AlgoSec Security Management Suite
Strengths: Solid connectivity management tied closely to business requirements, policies and regulatory requirements.
Weaknesses: Focused on a single, technical aspect of managing risk.
Verdict: There is a place for this in just about any large organisation.
This is a very specialised product. Its premise - and a good one it is - is that the firewall(s) manage the risk in any system. Therefore, AlgoSec has gone to some pains to meld firewall management and business flow into a single risk management package. The notion that cyber-threats cut across the entire organisation - and that a misconfigured firewall can put the entire organisation at risk - has merit. The problem, and the main issue that this product addresses, is that in a large enterprise there can be lots of firewalls - not all at the perimeter - and those firewalls all have different duties to perform. Those duties can become complex under most business scenarios, so managing those firewalls correctly - with full knowledge of their individual purposes and interactions - is important. But that is pretty hard to maintain control of for humans. Firewalls can have thousands of rules and if those rules interact incorrectly there is a new vulnerability and, taken with today's threatscape, serious risk to the organisation can be the result.
AlgoSec addresses this with three modules: BusinessFlow, FireFlow and Firewall Analyser. Each of these has specific tasks. BusinessFlow is where connectivity for business applications is discovered and mapped to the underlying network infrastructure. FireFlow automates the security change management function. Policy is translated into configuration, saving effort and limiting misconfigurations that could introduce vulnerabilities and, by extension, risks into the enterprise. Firewall Analyser examines network security policies and applies them properly to network configuration automatically. The Analyser is also where troubleshooting, risk analysis and auditing occur. In short, the suite manages the entire lifecycle of the security policy.
The suite can work across on-premise and both private and public clouds. The system integrates with such vulnerability testing tools as Qualys and Nessus to consume vulnerability data. This occurs in the BusinessFlow module and that is a good place to start when using the tool. The dashboard is clean and fairly traditional with views of the important aspects of the enterprise, such as changed applications, most vulnerable applications, etc. Substantial drill-down is available from a sidebar. This drill-down takes you to the application level where there is more data and more drill-downs.
One thing we liked was that when connectivity is lost between two devices, the system reports it, prompts for policy and then attempts to resolve the problem automatically. This is important because a small change in connectivity can have significant impact on other devices. And when there are hundreds of thousands of rules involved, security and policy-driven configuration correction is very tricky for humans.
Another thing we liked was the ability to decommission applications when necessary. Once the application is decommissioned, the system makes the appropriate changes in a configuration based on security policy and then tests the fix. This leads to being able to deploy a change theoretically and seeing what the impact would be.
FireFlow provides validation of changes and their impacts, makes sure that they are implemented correctly and, if troubleshooting is necessary, facilitates that as well. Searching in this tool is exceptional. Searches by rule are good audit tools, ensuring that actual configurations comport with the policies they are intended to enforce. We also liked rule certification. When a rule becomes potentially obsolete, the system notifies the owner of the rule and if it needs to be decommissioned it can be. If not, it can be recertified for another term. Firewall Analyser can create a network map, perform traffic simulations and apply AlgoSec's excellent analytics.
While we really like this tool, we wish that it was a bit more broad-based. However, it is far from being a one-trick pony even though it focuses on the connectivity in the enterprise. It is a valid argument that misconfigured connectivity is the nemesis of good security and risk management, so there absolutely is a place for this in the risk management arena. It is very reasonably priced so mixing it with other tools is practical.