Coming October 25: PeerSpot Awards will be announced! Learn more
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 7

What needs improvement with NetIQ Sentinel?

Please share with the community what you think needs improvement with NetIQ Sentinel.

What are its weaknesses? What would you like to see changed in a future version?

PeerSpot user
3 Answers
Top 20
24 January 21

The dashboard and customer view should be improved In the next release, I would like for there to be monitoring inside the sentinel.

Global Cyber Security Manager at a financial services firm with 5,001-10,000 employees
Real User
16 April 20

Frankly speaking, we did not find this product to be valuable, at all. You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced. When we integrated with other log management solutions, the password was not there. We also found it very difficult to create a custom password and in the end, we didn't succeed. Trying to do something new, outside of use cases like server monitoring, was difficult and we could not do much.

System specialist IDM/SIEM at SV Informatik GmbH
Real User
31 July 19

The web interface needs to be improved, as it has a java-based way to call its controls. There is no integration in the web-side of the tool. It is an important requirement to be able to develop collectors because the tool does not provide a portfolio of collectors for systems or devices.

Find out what your peers are saying about Micro Focus, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: September 2022.
632,611 professionals have used our research since 2012.
Related Questions
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
Apr 16, 2020
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
See 1 answer
Global Cyber Security Manager at a financial services firm with 5,001-10,000 employees
16 April 20
We inquired about getting support from the vendor, Micro Focus, but the cost was very high.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Jan 21, 2020
SIEM is one of the fastest trending topics on IT Central Station. Why do companies need to purchase SIEM? Is it due to compliance reporting, system monitoring, intrusion detection, or something else? Why is it so important? Thanks for helping your peers cut through vendor hype and make the right decision.
2 out of 17 answers
Information Security Manager at a comms service provider with 1,001-5,000 employees
08 July 19
SIEM is needed for compliance reporting, system monitoring, intrusion detection, and something else. Based on my knowledge and experience in this area I will list the drivers for purchasing a SIEM based on priority as follows: 1. Monitoring different types of cybersecurity hacking attempts from outsiders and insiders. 2. Early detection of security hacking attempts and as a result, a prompt response is initiated. 3. Testing the effectiveness of all type of security controls in place such as network firewalls, IPSs, WAF, AV, DLP, etc. 4. Visibility of all layers of traffic on different network segments. 5. Reporting non-compliance issues. 6. Early detection of existing vulnerabilities in systems. 7. Security intelligence from SIEM vendor and other vendors in the network because logs are correlated into the SIEM. 8. Helping business people and improving quality assurance effectiveness by building customized rules on the received logs. 9. Others such as log retention, log management, and forensics.
Security Engineer at Managed Technology Services LLC
08 July 19
A SIEM is a tool which sorts logs and alerts on security-related events, customizable for a business’s needs and regulatory compliance requirements. Many certifications like ISO 27001 and SOC 2 require that there be active monitoring of networks and computer systems to ensure data confidentiality, integrity, and availability. A good SIEM will update itself with new signatures and behavioral patterns to be able to identify malicious activities and behaviors or threat actors by collating logs from various devices and endpoints on your network. A SIEM can augment and enhance the work done by security analysts in identifying problems and prevent costly, damaging attacks like ransomware outbreaks, theft of intellectual property or financial fraud. They also have the benefit of being online 24/7 where a staff of at least three analysts would be needed to catch the same coverage. Though a SIEM is primarily designed to catch security-related events, they can also be customized to monitor applications such as SQL or Financial software and alert on specific events such as disks being full, RAM usage or network outages.
Related Solutions
Download Free Report
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Micro Focus, Splunk, IBM, and more! Updated: September 2022.
632,611 professionals have used our research since 2012.