NetIQ Security Manager
Strengths: Comprehensive functionality, straightforward user interfaces.
Weaknesses: Implementation could be a little involved in some instances.
Verdict: A potentially powerful and comprehensive product.
This comprehensive product seems to offer a great deal: event monitoring and management; intrusion detection; comprehensive reporting and analysis. All this, plus three printed manuals, an installation guide, user guide and programming guide.
Installation itself could be a little trying because the software, as is often the case these days, requires a particular platform to work with. Various architectures are catered for and this is well covered in the documentation.
NetIQ Security Manager can be thought of as three primary modules – the Event Manager, the Intrusion Manager and the Log Manager. The general idea is that information is captured and consolidated into a central repository in order to support trend analysis and reports.
The Event Manager collects event-related information from a variety of locations and sources distributed across your network. It will thus interoperate with various firewall and security products as well as distributed agents in order to gather this information.
The Intrusion Manager will help guard against intrusion and attacks by monitoring log files on networked computers. If it spots anything suspicious, it can be configured to email or page support personnel, and generate an alert at the console position. It can do this for Windows, Linux and Unix computers.
The Log Manager is responsible for gathering everything together into a SQL Server database in order to be able to analyze, query and report on the potentially significant amount of data generated. For many, this will be the primary function of such a tool and NetIQ Security Manager does not disappoint in this respect, with an arsenal of built-in knowledge available to assist. Security Manager is also capable of taking action automatically in order to shut down services where appropriate in relation to events.
It also features a degree of event correlation, enabling you to set up rules to cover sequences of events that might be important to you. All this is achieved through intuitive user interfaces that will be familiar to those steeped in a Microsoft environment.
There is more to this tool than can be covered within a short review, but if you are looking for this type of product, it is certainly worth a closer look.