logging system. Enhancing compatibility with Palo Alto firewall reports is crucial for seamless reporting. A notable customer demand is the implementation of a user-based policy within AlgoSec. This feature would enable the solution to provide advice on user policy rules while also ensuring compatibility with identity awareness functionalities. Meeting this customer requirement would be highly beneficial.
At the integration point, a manual page could be added to the dashboard where directions about the products are explained in detail. In this way, if the system administrator wants to integrate a new product, they will be able to integrate this product by following these directions, even if they do not have deep knowledge of the product in question. Integrating different products should not require us to have to wait for coordinated work with a product specialist.
CISO at a real estate/law firm with 1,001-5,000 employees
Real User
Top 10
2023-06-16T12:34:00Z
Jun 16, 2023
AlgoSec is not a tool where people with little knowledge of security or IT can find their way around. AlgoSec has a less user-friendly interface compared to competitors, but it is comparatively more customizable. As such, the interface is more on the complex side.
Cloud and Digital Transformation Architect at a tech services company with 10,001+ employees
Real User
Top 20
2023-02-03T17:48:00Z
Feb 3, 2023
The overall visibility it gives us into our network security policies is pretty good but it has some bugs and shortcomings. It doesn't support all features on our firewalls. For instance, planning changes, which include net rules, doesn't work. It didn't integrate so well with the ACI network. It doesn't work with all firewall rules or with net rules on our firewalls. For about 70 percent of firewall changes it does show us the risks, while for 30 percent of the changes, we can't plan because of these bugs and shortcomings.
Integration with Oracle on the cloud is not supported. I would also like to see integrations with network devices in Layer 2. While it's very focused on some goals that we must apply for security, everything related to network devices, it would help if we could double-click on the network devices of Layer 2 for WiFi and other types of networks.
Network engineer at a insurance company with 10,001+ employees
Real User
Top 20
2022-12-22T21:16:00Z
Dec 22, 2022
A few features could be more customizable. For example, one of our issues is related to the comments. When using FireFlow and ActiveChange, the comments by AlgoSec can be changed, but they always have the FireFlow number first. That's mandatory. It can be a bit bothersome because that's sometimes not exactly what we want. The templates we use have some scripts running in the background that aren't easy to change or remake. These options could be improved. Some features take time to learn and understand. It would be hard to figure out without AlgoSec support. Every bug or every problem we encounter is challenging to understand and fix without them. We try to solve our own issues, but sometimes we can't, and we need AlgoSec support.
Security Engineer at a tech consulting company with 1,001-5,000 employees
Reseller
2022-12-18T05:23:00Z
Dec 18, 2022
All our firewalls were renamed, and AlgoSec saw these devices as new devices. As a result, all the reports from the same device but with the old hostname were no longer connected. AlgoSec did not clean up the old reports as well. After a few days, it depleted its own storage, and then, the server became inaccessible. There's no fail-safe for AlgoSec to not stop creating reports if its own storage is at 98% or 99% capacity because the server becomes inaccessible when it reaches 100%. I've also been fighting an issue with the Chisel service running on the server regarding AlgoCare for some time now. I have been in contact with AlgoSec's technical support regarding this, and they've been helpful and responsive.
systems security engineer at a tech company with 1-10 employees
Real User
2022-12-04T19:35:00Z
Dec 4, 2022
When we are integrating AlgoSec with a SAML or 2FA authentication tool, there is a small drawback to the solution. When we enter our user ID and password to log in, we get redirected to the console. However, there is no option to log out from the console. We have to close the entire web page in order to log off. The logout page is a mandatory feature that is missing from AlgoSec. AlgoSec cannot be integrated with solutions that require two-step or multi-factor authentication. Embedding multi-factor authentication capability into the solution would be a valuable feature.
Network Security Officer at a energy/utilities company with 1,001-5,000 employees
Real User
2022-10-08T00:01:00Z
Oct 8, 2022
My only concern is related to how they count the number of licenses. We have active and standby devices. If someone adds the standby device by mistake and does an analysis, it consumes two licenses. They need to improve the way they are counting the number of licenses because someone can do analysis on a standby device by mistake. We need a way to fix or solve this issue. I noticed that some of the oil companies in Kuwait have started to use AlgoSec Analyzer. I see AlgoSec solutions in Kuwait. AlgoSec needs to have sales engineers here. They should have presales or sales consultants so that they can offer solutions to companies in Kuwait.
I would say that the cases opened with AlgoSec could be solved faster or escalated sooner to the senior engineers/2nd or 3rd tier. AlgoSec Support is very good at responding very fast (faster than the required SLA) and very timely. Their engineers are based either in India or Israel. Each region has its sales person and technical engineer person. Another pet peeve is that there are hotfixes for new issues or bugs at least once a month, if not more frequently. Overall, AlgoSec is trying to improve its case-resolution support team and process, and we are optimistic that our issues or bugs will be fixed much timelier.
Presales Engineer at a tech services company with 11-50 employees
Reseller
2022-05-02T05:34:00Z
May 2, 2022
AlgoSec integrates with most of the leading firewall vendors, but one issue is that AlgoSec doesn't support Sophos and Forcepoint. AlgoSec competitors, like FireMon, support Forcepoint. I have told AlgoSec a number of times that we have many customers that use Forcepoint. I have asked why they don't support integration with Forcepoint. They have said they don't care about Sophos, Forcepoint, and SonicWall. They don't consider those vendors to be leaders in the firewall market and they don't have plans to support them.
Project Engineer at a tech vendor with 51-200 employees
User
2022-01-04T03:38:00Z
Jan 4, 2022
The FireFlow's out-of-the-box workflow configuration/customization wizard could be improved to be more user-friendly and have a shorter learning curve. The current configuration wizard is quite complex and complicated, which will result in the need to engage with an AlgoSec professional services team to perform even the simplest workflow adjustment. I had tried AlgoSec's direct competitor's workflow configuration wizard and found it to suit most organization requirements even though the customization capability may not be as advanced as AlgoSec.
It is already one of the best solutions in its category. Honestly, I have nothing to recommend but I am waiting for the R&D team to develop new features. I mostly have some problems with the integration process. Maybe the integration manual document can be released by AlgoSec and also by the vendors themselves. It is not directly related to AlgoSec. It's more related to the vendors. The firewall configuration recommendations are very helpful, however, sometimes it is very hard to convince anyone from the firewall vendor side. These recommendations should be posted on the vendor webpage or internal documentation as well, as best practice or best configuration recommendations.
It is already one of the best solutions in its category. Honestly, I have nothing to recommend. However, I am waiting for the R&D team develops new features. I mostly have problems with the integration process. Maybe, an integration manual document can be released by AlgoSec and also by the vendors as well if it is not directly related to AlgoSec. They need to have firewall configuration recommendations. While they do offer some, it is sometimes very hard to convince the guys from the firewall vendor side. They should publish these recommendations on the vendor webpage or internal documentation as well, as an example of best practice or best configuration recommendations.
There could be certain improvements such as supporting secure email. We have some cases where the client SMTP /POP email system is discarded, which is very important factor change notifications. Fireflow workflow rule/change implementation for time-based rules is not currently supported. These improvements in upcoming code will definitely help with end-to-end firewall rule implementation. NAT rule implementations were in the roadmap. We are expecting this soon. Certain optimization of AFA/AFF SMS resources would ease daily operations.
Technical Engineer - Technical Security at a tech services company with 1,001-5,000 employees
Reseller
2021-12-28T14:50:00Z
Dec 28, 2021
Support tickets and engineer assignments are one of the few concerns we are facing these days. Initially, they were hard to co-ordinate with the technical support team and the AlgoSec management team helped us to follow the defined Service Level Agreements. We needed to directly communicate with the integrated solution TAC Teams, let say of Palo Alto or Checkpoint, and we needed to co-ordinate jointly for addressing an issue. The AlgoSec support team came on a joint call to address the issue on time without saying "this is not my cup of tea" and by then we were happy about the support. This happened during one of our major migrations. Our management is expecting us to set up a CXO/CISO dashboard from AlgoSec. It would be great for us if the AlgoSec team could assist in setting up the new benchmark.
Network Infrastructure Engineer at Cigna/Express Scripts
Real User
2021-10-21T06:13:00Z
Oct 21, 2021
When we send multiple requests across at once, sometimes it causes errors and FireFlow gets stuck. In cases like this, we have to go back in and fix it.
