NetIQ Sentinel Review
Our intital setup was complex but mainly because of all the network variables we had.


Valuable Features:

<ul> <li>Correlation Engine simpleness</li> <li>Visual agent deployment</li> <li>Stream based solution performed by iscale bus (no latency due to the database layer) </li> </ul>

Improvements to My Organization:

<ul> <li>Better security incident analysis</li> <li>New scopes for security events and correlation</li> <li>Better performances on device failures actions</li> </ul>

Room for Improvement:

<ul> <li>Correlation Engine</li> <li>Device support</li> <li>Agent development flexibility</li> </ul>

Use of Solution:

I worked on version 5 and then 6 for a total of 6 years. My personal score is 4 stars based on my experience with the latest version I worked on (probably version 7 should be much more better.)

Deployment Issues:

On version 5, builder was somewhat unstable during deployment -> workaround strong procedure with too many middle steps of saves.

Stability Issues:

The wizard agent module is very sensible to network changes and needs a restart on every network change (versions 5 and 6).

Scalability Issues:

I have not seen any issues with scalability.

Previous Solutions:

I had another SIEM installation (nFX) working for another application domain.

Initial Setup:

Complex but mainly because of all the network variables we had. Imagine to map firewalls rules passively and then request the ability from an external group not really involved in the installation.

Implementation Team:

Actually we were the system integrator and we provided a large enterprise solution.

Other Solutions Considered:

Novell SIEM was my second technology of this kind. Previously I experienced the nFX and later even the McAfee ESM and the Splunk ES.

Other Advice:

Be aware that without any technical support from NetIQ it could be very hard to administer.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
2 visitors found this review helpful

Add a Comment

Guest
Why do you like it?

Sign Up with Email