April 01, 2013
$48,400, including license and first-year maintenance.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Highly intelligent SIEM analysis capabilities.
- Weaknesses: High cost for a software only product.
- Verdict: Strong product, but quite pricey for software only.
Sentinel from NetIQ offers a lot of robust SIEM features and functions. This product features log collection, aggregation, correlation and analysis and reporting - all from one single point that is easy to use and manage. Administrators and security personnel can use this tool to gain a great amount of insight into security events, as well as prevent threats that may be unseen without the use of Sentinel's powerful log correlation engine.
We found this solution to be of average difficulty to set up and deploy. The product comes as a software package that can be installed on either a Microsoft Windows or Enterprise Linux server. NetIQ recommends the Linux deployment, so that is the one we had for evaluation. Overall, we found the installation to go pretty smoothly. It required minimal Linux experience. After installation was complete, we were able to manage the entire product from a web-based management interface. Included in this interface is the Sentinel Control Center, which provides a centralized interface to manage data and analysis of events.
Once we became comfortable navigating around the various dashboards and menus of the appliance interface, we found this product to include a wide variety of reporting and analysis capabilities. This tool includes a fair amount of automation and remediation capabilities as well. Once configured, Sentinel will be able to detect anomalies in the network and event baseline and provide remediation and threat information automatically. Aside from threat monitoring and event management, this product also integrates with identity management platforms to help create a more specific picture of an event by tying in user information and logging. Sentinel also can correlate information from intrusion prevention systems (IPS)/intrusion detection system (IDS) sensors against known vulnerabilities to help identify possible threats before they become a problem.
Documentation included many PDF guides and manuals, including installation and administration guides. Other materials included a quick-start and a user guide. We found all to be nicely organized and to include many step-by-step instructions, along with screen shots. We also found overlap in the manuals, which made finding information on specific configurations easy.
NetIQ offers both 12/5 and 24/7 product support levels to customers as part of an agreement. This includes phone- and email-based technical aid along with access to product and software updates and upgrades. Customers also can access an area on the website at no cost. This includes a knowledge base and other resources. Furthermore, users also can access a full user forum that features many custom-built connectors and helpful information from product users.
At a price of about $48,400 for the software and one year of support, this product is quite costly for a software-only product. We find NetIQ Sentinel to be a slightly above average value for the money. While this tool does carry a monstrous price tag, it also includes a great amount of intelligent features and functions that give it solid SIEM capability, which helps make it worth the overall cost.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Syrian Electronic Army redirects Gigya, briefly compromises media sites on Thanksgiving Day
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say