Vice President Head of Information Security at Itaú
Real User
2021-08-09T08:01:00Z
Aug 9, 2021
We are using AlgoSec directly against our Cisco Firepower. At first, AlgoSec didn't work with Firepower. It didn't know how to read the logs. So, improvement has been made. Now, the feature that was available on the older generation firewall is available on the current one, but this is a problem which has already been dealt with.
Lead Infrastructure Engineer at a financial services firm with 5,001-10,000 employees
Real User
2021-07-20T15:10:00Z
Jul 20, 2021
Some of the auditing functionality needs improvement. Our major focus is the firewall validation process and tracking and verifying that changes are implemented correctly. We are actually doing parts of the auditing process manually. And getting any one of the vendors to bring out a good auditing process has been very difficult. AlgoSec does a good job of showing us the changes, but we're doing a manual process to actually audit it and do documentation that we can provide to our auditors that shows we're validating everything, and on top of it, that nothing gets implemented without being caught. Part of that could be improved upon.
Security Analyst at a tech services company with 1,001-5,000 employees
Real User
2021-07-15T06:36:00Z
Jul 15, 2021
In our environment, we add rules in the firewall based on user logins, but currently, we can't do that with AlgoSec. AlgoSec can't create rules based on user logins. For example, generally, when we create a rule, we put IP Address, Destination IP Address, and Service Port. However, in our environment, we put IP Address, User Login, Destination IP Address, and Service Port, but AlgoSec doesn't support a rule in this format. We opened a ticket regarding this with their support two months ago, and they said that they will be able to add it in the future, but they don't know the timeframe. We are currently in the process of making changes in our environment for such rules, and after two months, we won't be using the rules that are based on user logins. We will make them consistent with the market, and we will use only the IP Address, Destination IP Address, and Service Port for rules. So, it won't be a problem for us, but this can be an improvement for other clients.
The analysis part can be improved when I make a flow request. There should be a clear analysis of which metric part needs to be opened and which firewalls will be opened. It should give you a bit more graphical visibility about these. I don't know if it's possible, but there could also be policy enforcement. The reason why firewalls have problems is that standards are not being followed. If the tool that allows you to enter a request doesn't enforce standards, there's too much room for error. Automation does not solve this unless automation follows defined policies and standards. I don't know to what extent those tools can indicate the predefined policy and standards that you put in place. For instance, if you define your level of zero trust, the tool should be able to advise you on what you should do.
Sr Technical Consultant at a tech services company with 51-200 employees
Real User
2021-05-18T20:04:08Z
May 18, 2021
If we talk about Cloud and SDN Platforms it support AWS, Azure etc.... I'd like to see this solution support some other Cloud platforms as well such as Alibaba and a GCP to give the customer flexibility.
In late December or early January, we were trying to add another solution, but it wasn't working because there was no support for the version that we were running at that point. After they released the hotfix, that took care of this issue. That particular device was then supported. So, it has been very stable and working fine since then.
AlgoSec needs improvement with its support level. I know that they have 3D architecture like SMB and enterprise on top of that. Some people consider this as a noncritical device. But because it's not as critical as a firewall, some people think that the support level does not need to be equal to a firewall level of support. But if some people are monitoring and managing firewalls through AlgoSec, the level of support should be equal to a firewall level. It shouldn't be dragging over two or three days. I know that they have three levels of support, but at the very first level, I believe you should be able to directly contact the tech and get a solution as soon as possible. The only problem I have with AlgoSec is just its level of support, not with the product. Not with the organization or the documentation or anything else, but if I need any additional support, the only problem is the time it takes to get it.
I would like an analysis to be created for user group rules (Check Point - identity awareness). Current versions of AlgoSec do not perform analysis of Identity awareness (Check Point). It would be important for the user to be able to request a rule by an access role group and then AlgoSec would create this rule automatically in the firewall. An improvement in tool performance would be important. Environments with many devices need a lot of hardware resources to avoid slowdowns. Memory consumption of the server is very high.
Managed Security Services Product Manager at a comms service provider with 10,001+ employees
Real User
2020-11-11T08:54:03Z
Nov 11, 2020
AlgoSec can probably do better at introducing features for the cloud firewall scenarios. This is something that will probably help customers. It needs a hybrid scenario that includes private cloud, public cloud, and on-prem things. If a feature could cover all three different types of deployment, that could probably make it even more desirable for clients.
There are areas where auditing rule changes are not accurate. It is important to be accurate when using rule changes, as users need to be accountable for their changes; however, I cannot trust AlgoSec when rule changes come through on reports as they reflect incorrectly. I have taken this up with support and have never really had a resolution for this. I would like to see enhanced dashboards or build meaningful reports for executive consumption. AlgoSec is a fantastic product, and I would like to see more "granular" breakdowns of traffic on IPT traffic analysis for source and destination, as the way it does it currently does not allow me to self problems for rules with ANY in the destination.
Nothing comes to mind in terms of things that need to be improved. In terms of additional features in the next release, more integration with SD-WAN would be valuable. I would also like to see more integration with Cloud security products and services but overall, the product compatibility and integration with multi-vendor and differing platforms/environments is pretty comprehensive. That said, with the fast-moving nature of SD-wan and Cloud Security, product features and enhancements will need to keep pace because clearly, Cloud Security is where the industry will be focusing.
Senior Information Technology Security Analyst at Logicalis
MSP
2020-10-07T16:36:00Z
Oct 7, 2020
I would like to see support more technologies, but I know that AlgoSec is always in the process of evolution. Perhaps a better financial option would allow customers to choose the complete solution. In an environment that is very large, with many firewalls and routers, it is sometimes impossible to buy all of the licenses. This makes the AFF solution impossible.
Network Security Engineer III at Choctaw Nation of Oklahoma
Real User
2020-10-07T15:23:00Z
Oct 7, 2020
This is a tough one because it has a lot of good features. I think that the rate of false positives can be improved. I would like a FireFlow or packet-tracer-like capability at a lower licensing level. I liked the additional capabilities for an analyst or lower-level network admin or service desk tech to be able to check the rules to see if there is something blocking the traffic. However, I was not able to get the licensing approved above just FA. I like the training available as it is very informative, but, I wish it was just available from YouTube and I could easily play it from my cell phone without additional logins.
AlgoSec should explore integrating more multi-vendor platforms and should be looking towards ready infrastructure for providing Infrastructure as service (IAAS) on any cloud platforms as the trend and technology is gradually moving from In House platforms to Cloud platforms. Algosec should also be exploring the integration with the open source firewalls as well. The GUI features of Algosec solution should be more flexible to use and adopt.
Network & Collaboration Engineer at a financial services firm with 1,001-5,000 employees
Real User
2020-04-30T00:45:00Z
Apr 30, 2020
The product should support more vendors with the same in-depth analysis that it already is providing. This would give more reasons to for other companies to adopt it and make us preserve the investment in case we change the running environment.
We are running multiple hybrid cloud solutions, working with cloud providers, and looking for API integrations with cloud and related interoperability. Sometimes, when we are trying to delete or disable any rule, it takes more time than expected. Sometimes, the web browser has issues with slowness. It can be worked out with a click or two.
AlgoBot should be more developed by adding more features to the chat. We will be integrating with Cisco ACI soon. Hopefully, new features with this integration will be developed as well in terms of automation. I came across a difficulty recently with a BGP enabled firewall that had a large number of routes. This wasn't directly supported due to a 3000 rule per firewall limit.
A vulnerability management module might be interesting, though not integrated with a third-party vendor. It should be an AlgoSec VM module. I would like some server integration for vulnerability management. Some PDF reports are not so good. E.g., the graphics and reports are not so good. Sometimes, we need to create graphics and reports to compare security ratings across months and groups.
It would be nice to have a good tool for network map discovery in the GUI to make it more user-friendly. I would also like to be able to check and modify network maps in a graphical and more intuitive way. This will improve our network overview for new deployments and troubleshooting. An API to connect to Palo Alto Prisma and Zscaler to be used after SD-WAN deployment would be a helpful feature. We have discussed this with AlgoSec and are hoping to see it in the near future.
Senior Technical and Integration Designer / Center of Excellence / Europe & Indonesia at Ahold Delhaize
Real User
2020-02-06T09:12:00Z
Feb 6, 2020
All of the search options needed are there but the search menu could be a bit more intuitive. In other words, I can perform any search I want without any problems but combining different search parameters can sometimes be a problem. Creating more intuitive menus could be helpful, especially for the first-time users. For example, it would be useful to be able to save searches with complex structure so they can be easily reused with simple change of parameter. Also, "contain" criteria sometimes misses just like ability to search using any value in basic search box, instead of reaching out to Advanced search (it would be great if simple typing IP address, or Project ID in basic search box lists all rules containing such a value).
