NetIQ Sentinel OverviewUNIXBusinessApplication

NetIQ Sentinel is the #17 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give NetIQ Sentinel an average rating of 8.6 out of 10. NetIQ Sentinel is most commonly compared to Microsoft Sentinel: NetIQ Sentinel vs Microsoft Sentinel. NetIQ Sentinel is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.
Buyer's Guide

Download the Security Information and Event Management (SIEM) Buyer's Guide including reviews and more. Updated: November 2022

What is NetIQ Sentinel?
NetIQ Sentinel is a full-featured Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers the true "actionable intelligence" security professionals need to quickly understand their threat posture and prioritize response.

NetIQ Sentinel was previously known as Novell SIEM.

NetIQ Sentinel Customers
Faysal Bank, GaVI, Handelsbanken, ISC Mªnster, Lambeth Council, Swisscard, The Municipality of Siena, Tukes, University of Dayton, University of the Sunshine Coast
NetIQ Sentinel Video

NetIQ Sentinel Pricing Advice

What users are saying about NetIQ Sentinel pricing:
"We receive a pricing discount because of our ongoing partnership with Micro Focus."

NetIQ Sentinel Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Dennis Dirks - PeerSpot reviewer
Compliancy, Security & Identity consultant at TMD informatisering BV
Consultant
Top 10
The business intelligence engine keeps track of everything and alerts us of anything unexpected
Pros and Cons
  • "One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
  • "This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."

What is our primary use case?

There are a lot of use cases of this solution. For a customer of ours, we connected it to both their active directory and their entrance system: the key card swipe application database. We set up a rule where, when people do not enter the building using their key card and they try to authenticate locally to the active directory, it is considered strange behavior—their account is immediately locked and a message is sent to security. 

We set up the business intelligence engine with a university in Belgium, and the artificial intelligence part of the solution figured out that something strange was happening. What happened was that a professor changed grades for all of his students, which is not strange at all. He authenticated it with the right username and password, but, as far as the artificial intelligence engine was concerned, it was suspicious because he never did that on Tuesday nights at 11:30-ish. Also, when he did authenticate it and change grades, it was usually for a couple of students for the same test, and not for one student for some of his tests. So it was these students who had obtained the username and password combination for the professor and sat outside of the university building, connecting to the wifi and changing his grades. Sentinel caught that, and we were able to prove what happened. 

We have this solution deployed on-prem. 

What is most valuable?

One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. 

Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this. 

What needs improvement?

This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions. 

As for additional features, even when I compare it to other systems, like Splunk, I think we've covered most things. 

For how long have I used the solution?

I have been working with NetIQ Sentinel since 1997. We are a Micro Focus NetIQ partner, and I do their advanced technical trainings on Sentinel for them. 

Buyer's Guide
Security Information and Event Management (SIEM)
November 2022
Find out what your peers are saying about Micro Focus, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: November 2022.
654,218 professionals have used our research since 2012.

What do I think about the stability of the solution?

This product is very reliable and trustworthy. 

What do I think about the scalability of the solution?

This solution is easy to scale up until about 24,000 events per second. After that, if you require more—which is an unbelievably large amount of events happening every second—you can change portions of the system to include things like Hadoop technology, and then it will scale to whatever. So it's pretty easy to scale, up until 24,000 events per second, and after that, installing Cloudera and Hadoop and all the other stuff is a bit challenging, but I've only seen one customer reach that amount of events per second. 

It's usually large companies that go for this solution. This technology is frequently used by credit card companies, school districts, and universities. This is because there is a special price—solutions like this are usually pretty expensive and can easily run into 200,000 euros a year, but school districts get it for something like four euros per employee, with the same functionality. For them, it's a very cheap way to get an enterprise-level solution, but apart from that special price, it's usually the large companies that invest in something like this. Small- to medium-sized companies sometimes have a requirement for this because of regulations concerning credit card transactions, so we offer to host that for them and they use our shared installation. 

How are customer service and support?

Technical support for Micro Focus/NetIQ has always been very good. Maybe it's not the easiest to obtain, but if you have a developer's license and a support contract with them, they have 24-hour, worldwide support people who can do a dial-in if necessary. I'm always able to speak to a support engineer with knowledge about the products within hours when I need it.  

How was the initial setup?

The deployment process is pretty straightforward. Micro Focus/NetIQ provides you with a virtual appliance, so if you run it on any virtual platform, you just deploy that, start it up, and it guides you through the process, asking for things like the IP address, passwords, time zone, and stuff like that. The setup process takes about 45 minutes, and then you have a running system. It's pretty easy to set up. 

