Globally, it is already being used in all the major big four-member firms. Despite some competitors, Sentinel is still the market leader and performing differently. I'd rate the solution eight out of ten.
Our business needs integration. We have created some tools using Elasticsearch to improve the usability of Sentinel. The product must be modernized. Overall, I rate the tool an eight out of ten.
Technology Specialist at a government with 51-200 employees
Real User
Top 10
2023-07-26T11:12:47Z
Jul 26, 2023
We have used a Microsoft security product in addition to Sentinel, Defender for Identity. We also get all the security scores, threats, alerts, and incidents in Defender for Endpoint. I did not have to integrate the products since my organization had already started using them before I joined. Still, it's not very difficult to integrate them into the environment with the Active Directory, with some basic technical knowledge required. Sentinel was of some help in automating the finding of high-value alerts. I set up some alerts on my tenancy, tracking if someone was trying to log into my tenancy from anywhere outside my environment, and I was alerted as soon as they tried to log in. But since there was already automation in Azure, I did not use automation in Sentinel. Azure's automation is just like another older function we had in Defender. We could create a playbook with incident triggers. For example, I had alerts set up that if any account tries to log in more than five times, to send an email to the help desk or the IT team. Once the alerts are triggered, I could create custom actions based on them, similar to any other alerting system. However, I did not specifically use that since we already had an Azure alerting system. Though I never explored the XDR dashboard, I connected it. Going back to log analytics and Sentinel, they both provide you with workbooks, but I'm not very happy with them. I have connected Log Analytics to the latest Power BI in my environment and run multiple queries from there. Based on that, we get everything in Power BI. We don't use the XDR dashboard for reporting because reporting in Azure or Sentinel is very basic. You can't customize much, and I don't like the uses related to workbooks. Sentinel enabled us to ingest data from our entire ecosystem because we had connected Azure Log Analytics with Sentinel, and our Log Analytics workspace was getting data from all the servers, not only computers. But collecting data also involves a cost, where the more data you get, the more you pay. We had to maintain a balance there. Sentinel helped us track threats, but not as an all-in-one solution. Defender is better in that regard because it can access all the environments and respond holistically from one place. Given Sentinel's built-in SOAR, UEBA, and threat intelligence capabilities, Sentinel gives us value for money. It gives us a wide range of threat protection and connects to various data connectors as well. Comparing Sentinel's cost and ease of use against stand-alone SIEM and SOAR solutions, Sentinel is cheaper because it's on the cloud, with data from Azure Log Analytics being the only thing we were paying for. The cloud version was cost-effective as compared to on-premise solutions. Sentinel requires no maintenance as long as Microsoft doesn't change anything. They keep turning off legacy features, so you never know. They could send a message on Sentinel tomorrow, such as, "This feature is going to be turned off by March 2024." We had to move to something else. Sentinel is nice to have. It's a good choice if you don't have any other solution. I recommend this solution because it alerts you to all the threats and problems in the network. It didn't save us money because enabling it is an additional cost because you're getting and storing more logs in the cloud. It's an additional feature. I rate Sentinel a nine out of ten. It's difficult to say whether to go for a best-of-breed or a best-of-suite strategy because everyone has a different approach. Some might want more than one vendor to make sure their environment is safe. At one point, you could go with about ten, but you don't know how many more you are going with. If I had to choose, I would stick to one.
I rate the solution an eight out of ten based on current deployments. My rating will change to a nine when my company deploys its own enterprise-ready versions because they will harness the solution's full capabilities.
Compliancy, Security & Identity consultant at TMD informatisering BV
Consultant
2021-12-14T14:30:00Z
Dec 14, 2021
I rate NetIQ a nine out of ten. My advice to someone looking into implementing NetIQ is to just try it and see it for yourself. It's pretty easy to set up a test environment because of the virtual machine that you can deploy. Also, you have a six-day trial license with that, so there's absolutely no reason not to just set it up and start playing around with it and see how well it performs and what it's able to tell you about what's happening on your network.
Global Cyber Security Manager at a financial services firm with 5,001-10,000 employees
Real User
2020-04-16T08:44:42Z
Apr 16, 2020
Whether I would recommend this solution to anyone would depend on their environment. Maybe if they have a hybrid cloud environment then they would not have faced the challenges that we did. As it was on-premises and completely owned by us, we had a lot of trouble with managing the tool. Once it is running, it runs well, but when it comes to adding new devices to it, we always faced issues. I would rate this solution a six out of ten.