There are a few things that we have already raised to AlgoSec in order to improve the tool. First, as the highest volume in our network is SaaS traffic, we need to secure this connection. To secure SaaS traffic there are a few vendors such as Palo Alto and Zscaler, but AlgoSec is not yet able to push rules onto these clouds. It’s in the roadmap but this is something that blocks our whole design. The network map design is not very useful for the administrator as the information displayed is not user-friendly.
Senior Network Engineer at a energy/utilities company with 1,001-5,000 employees
Real User
2020-02-01T13:44:00Z
Feb 1, 2020
There are sometimes issues with the Risky Rules reports where the number of hits is registering zero, but we know that this is incorrect because we have checked the rules and see that they are indeed registering traffic. Sometimes the Trust setting on Firewall rules is changing to trusted by itself.
What the technical teams report to me is that the network maps are a concern and should be improved. It would be easier if the network maps could be updated using the GUI portal instead of from the OS. This would benefit the operations teams working daily with this tool. In the end, we are striving to improve efficiency, and taking into account that Operations are really under pressure from SLAs to keep support ticket queues clean, and with the least amount of backfill possible, it is key to get better tools that make it easier and faster to update the network maps.
It would be very helpful to have a direct link to the relevant firewall policy embedded within reports when there are warnings or risks indicated. Regardless of how serious the risk is, we could jump to the policy with a single click. In this way, the administration would be much easier and we would not have to be changing the screen every time we want to look at or modify something in our firewall. I understand that they are third-party software packages that can achieve this, but it would be more comfortable to have it integrated.
Global Network and Security Team Leader at Ormat Technologies Inc
Real User
2020-01-29T22:30:00Z
Jan 29, 2020
The pricing structure is not good because there is no difference between a Data Center firewall for a small branch. The pricing for smaller installations should be lowered because sometimes there is just no ROI to add AlgoSec to the small branch offices with only 10 rules.
IP network expert at a comms service provider with 201-500 employees
Real User
2020-01-28T22:15:00Z
Jan 28, 2020
I would like to be able to see what objects have the same IP, but different names in different firewalls. Since the system is able to show all of the objects for the integrated devices, it can be confusing if one particular object (eg. IP address/host) has different names in different firewalls.
Works at a sports company with 1,001-5,000 employees
Real User
2019-11-28T15:06:00Z
Nov 28, 2019
I would be nice to have a good tool for network map discovery in the GUI to make it more user friendly and be able to check and modify network maps in graphical and more intuitive way . This will improve our network overview for new deployments and troubleshooting.
Cisco Firepower device support is limited in our AlgoSec system and I think AlgoSec can improve in that area. For example, in FireFlow we can easily track using the ticketing system to integrated Check Point devices. However, with Cisco Firepower devices, we couldn't integrate with them.
Works at a wireless company with 10,001+ employees
Real User
2019-11-12T16:45:00Z
Nov 12, 2019
I believe Active Change needs to be improved because not all products are supported, and some functions cannot be implemented by Active Change either. Technical support needs to find solutions more quickly. Active Change could implement routes in Firewalls, it should also be able to perform the creation of APP control and URL filter rules.
Works at a energy/utilities company with 10,001+ employees
Real User
2019-08-27T11:14:00Z
Aug 27, 2019
Support for Layer 7 policies, including User-ID and threat profiles with Palo Alto firewalls, has been a pain point from us. We would like to include the additional info specifically because we believe it changes the riskiness of the rule if it is only set for a specific user or a group of users. For example, if we have what looks like an "allow all" to a certain /24 network, but for only one user, we would give that a different score than if no user was identified.
* AlgoSec support needs improvement, and support needs training to better understand customer issues. ( Support team repeatedly fails to understand the customer issues, Response to the support ticket based on the severity is very poor, support team responses to severity 1 or 2 tickets are very very slow. Customer support representative need training on how to handle severity 1 or 2 tickets) * Integration with other appliances needs improvement. ( AlgoSec integration with other ticketing systems like Service Manager / Service now is not good, It needs to have better integration with ticketing systems like Service Now and Atlassian JIRA) * Documentation needs improvement. ( There is lack of documentation integration with other ticketing systems like HP service manager, Rest APIs, SOAP) * There are limited sets of Python API calls, so they need to add more features in the API. * The FireFlow template does not allow the user to perform external actions like sending an email or triggering a specific action. It needs improvement there.
There is huge scope for improvement in the level of support, especially around the issue of resolution time. That is the only negative point I find in the solution. I hope you guys will work on it and improve your resolution time which will help customers to keep their AlgoSec device healthy.
The network mapping interface could be improved in the next version. In a complex landscape, with several nodes/equipment, it can be somewhat more difficult to properly visualize the network map. It requires several zoom-in and zoom-out operations, and it is not so visually appealing. Nevertheless, it is still a valuable feature and was highly used by my team.
We love all the features of this device. It can be a bit expensive for small companies but they also have a VM model for that. It seems that AlgoSec created a VSYS (Virtual system) for each virtual router name, even though our firewall has only a single VSYS. We are ok to work with this, but if this can be fixed in a future release then that will be great.
Works at a maritime company with 10,001+ employees
Real User
2019-06-26T12:50:00Z
Jun 26, 2019
Some UI experience is a little clunky (for e.g. MAPS module) and could be made more user-friendly. We experienced some initial challenges with technical support, although this considerably improved once the teams got to know one another. The API support isn't as versatile as we would like it to be. It needs more integration.
The user interface is better than some competitors, but it is starting to get old. Space is not always fully used, especially for the risk and compliance part. As example today, Excel file should be used to deal with network segment definition and risk matrix, it is hard to do it directly from user interface and there is no way to organize, order a set of test. Priority should be to improve the user interface for the risk and compliance part, making it more responsive and user-friendly.
The risk matrix implementation is not easy from an Excel file, so it would be nice to have a solution for creating it directly within the web interface. This would be an improvement.
Director of Information Security Operations at a manufacturing company with 1,001-5,000 employees
Real User
2019-06-17T19:53:00Z
Jun 17, 2019
I would like to see Bi-Directional API support in order to integrate with SOAR platforms that provide SOC automation and IRR. Integration with CISO dashboards would be an improvement. It would be nice to have support for IaaS, CASB, and DLP tools, which will allow full life cycle management of security incidents. It would be nice to have an out of the box "best practices recommendation" with the relevant "what-ifs".
Information Security Specialist at a maritime company with 10,001+ employees
Real User
2019-06-14T09:00:00Z
Jun 14, 2019
For the most part, this AlgoSec tool does meet our needs. If I was to think of any improvements I think the main one that stands out to me is confidence in future proofing. A good example is that we are looking at various SOAR which we'd like it to be fully compatible with (but not entirely convinced it is yet). Lastly, I have also heard a few qualms about the technical support and that it could be improved. However, this doesn't detract from the value the tool brings to our business.
I would like to see more object-based reports on groups and object usage. When cleaning up old rules, it is easy to disable the rule and then delete after a while. Trying to find unused groups or used objects in groups gets a little harder and I would like to see an easier view into those objects.
Works at a maritime company with 10,001+ employees
Real User
2019-06-07T14:40:00Z
Jun 7, 2019
In terms of integrations, we would like to see a greater number with the upcoming and next-generation tools (i.e. SOAR and a selection of other SIEMs). This has been a problem for us, as we are going through the process of enhancing our security and some of the products we are looking at are lacking built-in support (integration).
Key-Account-Manager at DATAKOM Gesellschaft für Datenkommunikation mbH
Real User
2019-06-06T10:26:00Z
Jun 6, 2019
It is always possible to improve the product. We would like to have a kind of "Time Capsule" to be able to restore to a certain state from a backup. We would like to have a BSI Compliance Report for Germany. Interfaces are worked on continuously, and small firewall manufacturers such as Sophos should still be included as standard.
The reporting portion is weaker than other competitors, although this is good enough to utilize in our environments. Enhanced integration via API (typically, this is only known by few AlgoSec users). The user interface could be a little more user-friendly. Other competitors have more of a dashboard look and feel. With AlgoSec, you have to launch new windows to see rule usage reports. It can be a little bit difficult when trying to find more information.
AlgoSec now has cloud products that they are rolling out. This is the next space for which everyone is dedicating more resources. We would like to see them utilize the cloud to help with performance improvement, and with various processes needed on a daily basis. We have two remote agents that help with daily processing and would like to integrate more power from the cloud to be as flexible as possible.
