NetIQ Sentinel v7.1
April 01, 2014
$9,680 (includes both license and first year of maintenance).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A good list of compliance reporting, and integration with other products.
- Weaknesses: Unclear extra fees and some difficulty knowing how to use filters.
- Verdict: This is a good, industrial-strength product.
NetIQ's SIEM helps to quickly identify and respond to threats and to simplify management and compliance reporting. It delivers scalable log collection, aggregation, correlation, and analysis and reporting capabilities through flexible deployment options. Events are collected, securely transmitted to a Sentinel server, parsed, normalized, tagged and then routed for correlation and archiving. The log archive is a compressed, high-performing, two-tier file store. Policies allow important and frequently queried information to be stored on expensive, higher performing disks and less critical information on inexpensive remote storage. Sentinel provides for seamless reporting across these stores to address log-retention requirements with online storage. Log archive components can be deployed in a federated model to address regulatory, political and network-connectivity constraints. The offering includes a set of out-of-the-box reports and report templates.
Analysis of events is provided through anomaly detection, threat correlation and dynamic search. Correlation rules and baselines are created by dragging and dropping event fields into selection boxes. The correlation rules are created on a cross-platform basis, removing the need for deep expertise in event types of each event source. Sentinel also supports user-activity monitoring, allowing the user-review activity in the context of the user involved and their role in the organization. To identify threats, Sentinel Advisor correlates information from IPS/IDS systems against known vulnerabilities. When an incident is identified, the organization can manage the incident within the context process based on third party or custom systems, such as ticketing systems.
Documentation came on a USB adapter. The virtual appliance that was to be used to install the product was not on the USB device. The support rep verified this and recommended we use the company's cloud solution. Reviewing the documents supplied by NetIQ made it clear that the standard installation and configuration would be an easy task. Minimum system requirements typically include a virtual machine on a laptop. Depending on the scope of the evaluation and the Encapsulated PostScript (EPS) and storage needs, a similar approach could be used. Sentinel documentation describes a minimum configuration as a single server with four cores, 500GB disk and 6GB RAM.
Support includes several options, and for some packages it was difficult for us to determine the actual service and fee schedules. NetIQ recommends potential users go to the website for more information. The following information is summarized to try and clarify the information provided. All packages have access to phone and email support, access to the company's website resources, a knowledge base and a FAQ list
Basic no-cost support is offered. Options include access to the product knowledge base and support forums with access to online documentation. Standard maintenance provides 12/5 aid. The fees vary depending on the customer contract. Multiple options for fee-based assistance are available depending. Priority maintenance provides 24/7 support in addition to standard maintenance.
The overall value for the money spent was good.
Sign up to our newsletters
SC Magazine Articles
- CTB-Locker ransomware variant being distributed in spam campaign
- 'Sexy Girls' wallpaper app in Google Play store accessed account info
- Proposed CFAA revisions agitate IT security community
- New attack uses ransomware to drop trojans and keyloggers
- Firm finds link between Regin spy tool and QWERTY keylogger
- Zeus variant targeting Canadian banks, U.S. banks may also be a target
- Winnti trojan may help set stage for Skeleton Key attacks, analysts say
- FTC settles with revenge porn site operator
- Upatre, Dyre used in Univ. of Florida attack
- Wisconsin chiropractic clinic notifies 3,000 patients of insider breach