AlgoSec Security Management Solution
Strengths: Very nicely integrated two-way communication between modules and a clear focus on application communications. This next generation tool is clearly business-oriented.
Weaknesses: The support packages are pricey on top of a moderately expensive base product price.
Verdict: This one is worth a close look. It has all the tools you need to manage the security on your enterprise and it is very straightforward to use.
This tool is a next generation risk and policy management tool that depends a lot on application flows to maintain security. It consists of three modules, AlgoSec BusinessFlow for application discovery and connectivity management (includes AutoDiscovery), AlgoSec FireFlow®for security policy change automation, and AlgoSec Firewall Analyzer® for Network abstraction and policy analysis. As part of its AutoDiscovery, the tool builds and maintains a dynamic topology-aware network map that simulates traffic patterns. Much of what this tool does is based upon interaction with firewalls.
We started by examining BusinessFlow. This gave us a good view of the behavior of applications on the enterprise including those that were blocked or connected as well as a historical view of changes on the network. We selected an application to examine in more depth. This told us that the application had several specific flows that it needed to work. Drilling down deeper we could see the flows in detail on a flow map. Picking the server on which our application is running we could see the detailed flows for just that server.
One more drill-down gave us a view of the application flows imposed on the server flows and we could see where the application was running and what it needed to stay healthy. This let us move the application from AutoDiscovery into BusinessFlow where we could manage it. This resulted in an application flow map that let us manage the firewall rules involved with this application. Our last drill-down gave us a look at the vulnerabilities in the application. However, if there had been a communications loss due to misconfiguration, we could configure the tool to correct it automatically.
Then we moved to FireFlow which manages change requests, whether manual or automated. We noted that a change that was necessary in our application had been reflected in FireFlow. Drilling down here gets us a flow map that shows where the misconfigured firewalls were that were preventing the application from working. Here we had the choice of manually initiating the remediation or letting the tool do it for us, no-touch. Once that was done, the tool would look for other firewalls that needed the same fix and take care of them as well.
It was not enough that we initiated the remediation. We needed to be sure that it was (A) correct and, (B), didn't break anything. This is a task that good firewall engineers do and they usually bring another engineer into the process as a sort of peer review. In the case of the Algosec tool, it simply runs Smart Validation with no user involvement. This is an automated peer review and is far more likely to catch errors than a manual review, and, of course, it is way faster.
The tool also can audit the rule sets starting with search by rule and including policy removal and recertification based upon requests. It uses a workflow that is specific to recertification and creates an audit trail of the whole process including the emails with the people who created the policy initially.
Finally, we ended up in the FirewallAnalyzer. This gives us flow maps, traffic simulation and something we liked: a risky rules list. We've seen this before, of course, but a nice touch in this case is that the report is more than a report. It is actionable and automated. Cleanup is a piece of cake. Firewall rule sets in the product look like they do in the actual firewall making its use easier on the firewall engineers since all normalization is done automatically. The web site is complete. Basic no-cost support offers little more than access to the customer portal which is quite complete with lots of information.
There are three levels of paid support: Basic, Preferred and Premium. Basic gets you such things as upgrades, patches and hot fixes. Support at this level is by email only and has a 20% fee attached. From this point it gets rather pricey. Preferred is a 30% fee and Premium is 40%. The manuals are what we expect.