Network and Security Engineer at Euronext Technologies
Real User
2019-05-25T14:27:00Z
May 25, 2019
The product is severely lacking in vendor support. They claim to support some devices, but when you dig deeper, it is only basic support, with enterprise-grade features for those devices being unsupported. This is a big deal for us, as several sections of our network are not fully supported which, in turn, does not allow us to fully automate rule creation. Moreover, we cannot perform end to end connectivity checks. One such feature is the lack of VRRP support on devices other than Cisco or Juniper, which causes the software to interpret a non-existent router as the next hop for a particular flow (the VIP address of the VRRP).
The reporting component of AlgoSec Firewall Analyzer is something that, in my view, has room for improvement. It will be welcome in a future version the possibility of having greater granularity, for example when defining the information that we want to see in the reports, to define customized reports by group / user and to make a scheduled sent of the reports. Being more specific, in our use case for operational teams the report to send would only be the summary of changes of all the rules of a day by Firewall. Focused, without adding unnecessary information. Other use case is for GRC teams. The report to send should only be the summary of risk changes of a week or a month, per Firewall. Again focused, without adding unnecessary information.
One important area for improvement is the support for Dell switches, which we have a lot of in our company network. At a minimum, we would like to get information about the routing table to complete the work diagram. We have been told that AlgoSec is working on this, and we expect to have support for those devices soon. We would like to see more features in the GUI so that we don't have to work with the API as extensively. For example, a feature to schedule pushes to the Firewalls at a pre-defined time would be great for us. This way we can schedule the operation to be done at the end of the day, after hours, and have no impact on the users.
The MAP has a persistent issue with a firewall that is using a double BVI (Bridge Virtual Interface). In this configuration, it cannot give the correct and proper topology, so the traffic simulation query cannot run properly between the source and destination.
This product could be improved in several ways, including: * More device support - such as barracuda devices * An automated rollback process and options in active push. when we do a active push Algosec takes a policy backup for recovery purpose. if we did any change using active push from Algosec and if the customer wanted to rollback the particular configuration, better if Algosec able provide automated rollback process through AFF rather creating a manual a ticket. * Software-defined WAN integration and support * Application-aware policy identification and optimization - now a days most of NGFW are creating applications (such as Salesforce, Skype for business etc..) aware policies using their application database. normally destination object will be these applications and not the legacy objects that we created in firewall. if Algosec able to understand these application it will be good move for future market.
There is room for improvement in the rollback process. What we would like to see in the future is related to support. For integration with newly supported devices, we require a proper support matrix with an escalation process.
I would like to suggest that cloud visibility feature is provided in the next release. We would be able to understand how traffic flows from the source to destination.
Based on the conference I just attended, it is improving by Algosec opening their API more. This allows us as a systems integrator to give more value to our clients. We will be able to integrate more things that do not come out of the box.
AlgoSec is my favorite tool because it does what it is designed to do and it does it well. The service I've received from their support teams is second to none. They have always successfully answered my questions and solved my problems. So, it is difficult to improve a solid solution but, not everything is perfect. Having executive type reporting capabilities which explain the security posture and scoring to provide to executive management would be a nice feature to add. Reports can be printed, but an executive summary report would be an improvement.
IT Security Manager at a retailer with 10,001+ employees
Real User
2019-03-01T08:59:00Z
Mar 1, 2019
In my opinion, the user should be granted more flexibility to choose exactly which devices per CMA should be analyzed. The process to replace a decommissioned device with a new device is not straightforward. With the upgrade to CheckPoint R80.xx we have started to see some issues, although this version was already some time on the market, hence I was surprised that there was no full compatibility achieved. Nevertheless, working with support and professional services solved our problems.
* The maps are a little clunky and could be made easier with some automatic layout technology which assists in spacing out the devices for easier viewing.
Deputy CISO/ Security Architect at a financial services firm with 5,001-10,000 employees
Real User
2019-02-19T21:24:00Z
Feb 19, 2019
The product or service could be improved by orchestration or automation that will help in changing the rule sets on the firewalls based on the detected used services/ports and IP addresses.
The only thing I had slight issues with is the web UI which is a bit tricky to navigate. It can be difficult to find what you're looking for without having to click around for a bit, but once you get to know where things are, it's not bad.
I think that AlgoSec could improve the application by improving the treatment speed. If AlgoSec could make few seconds less to analyze research, theses few seconds will be used by my team to be more efficient. I mean, in the Traffic Simulation Query, it will be wonderful if Algosec could find a way to make the research faster than now. In fact, we are often waiting arround 1,30 min to see the results. Maybe something can be done to make this reasearch faster?
Head of IT at a manufacturing company with 10,001+ employees
Real User
2019-02-02T11:31:00Z
Feb 2, 2019
The versioning is a bit weird. We used to use version 2017 which is quite current, but it looks like it is a 2017 version. As far as I know, they want to have this changed soon. Nevertheless, this is something which definitely needs to be improved.
We use the "rules change notification" feature to inform the different firewall managers when someone made a change. The actual change comes in a PDF file attached to the e-mail, while it would be faster to have it directly embedded in the notification mail. Depending on your network topology, the traffic simulator might have some hard time tracing the traffic path between your devices correctly. This has already been improved in the past but could still be enhanced.
Although I'm very satisfied with the product, one of the ways of improving the product could lie, perhaps, in the acceleration of the analysis process and especially in the section — traffic simulation query. Another improvement would be the support of an orchestration of different firewalls in a heterogeneous environment, mainly at the level of the management of the objects so as to have a homogeneous nomenclature.
Security Analyst at a financial services firm with 201-500 employees
Real User
2019-01-15T21:00:00Z
Jan 15, 2019
* The font size on the Changes Summary Report is very small when reading the print out copy. * AlgoSec can look at ways to include a change management workflow process or integrate with third-party ticketing solutions. * Explore ways to detect unused port numbers per firewall rules.
Works at a insurance company with 1,001-5,000 employees
Real User
2018-10-22T21:09:00Z
Oct 22, 2018
I think the product is great from an overall observation, sometimes speed is an issue but I think it could be improved a little bit from a parsing perspective.
Global Network Security Engineer at General Motors
Real User
2018-10-22T14:20:00Z
Oct 22, 2018
Faster HA/DR failover - with very large databases, it takes a long time to failover / failback. Provide even more REST API calls (ex: rule removal API)
Security Consultant at Total System Services, Inc.
Real User
2018-10-19T14:37:00Z
Oct 19, 2018
I look forward to cloud service integration, which is coming in future releases and this should help make the product more of a complete solution. I would also like to see AlgoBot integrate with other communication systems such as Rocket Chat.
Works at a insurance company with 5,001-10,000 employees
Real User
2018-10-19T14:25:00Z
Oct 19, 2018
I always wanted AlgoSec to support cloud base security firewalls such as Amazon security groups-AWS or Microsoft Azure network security groups. Hoping they will have it ready by end of 2018.
Currently, the product is doing everything we have asked for. Its a huge component for our Firewall maintenance. One key component is the integration with ServiceNow for Firewall rule requests. This helps expedite the process and track every step from user to configuration. Some area's where the product can improve is with the knowledgebase. Sometimes you have to do additional reading for your particular error. Some additional features I'd like to see are for the reports. As opposed to showing me the entire objects/rules on the change detection email for that particular firewall, I'd like to see just the changes. I think this would be beneficial to none technical personal that may get overwhelmed with all of the data. Also, having a Linux or programming background makes troubleshooting easier. That is one challenge I'm working on now to improve fixing our issues quicker.
Senior Security Analyst at The Hartford Financial Services Group, Inc.
Real User
2018-10-17T18:58:00Z
Oct 17, 2018
We have had challenges with technical support as mentioned earlier. However, we have a new account team and they are very responsive and addressing our concerns.
The Network Map is a feature that could use work, it is a big piece but is always a moving target with large routing tables in use and speed of use becomes an issue doing queries.
* Support more and more vendors, like minor ones: WatchGuard and others. * Also, it would be interesting if it could analyse iptables and IPFW rules and support migration. * Windows Firewall and Forefront would also be nice since we often need to migrate from those platforms and prove the value of the newly installed solutions.
Sr Firewall Engineer at a tech consulting company with 1,001-5,000 employees
Real User
2018-05-23T19:30:00Z
May 23, 2018
We are still waiting to implement FireFlow, and getting it into place will hopefully speed up our implementation time and help with policy standardization. There have been some difficulties in getting this portion set up in our environment.
