MicroFocus Sentinel remains a Niche Player in the latest SIEM Gartner Magic Quadrant. It may not work well for large enterprise with a sophisticated security infrastructure and veteran IT security staff. But it is a good fit for those who do not have a high-maturity SOC and do not have requirements for full incident case management. It is also good for SMEs seeking a decent SIEM at low cost, or MSSPs requiring large-scale security event processing in a distributed IT environment.
Micro Focus acquired Sentinel from NetIQ, an enterprise software company based in Houston, Texas that began in 1995. Micro Focus provides products for identity and access management, security and data center management.
Sentinel is a full-featured SIEM solution that simplifies the deployment, management and day-to-day use of SIEM, adapts to dynamic enterprise environments and delivers actionable intelligence to security professionals about threats. It includes features for audit, compliance, threat detection, security visibility, and log management. It is augmented by NetIQ Change Guardian (host monitoring and file integrity monitoring), Secure Configuration Manager (compliance), and modules for threat intelligence feeds, exploit detection, identity tracking, workflow management and log management.
SIEM Features Rated
Threats blocked: Good. Sentinel provides threat protection against a range of threats.https://o1.qnsr.com/log/p.gif?;n=203;c=204650406;s=9477;x=7936;f=201801171513530;u=j;z=TIMESTAMP;a=20392955;e=i
Sources ingested: Good. Sentinel can gather, analyze and correlate data from applications, databases, servers, storage and security devices. Its event taxonomy comprises more than 200 fields.
Performance: Good. 7,500 EPS, up to 2,000 devices.
Value: Very good. Sentinel costs less than most SIEM systems for good functionality. Price is typically cited as a top reason by purchasers.
Implementation: Very good. Gartner said Sentinel is one of the simpler solutions to deploy and manage compared to competing products. Sentinel's virtual appliance packaging allows for fast deployment.
Management: Very good. One user called it "very stable, almost fire and forget." Log management and reporting get high marks. Gartner said tight integration between Micro Focus' IAM, SIEM and IT operations tools gives organizations a single view into user activity across the IT environment.
Support: Good, but an area some users would like to see improvement in. Micro Focus offers standard support and premium support.
Scalability: Very good. Scaling and distribution-only require installation of more Sentinel instances.
PCI DSS, HIPAA, the Health Information Technology for Economic and Clinical Health Act (HITECH), ISO/IEC 27001, and the EU Privacy Directive.
Sentinel ships with packaged intelligence to detect threats out-of-the-box without rule-writing and configuration. Built-in anomaly detection automatically detects changes that can represent emerging threats. An optional scalable storage backend uses the Cloudera/Hadoop infrastructure to enhance data mining capabilities using analytic tool sets.
Sentinel can be deployed as software on Linux or as a virtual appliance on VMware, Hyper-V, and Xen.
Agent Manager allows you to deploy agents, manage agent configuration, and act as a collection point for events flowing into Sentinel. In addition, an Agentless Monitoring module expands AppManager to provide real-time monitoring of key metrics in situations where installing an agent is not ideal.
Sentinel Enterprise pricing is based on EPS/device, with 500 EPS/250 device licenses starting at just under $48,000 list, with volume discounts.