Sentinel is a full-featured Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers the true "actionable intelligence" security professionals need to quickly understand their threat posture and prioritize response.
Globally, it is already being used in all the major big four-member firms. Despite some competitors, Sentinel is still the market leader and performing differently. I'd rate the solution eight out of ten.
Overall, I rate Sentinel an eight out of ten.
Overall, I would rate Sentinel as a nine out of ten.
Our business needs integration. We have created some tools using Elasticsearch to improve the usability of Sentinel. The product must be modernized. Overall, I rate the tool an eight out of ten.
We have used a Microsoft security product in addition to Sentinel, Defender for Identity. We also get all the security scores, threats, alerts, and incidents in Defender for Endpoint. I did not have to integrate the products since my organization had already started using them before I joined. Still, it's not very difficult to integrate them into the environment with the Active Directory, with some basic technical knowledge required. Sentinel was of some help in automating the finding of high-value alerts. I set up some alerts on my tenancy, tracking if someone was trying to log into my tenancy from anywhere outside my environment, and I was alerted as soon as they tried to log in. But since there was already automation in Azure, I did not use automation in Sentinel. Azure's automation is just like another older function we had in Defender. We could create a playbook with incident triggers. For example, I had alerts set up that if any account tries to log in more than five times, to send an email to the help desk or the IT team. Once the alerts are triggered, I could create custom actions based on them, similar to any other alerting system. However, I did not specifically use that since we already had an Azure alerting system. Though I never explored the XDR dashboard, I connected it. Going back to log analytics and Sentinel, they both provide you with workbooks, but I'm not very happy with them. I have connected Log Analytics to the latest Power BI in my environment and run multiple queries from there. Based on that, we get everything in Power BI. We don't use the XDR dashboard for reporting because reporting in Azure or Sentinel is very basic. You can't customize much, and I don't like the uses related to workbooks. Sentinel enabled us to ingest data from our entire ecosystem because we had connected Azure Log Analytics with Sentinel, and our Log Analytics workspace was getting data from all the servers, not only computers. But collecting data also involves a cost, where the more data you get, the more you pay. We had to maintain a balance there. Sentinel helped us track threats, but not as an all-in-one solution. Defender is better in that regard because it can access all the environments and respond holistically from one place. Given Sentinel's built-in SOAR, UEBA, and threat intelligence capabilities, Sentinel gives us value for money. It gives us a wide range of threat protection and connects to various data connectors as well. Comparing Sentinel's cost and ease of use against stand-alone SIEM and SOAR solutions, Sentinel is cheaper because it's on the cloud, with data from Azure Log Analytics being the only thing we were paying for. The cloud version was cost-effective as compared to on-premise solutions. Sentinel requires no maintenance as long as Microsoft doesn't change anything. They keep turning off legacy features, so you never know. They could send a message on Sentinel tomorrow, such as, "This feature is going to be turned off by March 2024." We had to move to something else. Sentinel is nice to have. It's a good choice if you don't have any other solution. I recommend this solution because it alerts you to all the threats and problems in the network. It didn't save us money because enabling it is an additional cost because you're getting and storing more logs in the cloud. It's an additional feature. I rate Sentinel a nine out of ten. It's difficult to say whether to go for a best-of-breed or a best-of-suite strategy because everyone has a different approach. Some might want more than one vendor to make sure their environment is safe. At one point, you could go with about ten, but you don't know how many more you are going with. If I had to choose, I would stick to one.
I rate the solution an eight out of ten based on current deployments. My rating will change to a nine when my company deploys its own enterprise-ready versions because they will harness the solution's full capabilities.
I rate NetIQ a nine out of ten. My advice to someone looking into implementing NetIQ is to just try it and see it for yourself. It's pretty easy to set up a test environment because of the virtual machine that you can deploy. Also, you have a six-day trial license with that, so there's absolutely no reason not to just set it up and start playing around with it and see how well it performs and what it's able to tell you about what's happening on your network.
I would rate NetIQ a ten out of ten.
Whether I would recommend this solution to anyone would depend on their environment. Maybe if they have a hybrid cloud environment then they would not have faced the challenges that we did. As it was on-premises and completely owned by us, we had a lot of trouble with managing the tool. Once it is running, it runs well, but when it comes to adding new devices to it, we always faced issues. I would rate this solution a six out of ten.
We are planning on changing tools. I would rate this solution a four out of ten.