AlgoSec, a global cybersecurity leader, empowers organizations to secure application connectivity and cloud-native applications throughout their multi-cloud and hybrid network.
Trusted by more than 1,800 of the world’s leading organizations, AlgoSec’s application-centric approach enables to securely accelerate business application deployment by centrally managing application connectivity and security policies across the public clouds, private clouds, containers, and on-premises networks. ...
I cannot think of anything that could be improved. Everything is good. I would like for there to be more AI functionalities.
AlgoSec is slow when it is loaded with too many firewalls and policies. A plan to take care of heavy usage is to be considered. Support of all firewalls and policy features to be enabled. AlgoSec should support in identifying most hit rules and re-ordering existing firewall rules - this is a very key to manage firewall CPU. A clustering of AlgoSec can also be considered. A group of AlgoSec servers managing large client bases geographically or datacenter-wise or function-wise. A head reporting unit and child processing units.
They need to improve the web interface to be a little more interactive and friendly. It's still not bad, yet it could improve. They could improve AlgoSec academy, as there are some bugs when it comes to advancing resources. When trying to do the certification, I got stuck in one module, which prevented me from completing the certification. The only downside of AlgoSec is that it seems to need some updates as it relates to UX and potentially some more outlined integrations. Specifically with cloud platforms and tools.
Country-specific regulations should be added when required. Doing this on my own with baseline compliance is quite difficult. Additionally, I would like AlgoSec to provide suggestions such as "this object includes that object" for my objects on the Check Point firewall. For my Fortigate manager, the support of the active change feature is important to me. Lastly, the FireFlow interface could be simplified a bit more. I agree that it is user-friendly, but on the other hand, it can be difficult to organize and find certain things.
Enhancements that allow for more automated policy management, change workflows, and orchestration can significantly streamline network security operations. Advanced analytics and reporting capabilities that provide deeper insights into network traffic, security policy effectiveness, compliance, and risk management can be beneficial. Features that allow security policies to be defined and managed based on specific applications' needs would be ideal.
While AlgoSec provides comprehensive visibility and management of security policies across hybrid environments, there is an opportunity to further expand its intelligence capabilities. Specifically, AlgoSec could look to incorporate more machine learning to analyze network traffic patterns and application behavior to detect anomalies indicative of emerging threats and policy violations. Going beyond just mapping connections, it can automatically flag high-risk flows and unusual events for further investigation.
The solution needs improvements in the following areas: * Algosec does not support vendors like Sophos, SonicWall, Forecepoint, and so on. * Traffic simulation and fire flow need to be improved. * The solution has insufficient documentation. * They need to improve tech support in India. * Deleting objects from each firewall is tedious, and it has to be done manually. * An effective topology diagram can be provided. * It is a challenge to combine different security vendors. * To upgrade, we have to upload package files which can be downloaded from the Algosec website, however, downloading takes time.
While AlgoSec offers many advantages, there are some areas for improvement. Certain features, like comments in FireFlow, could be made more customizable. Additionally, some features require a learning curve and may necessitate support from AlgoSec, which can be challenging at times. While AlgoSec offers many advantages, there are some areas for improvement. Certain features, like comments in FireFlow, could be made more customizable. Additionally, some features require a learning curve and may necessitate support from AlgoSec, which can be challenging at times.
To provide comprehensive instructions on product integration, a manual page can be added to the dashboard at the integration point. This will make it simple for the system administrator to incorporate new goods, even if they are unfamiliar with them thoroughly. Every time we integrate a new product, we shouldn't have to wait for coordinated work with a product specialist. Due to the fact that AlgoSec's user interface is less friendly than that of other programs, it might not be appropriate for persons with little experience in security or IT. It does, however, allow for more customization. As a result, the interface can be regarded as more sophisticated.
Introducing greater flexibility in editing alerts would be a highly appreciated improvement. The solution currently faces visibility and compatibility challenges when it comes to Palo Alto firewalls, making it difficult to generate reports. Since the reports heavily rely on logging, the product encounters obstacles with Palo Alto's logging system. Enhancing compatibility with Palo Alto firewall reports is crucial for seamless reporting. A notable customer demand is the implementation of a user-based policy within AlgoSec. This feature would enable the solution to provide advice on user policy rules while also ensuring compatibility with identity awareness functionalities. Meeting this customer requirement would be highly beneficial.
At the integration point, a manual page could be added to the dashboard where directions about the products are explained in detail. In this way, if the system administrator wants to integrate a new product, they will be able to integrate this product by following these directions, even if they do not have deep knowledge of the product in question. Integrating different products should not require us to have to wait for coordinated work with a product specialist.
AlgoSec is not a tool where people with little knowledge of security or IT can find their way around. AlgoSec has a less user-friendly interface compared to competitors, but it is comparatively more customizable. As such, the interface is more on the complex side.
AlgoSec's audit management is not good enough and can be improved. Also, AlgoSec should be made more scalable.
The overall visibility it gives us into our network security policies is pretty good but it has some bugs and shortcomings. It doesn't support all features on our firewalls. For instance, planning changes, which include net rules, doesn't work. It didn't integrate so well with the ACI network. It doesn't work with all firewall rules or with net rules on our firewalls. For about 70 percent of firewall changes it does show us the risks, while for 30 percent of the changes, we can't plan because of these bugs and shortcomings.
Integration with Oracle on the cloud is not supported. I would also like to see integrations with network devices in Layer 2. While it's very focused on some goals that we must apply for security, everything related to network devices, it would help if we could double-click on the network devices of Layer 2 for WiFi and other types of networks.
A few features could be more customizable. For example, one of our issues is related to the comments. When using FireFlow and ActiveChange, the comments by AlgoSec can be changed, but they always have the FireFlow number first. That's mandatory. It can be a bit bothersome because that's sometimes not exactly what we want. The templates we use have some scripts running in the background that aren't easy to change or remake. These options could be improved. Some features take time to learn and understand. It would be hard to figure out without AlgoSec support. Every bug or every problem we encounter is challenging to understand and fix without them. We try to solve our own issues, but sometimes we can't, and we need AlgoSec support.
All our firewalls were renamed, and AlgoSec saw these devices as new devices. As a result, all the reports from the same device but with the old hostname were no longer connected. AlgoSec did not clean up the old reports as well. After a few days, it depleted its own storage, and then, the server became inaccessible. There's no fail-safe for AlgoSec to not stop creating reports if its own storage is at 98% or 99% capacity because the server becomes inaccessible when it reaches 100%. I've also been fighting an issue with the Chisel service running on the server regarding AlgoCare for some time now. I have been in contact with AlgoSec's technical support regarding this, and they've been helpful and responsive.
The documentation could be better.
When we are integrating AlgoSec with a SAML or 2FA authentication tool, there is a small drawback to the solution. When we enter our user ID and password to log in, we get redirected to the console. However, there is no option to log out from the console. We have to close the entire web page in order to log off. The logout page is a mandatory feature that is missing from AlgoSec. AlgoSec cannot be integrated with solutions that require two-step or multi-factor authentication. Embedding multi-factor authentication capability into the solution would be a valuable feature.
My only concern is related to how they count the number of licenses. We have active and standby devices. If someone adds the standby device by mistake and does an analysis, it consumes two licenses. They need to improve the way they are counting the number of licenses because someone can do analysis on a standby device by mistake. We need a way to fix or solve this issue. I noticed that some of the oil companies in Kuwait have started to use AlgoSec Analyzer. I see AlgoSec solutions in Kuwait. AlgoSec needs to have sales engineers here. They should have presales or sales consultants so that they can offer solutions to companies in Kuwait.
I would say that the cases opened with AlgoSec could be solved faster or escalated sooner to the senior engineers/2nd or 3rd tier. AlgoSec Support is very good at responding very fast (faster than the required SLA) and very timely. Their engineers are based either in India or Israel. Each region has its sales person and technical engineer person. Another pet peeve is that there are hotfixes for new issues or bugs at least once a month, if not more frequently. Overall, AlgoSec is trying to improve its case-resolution support team and process, and we are optimistic that our issues or bugs will be fixed much timelier.
AlgoSec integrates with most of the leading firewall vendors, but one issue is that AlgoSec doesn't support Sophos and Forcepoint. AlgoSec competitors, like FireMon, support Forcepoint. I have told AlgoSec a number of times that we have many customers that use Forcepoint. I have asked why they don't support integration with Forcepoint. They have said they don't care about Sophos, Forcepoint, and SonicWall. They don't consider those vendors to be leaders in the firewall market and they don't have plans to support them.
