AlgoSec vs. Darktrace vs. FireMon

It works okay for auditing existing network systems but seems to have trouble with cloud configurations.

Incentivized

Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.

Incentivized

FireMon is best used in a large environment (for example, I have >100
firewalls in my environment). It's best used when trying to improve
security posture and showing changes in firewall security over time. It
might not be the best choice for smaller environments or those that aren't concerned about security management.

Incentivized

• Firewall policy overview and optimisation by rule reordering and suggestions to delete unused rules
• Network map overview and implement topology changes based on source destination and port
• Pci audit results and recommendations for a better score
• Discover application based flows through auto-discovery and make changes to those flow.

Incentivized

• Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
• Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
• Darktrace comes with it autonomous AI model detection and responses capabilities.
• Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.

• Give good real time reporting for anyone making a change to any of our firewalls
• Provides good reporting tools that are out of box
• Provide good customization tools that is specific to our needs
• Upgrades are a simple process and support does relatively well with assisting us.

Incentivized

• AlgoSec need to work on their support in India.
• Insufficient documentation.
• It should support other platforms like GCP, Alibaba, etc.

Incentivized

• There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.

Incentivized

• Some features could be added to the existing functionality which include NAT rules usage
• Rule expiration normalization from firewalls rather than entering them in rule documentation
• .csv exports of the files from the firewall pane only gives usage for 30 days by default and that should be increased

Incentivized

It's a powerfull product that help administrators to provide email security to our organization.

Good metrics about received emails that help us to determine in doubt case if the email is a false positive or it's malware.

They're improving the product releasing continuous updates and have mobile phone app to manage it.

Incentivized

The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.

Incentivized

It worked great for on-site systems but does not scale effectively.

Incentivized

The Darktrace toolset is very expansive, allowing it to handle many different tasks, but this leads to a user interface that is sometimes not at all intuitive. Icons don't always make sense visually, and the associated tool tips do not always provide enough detail on what action the button performs

Incentivized

It save me time and I'm able to have the review - review the rule independently with using my time.

Incentivized

FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.

Incentivized

I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.

Incentivized

Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.

Incentivized

FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.

Incentivized

Implementation is fairly simple. Most issues can be resolved by referencing manuals.

Incentivized

User friendliness of Algosec is great!

Incentivized

We did NOT select Darktrace. OSSIM/AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.

Incentivized

I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them

Incentivized

Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.

Incentivized

• Algosec has helped customers across the globe optimize their firewall policies and bring the best performance off their devices
• AlgoSec supports a wide range of devices and is constantly working to include support for many others
• The support and professional services team at AlgoSec is very knowledgeable and supportive.

Incentivized

• One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network.
• If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind.
• You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic.

Incentivized

• FireMon's Compliance Reporting provided an immediate and tangible benefit
• FireMon helps identify egregious or erroneous rules quickly across multiple platforms
• FireMon took our audit process from an Excel spreadsheet into a far more advanced process with readily available context for reviewers

Incentivized