NetIQ Sentinel Reviews

There are a lot of use cases of this solution. For a customer of ours, we connected it to both their active directory and their entrance system: the key card swipe application database. We set up a rule where, when people do not enter the building using their key card and they try to authenticate locally to the active directory, it is considered strange behavior—their account is immediately locked and a message is sent to security. 

We set up the business intelligence engine with a university in Belgium, and the artificial intelligence part of the solution figured out that something strange was happening. What happened was that a professor changed grades for all of his students, which is not strange at all. He authenticated it with the right username and password, but, as far as the artificial intelligence engine was concerned, it was suspicious because he never did that on Tuesday nights at 11:30-ish. Also, when he did authenticate it and change grades, it was usually for a couple of students for the same test, and not for one student for some of his tests. So it was these students who had obtained the username and password combination for the professor and sat outside of the university building, connecting to the wifi and changing his grades. Sentinel caught that, and we were able to prove what happened. 

We have this solution deployed on-prem. 

One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. 

Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this. 

This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions. 

As for additional features, even when I compare it to other systems, like Splunk, I think we've covered most things. 

I have been working with NetIQ Sentinel since 1997. We are a Micro Focus NetIQ partner, and I do their advanced technical trainings on Sentinel for them. 

This product is very reliable and trustworthy. 

This solution is easy to scale up until about 24,000 events per second. After that, if you require more—which is an unbelievably large amount of events happening every second—you can change portions of the system to include things like Hadoop technology, and then it will scale to whatever. So it's pretty easy to scale, up until 24,000 events per second, and after that, installing Cloudera and Hadoop and all the other stuff is a bit challenging, but I've only seen one customer reach that amount of events per second. 

It's usually large companies that go for this solution. This technology is frequently used by credit card companies, school districts, and universities. This is because there is a special price—solutions like this are usually pretty expensive and can easily run into 200,000 euros a year, but school districts get it for something like four euros per employee, with the same functionality. For them, it's a very cheap way to get an enterprise-level solution, but apart from that special price, it's usually the large companies that invest in something like this. Small- to medium-sized companies sometimes have a requirement for this because of regulations concerning credit card transactions, so we offer to host that for them and they use our shared installation. 

Technical support for Micro Focus/NetIQ has always been very good. Maybe it's not the easiest to obtain, but if you have a developer's license and a support contract with them, they have 24-hour, worldwide support people who can do a dial-in if necessary. I'm always able to speak to a support engineer with knowledge about the products within hours when I need it.  

The deployment process is pretty straightforward. Micro Focus/NetIQ provides you with a virtual appliance, so if you run it on any virtual platform, you just deploy that, start it up, and it guides you through the process, asking for things like the IP address, passwords, time zone, and stuff like that. The setup process takes about 45 minutes, and then you have a running system. It's pretty easy to set up. 

Our company provides implementation services to customers. 

You need a support contract with NetIQ for maintenance. You can download the updates for the underlying operating system, which is a secured and drilled-down version of SUSE Linux. For the product itself, you basically upgrade it every time there is a new version coming out, which is usually once or twice a year. 

I rate NetIQ a nine out of ten. 

My advice to someone looking into implementing NetIQ is to just try it and see it for yourself. It's pretty easy to set up a test environment because of the virtual machine that you can deploy. Also, you have a six-day trial license with that, so there's absolutely no reason not to just set it up and start playing around with it and see how well it performs and what it's able to tell you about what's happening on your network. 

Our company uses the solution's management stack which has good integration with Sentinel. 

We have not necessarily realized the power of the solution but find integrations with other products to be valuable. We are able to understand how access management applications are being used for multifactor authentication and password management. We can see user behavior and prevent malicious use. 

For example, we can look at a user resetting a password at 3am to determine if this is abnormal behavior or if the two-factor authentication is attempting SMS when the user is enrolled in fingerprint authentication. This information helps us to identify patterns of abuse and opportunities for security improvement. 

The native integration with out-of-the box format is hassle free and allows data to be used advantageously. 

Transactional user information improves security, prevents fraud, and promotes best practices. 

Documentation for security aspects could be improved. It is difficult to find clear information about encryption or risks that are addressed. 

The solution does not allow outsourced authorizations which is frustrating for enterprises because users need to be created manually. 

User interfaces should be aggregated to include the control center rather than it being a separate Java app. 

I have been using the solution for five years. 

The solution is stable and we architect for 5,000 events per second with no issues. 

The solution is scalable. 

We have an enterprise agreement that includes a dedicated support engineer who provides what we require. Detailed questions are relayed to the product team for follow up. 

Support is rated an eight out of ten. 

Positive

Our partnership with Micro Focus requires use of the solution. 

The initial setup and installation is standard with no complaints. 

We have five team members who implement the solution in-house.

We are in the process of making our deployments enterprise-ready to take them to the next level and ensure we have high availability, redundancy, and backups. This is not related to the solution itself, but rather our approach to setup. 

We currently have an installation in Sentinel that is not highly available and we are rearchitecting it to retain data for a set number of years and with the necessary security zoning.

The ROI is realized through tracking user behavior to prevent malicious activity or abuse that would require additional security costs or improvements. 

We receive a pricing discount because of our ongoing partnership with Micro Focus. 

I am familiar with other products but find the solution's out-of-the-box, native integration with NetIQ and the management product stack to be very valuable. 

I would have to build connectors and correlation rules myself if the company moved to products such as Splunk or ArcSight. 

I rate the solution an eight out of ten based on current deployments. 

My rating will change to a nine when my company deploys its own enterprise-ready versions because they will harness the solution's full capabilities. 

Sentinel has improved the user experience inside. It is easier to create queries. 

The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this. 

The dashboard and customer view should be improved

In the next release, I would like for there to be monitoring inside the sentinel.

I have used NetIQ for 18 months.

Stability is very good.

Scalability is very good.

Their customer support is very good. 

The initial setup was very easy. It took around one or two weeks.

I would rate NetIQ a ten out of ten.