The FireFlow's out-of-the-box workflow configuration/customization wizard could be improved to be more user-friendly and have a shorter learning curve. The current configuration wizard is quite complex and complicated, which will result in the need to engage with an AlgoSec professional services team to perform even the simplest workflow adjustment. I had tried AlgoSec's direct competitor's workflow configuration wizard and found it to suit most organization requirements even though the customization capability may not be as advanced as AlgoSec.
It is already one of the best solutions in its category. Honestly, I have nothing to recommend but I am waiting for the R&D team to develop new features. I mostly have some problems with the integration process. Maybe the integration manual document can be released by AlgoSec and also by the vendors themselves. It is not directly related to AlgoSec. It's more related to the vendors. The firewall configuration recommendations are very helpful, however, sometimes it is very hard to convince anyone from the firewall vendor side. These recommendations should be posted on the vendor webpage or internal documentation as well, as best practice or best configuration recommendations.
It is already one of the best solutions in its category. Honestly, I have nothing to recommend. However, I am waiting for the R&D team develops new features. I mostly have problems with the integration process. Maybe, an integration manual document can be released by AlgoSec and also by the vendors as well if it is not directly related to AlgoSec. They need to have firewall configuration recommendations. While they do offer some, it is sometimes very hard to convince the guys from the firewall vendor side. They should publish these recommendations on the vendor webpage or internal documentation as well, as an example of best practice or best configuration recommendations.
There could be certain improvements such as supporting secure email. We have some cases where the client SMTP /POP email system is discarded, which is very important factor change notifications. Fireflow workflow rule/change implementation for time-based rules is not currently supported. These improvements in upcoming code will definitely help with end-to-end firewall rule implementation. NAT rule implementations were in the roadmap. We are expecting this soon. Certain optimization of AFA/AFF SMS resources would ease daily operations.
Support tickets and engineer assignments are one of the few concerns we are facing these days. Initially, they were hard to co-ordinate with the technical support team and the AlgoSec management team helped us to follow the defined Service Level Agreements. We needed to directly communicate with the integrated solution TAC Teams, let say of Palo Alto or Checkpoint, and we needed to co-ordinate jointly for addressing an issue. The AlgoSec support team came on a joint call to address the issue on time without saying "this is not my cup of tea" and by then we were happy about the support. This happened during one of our major migrations. Our management is expecting us to set up a CXO/CISO dashboard from AlgoSec. It would be great for us if the AlgoSec team could assist in setting up the new benchmark.
I believe the customization of dashboards should be simplified and more user-friendly. Customization inside the domain level needs to be improved.
When we send multiple requests across at once, sometimes it causes errors and FireFlow gets stuck. In cases like this, we have to go back in and fix it.
In the new version H32, there are many, many bugs.
We are using AlgoSec directly against our Cisco Firepower. At first, AlgoSec didn't work with Firepower. It didn't know how to read the logs. So, improvement has been made. Now, the feature that was available on the older generation firewall is available on the current one, but this is a problem which has already been dealt with.
Some of the auditing functionality needs improvement. Our major focus is the firewall validation process and tracking and verifying that changes are implemented correctly. We are actually doing parts of the auditing process manually. And getting any one of the vendors to bring out a good auditing process has been very difficult. AlgoSec does a good job of showing us the changes, but we're doing a manual process to actually audit it and do documentation that we can provide to our auditors that shows we're validating everything, and on top of it, that nothing gets implemented without being caught. Part of that could be improved upon.
In our environment, we add rules in the firewall based on user logins, but currently, we can't do that with AlgoSec. AlgoSec can't create rules based on user logins. For example, generally, when we create a rule, we put IP Address, Destination IP Address, and Service Port. However, in our environment, we put IP Address, User Login, Destination IP Address, and Service Port, but AlgoSec doesn't support a rule in this format. We opened a ticket regarding this with their support two months ago, and they said that they will be able to add it in the future, but they don't know the timeframe. We are currently in the process of making changes in our environment for such rules, and after two months, we won't be using the rules that are based on user logins. We will make them consistent with the market, and we will use only the IP Address, Destination IP Address, and Service Port for rules. So, it won't be a problem for us, but this can be an improvement for other clients.
The analysis part can be improved when I make a flow request. There should be a clear analysis of which metric part needs to be opened and which firewalls will be opened. It should give you a bit more graphical visibility about these. I don't know if it's possible, but there could also be policy enforcement. The reason why firewalls have problems is that standards are not being followed. If the tool that allows you to enter a request doesn't enforce standards, there's too much room for error. Automation does not solve this unless automation follows defined policies and standards. I don't know to what extent those tools can indicate the predefined policy and standards that you put in place. For instance, if you define your level of zero trust, the tool should be able to advise you on what you should do.
If we talk about Cloud and SDN Platforms it support AWS, Azure etc.... I'd like to see this solution support some other Cloud platforms as well such as Alibaba and a GCP to give the customer flexibility.
In late December or early January, we were trying to add another solution, but it wasn't working because there was no support for the version that we were running at that point. After they released the hotfix, that took care of this issue. That particular device was then supported. So, it has been very stable and working fine since then.
AlgoSec needs improvement with its support level. I know that they have 3D architecture like SMB and enterprise on top of that. Some people consider this as a noncritical device. But because it's not as critical as a firewall, some people think that the support level does not need to be equal to a firewall level of support. But if some people are monitoring and managing firewalls through AlgoSec, the level of support should be equal to a firewall level. It shouldn't be dragging over two or three days. I know that they have three levels of support, but at the very first level, I believe you should be able to directly contact the tech and get a solution as soon as possible. The only problem I have with AlgoSec is just its level of support, not with the product. Not with the organization or the documentation or anything else, but if I need any additional support, the only problem is the time it takes to get it.
The initial setup can be complex for beginners.
I would like an analysis to be created for user group rules (Check Point - identity awareness). Current versions of AlgoSec do not perform analysis of Identity awareness (Check Point). It would be important for the user to be able to request a rule by an access role group and then AlgoSec would create this rule automatically in the firewall. An improvement in tool performance would be important. Environments with many devices need a lot of hardware resources to avoid slowdowns. Memory consumption of the server is very high.
AlgoSec can probably do better at introducing features for the cloud firewall scenarios. This is something that will probably help customers. It needs a hybrid scenario that includes private cloud, public cloud, and on-prem things. If a feature could cover all three different types of deployment, that could probably make it even more desirable for clients.
There are areas where auditing rule changes are not accurate. It is important to be accurate when using rule changes, as users need to be accountable for their changes; however, I cannot trust AlgoSec when rule changes come through on reports as they reflect incorrectly. I have taken this up with support and have never really had a resolution for this. I would like to see enhanced dashboards or build meaningful reports for executive consumption. AlgoSec is a fantastic product, and I would like to see more "granular" breakdowns of traffic on IPT traffic analysis for source and destination, as the way it does it currently does not allow me to self problems for rules with ANY in the destination.
Nothing comes to mind in terms of things that need to be improved. In terms of additional features in the next release, more integration with SD-WAN would be valuable. I would also like to see more integration with Cloud security products and services but overall, the product compatibility and integration with multi-vendor and differing platforms/environments is pretty comprehensive. That said, with the fast-moving nature of SD-wan and Cloud Security, product features and enhancements will need to keep pace because clearly, Cloud Security is where the industry will be focusing.
I would like to see support more technologies, but I know that AlgoSec is always in the process of evolution. Perhaps a better financial option would allow customers to choose the complete solution. In an environment that is very large, with many firewalls and routers, it is sometimes impossible to buy all of the licenses. This makes the AFF solution impossible.
This is a tough one because it has a lot of good features. I think that the rate of false positives can be improved. I would like a FireFlow or packet-tracer-like capability at a lower licensing level. I liked the additional capabilities for an analyst or lower-level network admin or service desk tech to be able to check the rules to see if there is something blocking the traffic. However, I was not able to get the licensing approved above just FA. I like the training available as it is very informative, but, I wish it was just available from YouTube and I could easily play it from my cell phone without additional logins.
AlgoSec should explore integrating more multi-vendor platforms and should be looking towards ready infrastructure for providing Infrastructure as service (IAAS) on any cloud platforms as the trend and technology is gradually moving from In House platforms to Cloud platforms. Algosec should also be exploring the integration with the open source firewalls as well. The GUI features of Algosec solution should be more flexible to use and adopt.
The product should support more vendors with the same in-depth analysis that it already is providing. This would give more reasons to for other companies to adopt it and make us preserve the investment in case we change the running environment.
