IT Central Station is now PeerSpot: Here's why

NetIQ Sentinel OverviewUNIXBusinessApplication

NetIQ Sentinel is #15 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give NetIQ Sentinel an average rating of 9.0 out of 10. NetIQ Sentinel is most commonly compared to Microsoft Sentinel: NetIQ Sentinel vs Microsoft Sentinel. NetIQ Sentinel is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
Buyer's Guide

Download the Security Information and Event Management (SIEM) Buyer's Guide including reviews and more. Updated: July 2022

What is NetIQ Sentinel?
NetIQ Sentinel is a full-featured Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers the true "actionable intelligence" security professionals need to quickly understand their threat posture and prioritize response.

NetIQ Sentinel was previously known as Novell SIEM.

NetIQ Sentinel Customers
Faysal Bank, GaVI, Handelsbanken, ISC Mªnster, Lambeth Council, Swisscard, The Municipality of Siena, Tukes, University of Dayton, University of the Sunshine Coast
NetIQ Sentinel Video

NetIQ Sentinel Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Dennis Dirks - PeerSpot reviewer
Compliancy, Security & Identity consultant at TMD informatisering BV
Consultant
Top 20
The business intelligence engine keeps track of everything and alerts us of anything unexpected
Pros and Cons
  • "One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
  • "This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."

What is our primary use case?

There are a lot of use cases of this solution. For a customer of ours, we connected it to both their active directory and their entrance system: the key card swipe application database. We set up a rule where, when people do not enter the building using their key card and they try to authenticate locally to the active directory, it is considered strange behavior—their account is immediately locked and a message is sent to security. 

We set up the business intelligence engine with a university in Belgium, and the artificial intelligence part of the solution figured out that something strange was happening. What happened was that a professor changed grades for all of his students, which is not strange at all. He authenticated it with the right username and password, but, as far as the artificial intelligence engine was concerned, it was suspicious because he never did that on Tuesday nights at 11:30-ish. Also, when he did authenticate it and change grades, it was usually for a couple of students for the same test, and not for one student for some of his tests. So it was these students who had obtained the username and password combination for the professor and sat outside of the university building, connecting to the wifi and changing his grades. Sentinel caught that, and we were able to prove what happened. 

We have this solution deployed on-prem. 

What is most valuable?

One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. 

Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this. 

What needs improvement?

This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions. 

As for additional features, even when I compare it to other systems, like Splunk, I think we've covered most things. 

For how long have I used the solution?

I have been working with NetIQ Sentinel since 1997. We are a Micro Focus NetIQ partner, and I do their advanced technical trainings on Sentinel for them. 

Buyer's Guide
Security Information and Event Management (SIEM)
July 2022
Find out what your peers are saying about Micro Focus, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: July 2022.
621,548 professionals have used our research since 2012.

What do I think about the stability of the solution?

This product is very reliable and trustworthy. 

What do I think about the scalability of the solution?

This solution is easy to scale up until about 24,000 events per second. After that, if you require more—which is an unbelievably large amount of events happening every second—you can change portions of the system to include things like Hadoop technology, and then it will scale to whatever. So it's pretty easy to scale, up until 24,000 events per second, and after that, installing Cloudera and Hadoop and all the other stuff is a bit challenging, but I've only seen one customer reach that amount of events per second. 

It's usually large companies that go for this solution. This technology is frequently used by credit card companies, school districts, and universities. This is because there is a special price—solutions like this are usually pretty expensive and can easily run into 200,000 euros a year, but school districts get it for something like four euros per employee, with the same functionality. For them, it's a very cheap way to get an enterprise-level solution, but apart from that special price, it's usually the large companies that invest in something like this. Small- to medium-sized companies sometimes have a requirement for this because of regulations concerning credit card transactions, so we offer to host that for them and they use our shared installation. 

How are customer service and support?

Technical support for Micro Focus/NetIQ has always been very good. Maybe it's not the easiest to obtain, but if you have a developer's license and a support contract with them, they have 24-hour, worldwide support people who can do a dial-in if necessary. I'm always able to speak to a support engineer with knowledge about the products within hours when I need it.  

How was the initial setup?

The deployment process is pretty straightforward. Micro Focus/NetIQ provides you with a virtual appliance, so if you run it on any virtual platform, you just deploy that, start it up, and it guides you through the process, asking for things like the IP address, passwords, time zone, and stuff like that. The setup process takes about 45 minutes, and then you have a running system. It's pretty easy to set up. 

What about the implementation team?

Our company provides implementation services to customers. 

What's my experience with pricing, setup cost, and licensing?

You need a support contract with NetIQ for maintenance. You can download the updates for the underlying operating system, which is a secured and drilled-down version of SUSE Linux. For the product itself, you basically upgrade it every time there is a new version coming out, which is usually once or twice a year. 

What other advice do I have?

I rate NetIQ a nine out of ten. 

My advice to someone looking into implementing NetIQ is to just try it and see it for yourself. It's pretty easy to set up a test environment because of the virtual machine that you can deploy. Also, you have a six-day trial license with that, so there's absolutely no reason not to just set it up and start playing around with it and see how well it performs and what it's able to tell you about what's happening on your network. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
CEO at ITCORE
Reseller
Top 20
Makes it easier to create queries

How has it helped my organization?

Sentinel has improved the user experience inside. It is easier to create queries. 

What is most valuable?

The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this. 

What needs improvement?

The dashboard and customer view should be improved

In the next release, I would like for there to be monitoring inside the sentinel.

For how long have I used the solution?

I have used NetIQ for 18 months.

What do I think about the stability of the solution?

Stability is very good.

What do I think about the scalability of the solution?

Scalability is very good.

How are customer service and technical support?

Their customer support is very good. 

How was the initial setup?

The initial setup was very easy. It took around one or two weeks.

What other advice do I have?

I would rate NetIQ a ten out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Micro Focus, Splunk, IBM, and more!
Updated: July 2022
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Micro Focus, Splunk, IBM, and more!