What about the implementation team?

Our company provides implementation services to customers. 

What's my experience with pricing, setup cost, and licensing?

You need a support contract with NetIQ for maintenance. You can download the updates for the underlying operating system, which is a secured and drilled-down version of SUSE Linux. For the product itself, you basically upgrade it every time there is a new version coming out, which is usually once or twice a year. 

What other advice do I have?

I rate NetIQ a nine out of ten. 

My advice to someone looking into implementing NetIQ is to just try it and see it for yourself. It's pretty easy to set up a test environment because of the virtual machine that you can deploy. Also, you have a six-day trial license with that, so there's absolutely no reason not to just set it up and start playing around with it and see how well it performs and what it's able to tell you about what's happening on your network. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Senior Specialist: Solution Architecture at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Native integrations are hassle free and transactional user data enhances security
Pros and Cons
  • "The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
  • "The solution does not allow outsourced authorizations."

What is our primary use case?

Our company uses the solution's management stack which has good integration with Sentinel. 

How has it helped my organization?

We have not necessarily realized the power of the solution but find integrations with other products to be valuable. We are able to understand how access management applications are being used for multifactor authentication and password management. We can see user behavior and prevent malicious use. 

For example, we can look at a user resetting a password at 3am to determine if this is abnormal behavior or if the two-factor authentication is attempting SMS when the user is enrolled in fingerprint authentication. This information helps us to identify patterns of abuse and opportunities for security improvement. 

What is most valuable?

The native integration with out-of-the box format is hassle free and allows data to be used advantageously. 

Transactional user information improves security, prevents fraud, and promotes best practices. 

What needs improvement?

Documentation for security aspects could be improved. It is difficult to find clear information about encryption or risks that are addressed. 

The solution does not allow outsourced authorizations which is frustrating for enterprises because users need to be created manually. 

User interfaces should be aggregated to include the control center rather than it being a separate Java app. 

For how long have I used the solution?

I have been using the solution for five years. 

What do I think about the stability of the solution?

The solution is stable and we architect for 5,000 events per second with no issues. 

What do I think about the scalability of the solution?

The solution is scalable. 

How are customer service and support?

We have an enterprise agreement that includes a dedicated support engineer who provides what we require. Detailed questions are relayed to the product team for follow up. 

Support is rated an eight out of ten. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Our partnership with Micro Focus requires use of the solution. 

How was the initial setup?

The initial setup and installation is standard with no complaints. 

What about the implementation team?

We have five team members who implement the solution in-house.

We are in the process of making our deployments enterprise-ready to take them to the next level and ensure we have high availability, redundancy, and backups. This is not related to the solution itself, but rather our approach to setup. 

We currently have an installation in Sentinel that is not highly available and we are rearchitecting it to retain data for a set number of years and with the necessary security zoning.

What was our ROI?

The ROI is realized through tracking user behavior to prevent malicious activity or abuse that would require additional security costs or improvements. 

What's my experience with pricing, setup cost, and licensing?

We receive a pricing discount because of our ongoing partnership with Micro Focus. 

Which other solutions did I evaluate?

I am familiar with other products but find the solution's out-of-the-box, native integration with NetIQ and the management product stack to be very valuable. 

I would have to build connectors and correlation rules myself if the company moved to products such as Splunk or ArcSight. 

What other advice do I have?

I rate the solution an eight out of ten based on current deployments. 

My rating will change to a nine when my company deploys its own enterprise-ready versions because they will harness the solution's full capabilities. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Security Information and Event Management (SIEM)
November 2022
Find out what your peers are saying about Micro Focus, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: November 2022.
654,218 professionals have used our research since 2012.
CEO at ITCORE
Reseller
Top 20
Makes it easier to create queries

How has it helped my organization?

Sentinel has improved the user experience inside. It is easier to create queries. 

What is most valuable?

The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this. 

What needs improvement?

The dashboard and customer view should be improved

In the next release, I would like for there to be monitoring inside the sentinel.

For how long have I used the solution?

I have used NetIQ for 18 months.

What do I think about the stability of the solution?

Stability is very good.

What do I think about the scalability of the solution?

Scalability is very good.

How are customer service and technical support?

Their customer support is very good. 

How was the initial setup?

The initial setup was very easy. It took around one or two weeks.

What other advice do I have?

I would rate NetIQ a ten out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Micro Focus, Splunk, IBM, and more!
Updated: November 2022
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Micro Focus, Splunk, IBM, and more!