We are running multiple hybrid cloud solutions, working with cloud providers, and looking for API integrations with cloud and related interoperability. Sometimes, when we are trying to delete or disable any rule, it takes more time than expected. Sometimes, the web browser has issues with slowness. It can be worked out with a click or two.
AlgoBot should be more developed by adding more features to the chat. We will be integrating with Cisco ACI soon. Hopefully, new features with this integration will be developed as well in terms of automation. I came across a difficulty recently with a BGP enabled firewall that had a large number of routes. This wasn't directly supported due to a 3000 rule per firewall limit.
I can't think of specific improvements. If anything, the product has been improving in usefulness constantly.
A vulnerability management module might be interesting, though not integrated with a third-party vendor. It should be an AlgoSec VM module. I would like some server integration for vulnerability management. Some PDF reports are not so good. E.g., the graphics and reports are not so good. Sometimes, we need to create graphics and reports to compare security ratings across months and groups.
It would be nice to have a good tool for network map discovery in the GUI to make it more user-friendly. I would also like to be able to check and modify network maps in a graphical and more intuitive way. This will improve our network overview for new deployments and troubleshooting. An API to connect to Palo Alto Prisma and Zscaler to be used after SD-WAN deployment would be a helpful feature. We have discussed this with AlgoSec and are hoping to see it in the near future.
This solution would be improved if it were able to compare configurations and provide recommendations. For example, suggest cluster members.
All of the search options needed are there but the search menu could be a bit more intuitive. In other words, I can perform any search I want without any problems but combining different search parameters can sometimes be a problem. Creating more intuitive menus could be helpful, especially for the first-time users. For example, it would be useful to be able to save searches with complex structure so they can be easily reused with simple change of parameter. Also, "contain" criteria sometimes misses just like ability to search using any value in basic search box, instead of reaching out to Advanced search (it would be great if simple typing IP address, or Project ID in basic search box lists all rules containing such a value).
There are a few things that we have already raised to AlgoSec in order to improve the tool. First, as the highest volume in our network is SaaS traffic, we need to secure this connection. To secure SaaS traffic there are a few vendors such as Palo Alto and Zscaler, but AlgoSec is not yet able to push rules onto these clouds. It’s in the roadmap but this is something that blocks our whole design. The network map design is not very useful for the administrator as the information displayed is not user-friendly.
The GUI has not been upgraded for a long time and could use updating.
There are sometimes issues with the Risky Rules reports where the number of hits is registering zero, but we know that this is incorrect because we have checked the rules and see that they are indeed registering traffic. Sometimes the Trust setting on Firewall rules is changing to trusted by itself.
The UX control panel is in need of improvement.
What the technical teams report to me is that the network maps are a concern and should be improved. It would be easier if the network maps could be updated using the GUI portal instead of from the OS. This would benefit the operations teams working daily with this tool. In the end, we are striving to improve efficiency, and taking into account that Operations are really under pressure from SLAs to keep support ticket queues clean, and with the least amount of backfill possible, it is key to get better tools that make it easier and faster to update the network maps.
It would be very helpful to have a direct link to the relevant firewall policy embedded within reports when there are warnings or risks indicated. Regardless of how serious the risk is, we could jump to the policy with a single click. In this way, the administration would be much easier and we would not have to be changing the screen every time we want to look at or modify something in our firewall. I understand that they are third-party software packages that can achieve this, but it would be more comfortable to have it integrated.
The pricing structure is not good because there is no difference between a Data Center firewall for a small branch. The pricing for smaller installations should be lowered because sometimes there is just no ROI to add AlgoSec to the small branch offices with only 10 rules.
They can make some improvements to the user interface because it can be slow at times.
I would like to be able to see what objects have the same IP, but different names in different firewalls. Since the system is able to show all of the objects for the integrated devices, it can be confusing if one particular object (eg. IP address/host) has different names in different firewalls.
I would be nice to have a good tool for network map discovery in the GUI to make it more user friendly and be able to check and modify network maps in graphical and more intuitive way . This will improve our network overview for new deployments and troubleshooting.
Cisco Firepower device support is limited in our AlgoSec system and I think AlgoSec can improve in that area. For example, in FireFlow we can easily track using the ticketing system to integrated Check Point devices. However, with Cisco Firepower devices, we couldn't integrate with them.
I believe Active Change needs to be improved because not all products are supported, and some functions cannot be implemented by Active Change either. Technical support needs to find solutions more quickly. Active Change could implement routes in Firewalls, it should also be able to perform the creation of APP control and URL filter rules.
I would like to seem improvements in performance and software stability.
I would like an intelligent tuner where it could help update rules with the application ID.
Support for Layer 7 policies, including User-ID and threat profiles with Palo Alto firewalls, has been a pain point from us. We would like to include the additional info specifically because we believe it changes the riskiness of the rule if it is only set for a specific user or a group of users. For example, if we have what looks like an "allow all" to a certain /24 network, but for only one user, we would give that a different score than if no user was identified.
* AlgoSec support needs improvement, and support needs training to better understand customer issues. ( Support team repeatedly fails to understand the customer issues, Response to the support ticket based on the severity is very poor, support team responses to severity 1 or 2 tickets are very very slow. Customer support representative need training on how to handle severity 1 or 2 tickets) * Integration with other appliances needs improvement. ( AlgoSec integration with other ticketing systems like Service Manager / Service now is not good, It needs to have better integration with ticketing systems like Service Now and Atlassian JIRA) * Documentation needs improvement. ( There is lack of documentation integration with other ticketing systems like HP service manager, Rest APIs, SOAP) * There are limited sets of Python API calls, so they need to add more features in the API. * The FireFlow template does not allow the user to perform external actions like sending an email or triggering a specific action. It needs improvement there.
There is huge scope for improvement in the level of support, especially around the issue of resolution time. That is the only negative point I find in the solution. I hope you guys will work on it and improve your resolution time which will help customers to keep their AlgoSec device healthy.
The network mapping interface could be improved in the next version. In a complex landscape, with several nodes/equipment, it can be somewhat more difficult to properly visualize the network map. It requires several zoom-in and zoom-out operations, and it is not so visually appealing. Nevertheless, it is still a valuable feature and was highly used by my team.
We love all the features of this device. It can be a bit expensive for small companies but they also have a VM model for that. It seems that AlgoSec created a VSYS (Virtual system) for each virtual router name, even though our firewall has only a single VSYS. We are ok to work with this, but if this can be fixed in a future release then that will be great.
Some UI experience is a little clunky (for e.g. MAPS module) and could be made more user-friendly. We experienced some initial challenges with technical support, although this considerably improved once the teams got to know one another. The API support isn't as versatile as we would like it to be. It needs more integration.
The user interface is better than some competitors, but it is starting to get old. Space is not always fully used, especially for the risk and compliance part. As example today, Excel file should be used to deal with network segment definition and risk matrix, it is hard to do it directly from user interface and there is no way to organize, order a set of test. Priority should be to improve the user interface for the risk and compliance part, making it more responsive and user-friendly.
The risk matrix implementation is not easy from an Excel file, so it would be nice to have a solution for creating it directly within the web interface. This would be an improvement.
I would like to see Bi-Directional API support in order to integrate with SOAR platforms that provide SOC automation and IRR. Integration with CISO dashboards would be an improvement. It would be nice to have support for IaaS, CASB, and DLP tools, which will allow full life cycle management of security incidents. It would be nice to have an out of the box "best practices recommendation" with the relevant "what-ifs".
For the most part, this AlgoSec tool does meet our needs. If I was to think of any improvements I think the main one that stands out to me is confidence in future proofing. A good example is that we are looking at various SOAR which we'd like it to be fully compatible with (but not entirely convinced it is yet). Lastly, I have also heard a few qualms about the technical support and that it could be improved. However, this doesn't detract from the value the tool brings to our business.
I would like to see more object-based reports on groups and object usage. When cleaning up old rules, it is easy to disable the rule and then delete after a while. Trying to find unused groups or used objects in groups gets a little harder and I would like to see an easier view into those objects.
In terms of integrations, we would like to see a greater number with the upcoming and next-generation tools (i.e. SOAR and a selection of other SIEMs). This has been a problem for us, as we are going through the process of enhancing our security and some of the products we are looking at are lacking built-in support (integration).
It is always possible to improve the product. We would like to have a kind of "Time Capsule" to be able to restore to a certain state from a backup. We would like to have a BSI Compliance Report for Germany. Interfaces are worked on continuously, and small firewall manufacturers such as Sophos should still be included as standard.
