NetIQ Sentinel v7.1
April 01, 2014
$9,680 (includes both license and first year of maintenance).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A good list of compliance reporting, and integration with other products.
- Weaknesses: Unclear extra fees and some difficulty knowing how to use filters.
- Verdict: This is a good, industrial-strength product.
NetIQ's SIEM helps to quickly identify and respond to threats and to simplify management and compliance reporting. It delivers scalable log collection, aggregation, correlation, and analysis and reporting capabilities through flexible deployment options. Events are collected, securely transmitted to a Sentinel server, parsed, normalized, tagged and then routed for correlation and archiving. The log archive is a compressed, high-performing, two-tier file store. Policies allow important and frequently queried information to be stored on expensive, higher performing disks and less critical information on inexpensive remote storage. Sentinel provides for seamless reporting across these stores to address log-retention requirements with online storage. Log archive components can be deployed in a federated model to address regulatory, political and network-connectivity constraints. The offering includes a set of out-of-the-box reports and report templates.
Analysis of events is provided through anomaly detection, threat correlation and dynamic search. Correlation rules and baselines are created by dragging and dropping event fields into selection boxes. The correlation rules are created on a cross-platform basis, removing the need for deep expertise in event types of each event source. Sentinel also supports user-activity monitoring, allowing the user-review activity in the context of the user involved and their role in the organization. To identify threats, Sentinel Advisor correlates information from IPS/IDS systems against known vulnerabilities. When an incident is identified, the organization can manage the incident within the context process based on third party or custom systems, such as ticketing systems.
Documentation came on a USB adapter. The virtual appliance that was to be used to install the product was not on the USB device. The support rep verified this and recommended we use the company's cloud solution. Reviewing the documents supplied by NetIQ made it clear that the standard installation and configuration would be an easy task. Minimum system requirements typically include a virtual machine on a laptop. Depending on the scope of the evaluation and the Encapsulated PostScript (EPS) and storage needs, a similar approach could be used. Sentinel documentation describes a minimum configuration as a single server with four cores, 500GB disk and 6GB RAM.
Support includes several options, and for some packages it was difficult for us to determine the actual service and fee schedules. NetIQ recommends potential users go to the website for more information. The following information is summarized to try and clarify the information provided. All packages have access to phone and email support, access to the company's website resources, a knowledge base and a FAQ list
Basic no-cost support is offered. Options include access to the product knowledge base and support forums with access to online documentation. Standard maintenance provides 12/5 aid. The fees vary depending on the customer contract. Multiple options for fee-based assistance are available depending. Priority maintenance provides 24/7 support in addition to standard maintenance.
The overall value for the money spent was good.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Logjam attack exposes data passed over TLS connections
- Google releases Chrome 43, addresses 37 bugs
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes