This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."
Download it now to read this article plus other related content.
| Starts at $65,000|
Novell, which acquired Sentinel, its entry into the SIEM market, from e-Security last year, offers a robust product that is getting better with each revision.
In a large environment, Novell recommends each component be installed on a separate machine for maximum performance. Setting up collectors, which gather data from devices and convert it to the Sentinel event log format, takes some work, but it pays off in the end in the breadth of device support.
For test purposes, we installed them on the same machine. Sentinel supports a variety of platforms, such as Linux, Solaris, Windows and databases, including Oracle and Microsoft SQL Server.
Nonetheless, Sentinel's interface can be somewhat intimidating at first, because you have to deal with so many pieces and so much data. It's tab-based, with a navigation toolbar on the left that changes depending on the tab you are in.
This was first published in March 2008