We have a complaint about the compliance check, in that sometimes we want to keep rules rather than merge them.
The reporting portion is weaker than other competitors, although this is good enough to utilize in our environments. Enhanced integration via API (typically, this is only known by few AlgoSec users). The user interface could be a little more user-friendly. Other competitors have more of a dashboard look and feel. With AlgoSec, you have to launch new windows to see rule usage reports. It can be a little bit difficult when trying to find more information.
AlgoSec now has cloud products that they are rolling out. This is the next space for which everyone is dedicating more resources. We would like to see them utilize the cloud to help with performance improvement, and with various processes needed on a daily basis. We have two remote agents that help with daily processing and would like to integrate more power from the cloud to be as flexible as possible.
The product is severely lacking in vendor support. They claim to support some devices, but when you dig deeper, it is only basic support, with enterprise-grade features for those devices being unsupported. This is a big deal for us, as several sections of our network are not fully supported which, in turn, does not allow us to fully automate rule creation. Moreover, we cannot perform end to end connectivity checks. One such feature is the lack of VRRP support on devices other than Cisco or Juniper, which causes the software to interpret a non-existent router as the next hop for a particular flow (the VIP address of the VRRP).
The reporting component of AlgoSec Firewall Analyzer is something that, in my view, has room for improvement. It will be welcome in a future version the possibility of having greater granularity, for example when defining the information that we want to see in the reports, to define customized reports by group / user and to make a scheduled sent of the reports. Being more specific, in our use case for operational teams the report to send would only be the summary of changes of all the rules of a day by Firewall. Focused, without adding unnecessary information. Other use case is for GRC teams. The report to send should only be the summary of risk changes of a week or a month, per Firewall. Again focused, without adding unnecessary information.
One important area for improvement is the support for Dell switches, which we have a lot of in our company network. At a minimum, we would like to get information about the routing table to complete the work diagram. We have been told that AlgoSec is working on this, and we expect to have support for those devices soon. We would like to see more features in the GUI so that we don't have to work with the API as extensively. For example, a feature to schedule pushes to the Firewalls at a pre-defined time would be great for us. This way we can schedule the operation to be done at the end of the day, after hours, and have no impact on the users.
The MAP has a persistent issue with a firewall that is using a double BVI (Bridge Virtual Interface). In this configuration, it cannot give the correct and proper topology, so the traffic simulation query cannot run properly between the source and destination.
This product could be improved in several ways, including: * More device support - such as barracuda devices * An automated rollback process and options in active push. when we do a active push Algosec takes a policy backup for recovery purpose. if we did any change using active push from Algosec and if the customer wanted to rollback the particular configuration, better if Algosec able provide automated rollback process through AFF rather creating a manual a ticket. * Software-defined WAN integration and support * Application-aware policy identification and optimization - now a days most of NGFW are creating applications (such as Salesforce, Skype for business etc..) aware policies using their application database. normally destination object will be these applications and not the legacy objects that we created in firewall. if Algosec able to understand these application it will be good move for future market.
There is room for improvement in the rollback process. What we would like to see in the future is related to support. For integration with newly supported devices, we require a proper support matrix with an escalation process.
The product has a lot of great features already. However, I would like the reporting to be more customizable, as per user and auditing needs.
I would like to suggest that cloud visibility feature is provided in the next release. We would be able to understand how traffic flows from the source to destination.
Based on the conference I just attended, it is improving by Algosec opening their API more. This allows us as a systems integrator to give more value to our clients. We will be able to integrate more things that do not come out of the box.
AlgoSec is my favorite tool because it does what it is designed to do and it does it well. The service I've received from their support teams is second to none. They have always successfully answered my questions and solved my problems. So, it is difficult to improve a solid solution but, not everything is perfect. Having executive type reporting capabilities which explain the security posture and scoring to provide to executive management would be a nice feature to add. Reports can be printed, but an executive summary report would be an improvement.
In my opinion, the user should be granted more flexibility to choose exactly which devices per CMA should be analyzed. The process to replace a decommissioned device with a new device is not straightforward. With the upgrade to CheckPoint R80.xx we have started to see some issues, although this version was already some time on the market, hence I was surprised that there was no full compatibility achieved. Nevertheless, working with support and professional services solved our problems.
Ability to manage more diversity of equipment, as well as simplify the management of the various workflows.
The production needs to be smarter and maybe have some AI capabilities to provide better firewall optimization and workflow integration.
* The maps are a little clunky and could be made easier with some automatic layout technology which assists in spacing out the devices for easier viewing.
The product or service could be improved by orchestration or automation that will help in changing the rule sets on the firewalls based on the detected used services/ports and IP addresses.
The only thing I had slight issues with is the web UI which is a bit tricky to navigate. It can be difficult to find what you're looking for without having to click around for a bit, but once you get to know where things are, it's not bad.
I think that AlgoSec could improve the application by improving the treatment speed. If AlgoSec could make few seconds less to analyze research, theses few seconds will be used by my team to be more efficient. I mean, in the Traffic Simulation Query, it will be wonderful if Algosec could find a way to make the research faster than now. In fact, we are often waiting arround 1,30 min to see the results. Maybe something can be done to make this reasearch faster?
The versioning is a bit weird. We used to use version 2017 which is quite current, but it looks like it is a 2017 version. As far as I know, they want to have this changed soon. Nevertheless, this is something which definitely needs to be improved.
We use the "rules change notification" feature to inform the different firewall managers when someone made a change. The actual change comes in a PDF file attached to the e-mail, while it would be faster to have it directly embedded in the notification mail. Depending on your network topology, the traffic simulator might have some hard time tracing the traffic path between your devices correctly. This has already been improved in the past but could still be enhanced.
Although I'm very satisfied with the product, one of the ways of improving the product could lie, perhaps, in the acceleration of the analysis process and especially in the section — traffic simulation query. Another improvement would be the support of an orchestration of different firewalls in a heterogeneous environment, mainly at the level of the management of the objects so as to have a homogeneous nomenclature.
The tech support and ticketing system could use some improvement and need more of a personal touch.
* The font size on the Changes Summary Report is very small when reading the print out copy. * AlgoSec can look at ways to include a change management workflow process or integrate with third-party ticketing solutions. * Explore ways to detect unused port numbers per firewall rules.
Support/upgrade processes and documentation. The platform would benefit from additional support articles and guides on the Algopedia knowledge base.
I think the product is great from an overall observation, sometimes speed is an issue but I think it could be improved a little bit from a parsing perspective.
Faster HA/DR failover - with very large databases, it takes a long time to failover / failback. Provide even more REST API calls (ex: rule removal API)
I look forward to cloud service integration, which is coming in future releases and this should help make the product more of a complete solution. I would also like to see AlgoBot integrate with other communication systems such as Rocket Chat.
I always wanted AlgoSec to support cloud base security firewalls such as Amazon security groups-AWS or Microsoft Azure network security groups. Hoping they will have it ready by end of 2018.
Currently, the product is doing everything we have asked for. Its a huge component for our Firewall maintenance. One key component is the integration with ServiceNow for Firewall rule requests. This helps expedite the process and track every step from user to configuration. Some area's where the product can improve is with the knowledgebase. Sometimes you have to do additional reading for your particular error. Some additional features I'd like to see are for the reports. As opposed to showing me the entire objects/rules on the change detection email for that particular firewall, I'd like to see just the changes. I think this would be beneficial to none technical personal that may get overwhelmed with all of the data. Also, having a Linux or programming background makes troubleshooting easier. That is one challenge I'm working on now to improve fixing our issues quicker.
We have had challenges with technical support as mentioned earlier. However, we have a new account team and they are very responsive and addressing our concerns.
The Network Map is a feature that could use work, it is a big piece but is always a moving target with large routing tables in use and speed of use becomes an issue doing queries.
* Support more and more vendors, like minor ones: WatchGuard and others. * Also, it would be interesting if it could analyse iptables and IPFW rules and support migration. * Windows Firewall and Forefront would also be nice since we often need to migrate from those platforms and prove the value of the newly installed solutions.
* The reporting could be a bit better. * FireFlow was a bit tricky to configure with its customized flows. Maybe the latest release will resolve this.
* It needs better API integration with its third-party firewall management. * It needs support for its cloud-based solution.
Further integration with ACI and NSX will be key to our customers' requirements moving forward, as customers adopt new, innovative environments.
We are still waiting to implement FireFlow, and getting it into place will hopefully speed up our implementation time and help with policy standardization. There have been some difficulties in getting this portion set up in our environment.