NetIQ Sentinel v7.1
April 01, 2014
$9,680 (includes both license and first year of maintenance).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A good list of compliance reporting, and integration with other products.
- Weaknesses: Unclear extra fees and some difficulty knowing how to use filters.
- Verdict: This is a good, industrial-strength product.
NetIQ's SIEM helps to quickly identify and respond to threats and to simplify management and compliance reporting. It delivers scalable log collection, aggregation, correlation, and analysis and reporting capabilities through flexible deployment options. Events are collected, securely transmitted to a Sentinel server, parsed, normalized, tagged and then routed for correlation and archiving. The log archive is a compressed, high-performing, two-tier file store. Policies allow important and frequently queried information to be stored on expensive, higher performing disks and less critical information on inexpensive remote storage. Sentinel provides for seamless reporting across these stores to address log-retention requirements with online storage. Log archive components can be deployed in a federated model to address regulatory, political and network-connectivity constraints. The offering includes a set of out-of-the-box reports and report templates.
Analysis of events is provided through anomaly detection, threat correlation and dynamic search. Correlation rules and baselines are created by dragging and dropping event fields into selection boxes. The correlation rules are created on a cross-platform basis, removing the need for deep expertise in event types of each event source. Sentinel also supports user-activity monitoring, allowing the user-review activity in the context of the user involved and their role in the organization. To identify threats, Sentinel Advisor correlates information from IPS/IDS systems against known vulnerabilities. When an incident is identified, the organization can manage the incident within the context process based on third party or custom systems, such as ticketing systems.
Documentation came on a USB adapter. The virtual appliance that was to be used to install the product was not on the USB device. The support rep verified this and recommended we use the company's cloud solution. Reviewing the documents supplied by NetIQ made it clear that the standard installation and configuration would be an easy task. Minimum system requirements typically include a virtual machine on a laptop. Depending on the scope of the evaluation and the Encapsulated PostScript (EPS) and storage needs, a similar approach could be used. Sentinel documentation describes a minimum configuration as a single server with four cores, 500GB disk and 6GB RAM.
Support includes several options, and for some packages it was difficult for us to determine the actual service and fee schedules. NetIQ recommends potential users go to the website for more information. The following information is summarized to try and clarify the information provided. All packages have access to phone and email support, access to the company's website resources, a knowledge base and a FAQ list
Basic no-cost support is offered. Options include access to the product knowledge base and support forums with access to online documentation. Standard maintenance provides 12/5 aid. The fees vary depending on the customer contract. Multiple options for fee-based assistance are available depending. Priority maintenance provides 24/7 support in addition to standard maintenance.
The overall value for the money spent was good.
Sign up to our newsletters
SC Magazine Articles
- Popular adult website XTube compromised, delivers malware
- Android vulnerability leaves apps open to malicious overwriting
- One in three of the top million websites are 'risky,' researchers find
- Orgs predict $53M risk, on average, from crypto key, digital cert attacks
- Hanjuan Exploit Kit leveraged in malvertising campaign
- Report: 71 percent of orgs were successfully attacked in 2014
- Self-deleting malware targets home routers to gather information
- 'PoSeidon' point-of-sale malware targets payment card information
- Amedisys notifies nearly 7,000 individuals of potential breach
- Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014
- IBM will invest $3 billion in new IoT unit
- Infostealer Laziok targets energy companies
- 30 percent of practitioners say they would pay cyber extortionists to retrieve their data
- The best defense is a good offense: The importance of securing your endpoints
- British Airways says rewards accounts hacked, locked down