As you know, in SOC or GSoft operations, there are different verticals. We have different SMR teams who take care of 24/7 monitoring. They have some use cases in place, and they are also using Microsoft Defender for Endpoint, which is the latest endpoint detection tool from Microsoft. Sentinel has the ability to do everything when used, along with Microsoft Defender for Endpoint. We can do advanced hunting from the two portals themselves, and it has inbuilt features that allow 24/7 proactive threat detection. Sentinel has capabilities like traditional SIEMs, along with advanced SQL queries that analysts can modify for specific needs. This allows us to face any malicious attempt from any client with tailored queries.
We use Sentinel to make managing security events a breeze. It helps us oversee alarms from various platforms in one central hub, all handled through our NOC in the cloud. It is like having a smart assistant that simplifies keeping our digital space safe and sound.
Technology Specialist at a government with 51-200 employees
Real User
Top 10
2023-07-26T11:12:47Z
Jul 26, 2023
I used Sentinel to collect logs from computers. We deployed Sentinel for a government department with a staff of 2,700. The IT and security teams used Sentinel. They are the only people who used the solution. We had a team of 15 to 20 people in IT. Five to six people needed to use it at most. The rest still use the Power BI dashboards because they get the alerts from Sentinel directly.
Compliancy, Security & Identity consultant at TMD informatisering BV
Consultant
2021-12-14T14:30:00Z
Dec 14, 2021
There are a lot of use cases of this solution. For a customer of ours, we connected it to both their active directory and their entrance system: the key card swipe application database. We set up a rule where, when people do not enter the building using their key card and they try to authenticate locally to the active directory, it is considered strange behavior—their account is immediately locked and a message is sent to security. We set up the business intelligence engine with a university in Belgium, and the artificial intelligence part of the solution figured out that something strange was happening. What happened was that a professor changed grades for all of his students, which is not strange at all. He authenticated it with the right username and password, but, as far as the artificial intelligence engine was concerned, it was suspicious because he never did that on Tuesday nights at 11:30-ish. Also, when he did authenticate it and change grades, it was usually for a couple of students for the same test, and not for one student for some of his tests. So it was these students who had obtained the username and password combination for the professor and sat outside of the university building, connecting to the wifi and changing his grades. Sentinel caught that, and we were able to prove what happened. We have this solution deployed on-prem.
Global Cyber Security Manager at a financial services firm with 5,001-10,000 employees
Real User
2020-04-16T08:44:42Z
Apr 16, 2020
NetIQ Sentinel is a security information and event management tool that makes up part of our security solution. We are in the process of migrating to a new solution.
Sentinel is a full-featured Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers the true "actionable intelligence" security professionals need to quickly understand their threat posture and prioritize response.
As you know, in SOC or GSoft operations, there are different verticals. We have different SMR teams who take care of 24/7 monitoring. They have some use cases in place, and they are also using Microsoft Defender for Endpoint, which is the latest endpoint detection tool from Microsoft. Sentinel has the ability to do everything when used, along with Microsoft Defender for Endpoint. We can do advanced hunting from the two portals themselves, and it has inbuilt features that allow 24/7 proactive threat detection. Sentinel has capabilities like traditional SIEMs, along with advanced SQL queries that analysts can modify for specific needs. This allows us to face any malicious attempt from any client with tailored queries.
We use Sentinel to make managing security events a breeze. It helps us oversee alarms from various platforms in one central hub, all handled through our NOC in the cloud. It is like having a smart assistant that simplifies keeping our digital space safe and sound.
We use the solution to monitor the integration. We can monitor end-to-end from source to destination.
I used Sentinel to collect logs from computers. We deployed Sentinel for a government department with a staff of 2,700. The IT and security teams used Sentinel. They are the only people who used the solution. We had a team of 15 to 20 people in IT. Five to six people needed to use it at most. The rest still use the Power BI dashboards because they get the alerts from Sentinel directly.
Our company uses the solution's management stack which has good integration with Sentinel.
There are a lot of use cases of this solution. For a customer of ours, we connected it to both their active directory and their entrance system: the key card swipe application database. We set up a rule where, when people do not enter the building using their key card and they try to authenticate locally to the active directory, it is considered strange behavior—their account is immediately locked and a message is sent to security. We set up the business intelligence engine with a university in Belgium, and the artificial intelligence part of the solution figured out that something strange was happening. What happened was that a professor changed grades for all of his students, which is not strange at all. He authenticated it with the right username and password, but, as far as the artificial intelligence engine was concerned, it was suspicious because he never did that on Tuesday nights at 11:30-ish. Also, when he did authenticate it and change grades, it was usually for a couple of students for the same test, and not for one student for some of his tests. So it was these students who had obtained the username and password combination for the professor and sat outside of the university building, connecting to the wifi and changing his grades. Sentinel caught that, and we were able to prove what happened. We have this solution deployed on-prem.
NetIQ Sentinel is a security information and event management tool that makes up part of our security solution. We are in the process of migrating to a new solution.
We are using this solution for logging. Our environment is an on-premises deployment.