5 out of 5.0, Reviewed Dec 17, 2015
Scales extremely well under heay-load scenarios without affecting search performance. Excellent integration with AD or an Identity Management solution's feed to map permutations of usernames across disparate systems such that they all roll-up as the same logical user's activity, "Advisor" service maps Vulnerability Scan data to IPS/IDS alerts so that you know even if the attack had been allowed if it would have been successful or not. Our team aggressively applies upgrades as they release -- with major releases containing enhancements generally occuring twice a year -- so that we constantly deliver new value on existing investment.
Consider purchasing high-IOPS SSD or Flash storage for the smaller "primary" partition vs commodity storage for your much larger "secondary" storage, as defined in Sentinel. The primary partition is generally where 90% of your searches are hitting, as well as all of the new event streams are initially rolling in, as well as all of the dashboard, anomaly detection, and correlations are churning against.
- High-quality software that is very stable. - Flexibility to choose to go agentless or agent-based on variety of monitored platforms, including NetFlow. - Very easy query syntax based on Apache Lucene - Alerting based on Anomaly detection (trend deviations) and Correlation rules (known thresholds)
Most of the administration is performed through a Web console, but some of it must be done through a Java applet console. Fortunately, they've been slowly migrating aspects of the Java applet console to the Web Console in recent releases. All aspects of that Java console should be replaced within the next couple major releases.
Improve marketing and self-promotion. Seems to be their only weakness compared to the players currently leading them in the Gartner MQ.
Nothing comes to mind.
UI is intuitive and easy to pick up on,
NetIQ engages us regularly -- from the support organization to the actual Product Manager over Sentinel. We provide constant feedback on desired enhancements and many of them show up in the next iterations of the product. Support issues are agressively pursued and always lead to resolution (whether that's educating us on self-corrective action or providing bugfixes).
Deployment is painless and with so many event sources being able to be connected in an agentless fashion, integration is as simple as it gets for most of our platforms.
1 out of 5.0, Reviewed Jun 10, 2015
Overall support is lacking with NetIQ. Lack of knowledgeable partners. Not easy to configure and administer.
Find a good vendor to help with implementation and support. NetIQ will not suffice.
Integration with NetIQ IDM solution
Not buy the software.
Chose a different product. We only chose this because it integrated with our NetIQ IDM deployment. We are now only using it to forward to HP ArcSight our IDM security events.
3 out of 5.0, Reviewed Jun 10, 2015
Tool was not easy to configure for end user.
Attend or set training upon install
Ease of Deployment
Not end user friendly
Crash course upon install
Good customer service, but were not able to fix issue.
Easy to deploy on windows platform. Had major issues on Linux and Unix systems.
2 out of 5.0, Reviewed Jun 9, 2015
Avoid this product
It was not enterprise class and did not meet our needs
The product was not enterprise class and could not keep up with the feeds and queries on the system
Product did not meet needs and would break frequently
Cases were constantly escalated and in some casesw took weeks to resolve
3 out of 5.0, Reviewed Jun 9, 2015
Always consider your environment and ensure application can meet all requirements
Inability to remove clients from software
Flexible schedule, one dedicated support technician
Test out prior to purchase
4 out of 5.0, Reviewed Jun 9, 2015
Carefully identify their needs before product selection
It isn't local support
To provide local support
No, we would follow the same strategy