Results 1 to 10 of 11

Thread: What's Happening With Sentinel

Threaded View

  1. #1
    Join Date
    Oct 2017
    Kansas City MO

    What's Happening With Sentinel

    As you can imagine since the close of the HPE deal, those of us in Product Management have received a number of questions from Sentinel users around "what happens to Sentinel now that Micro Focus owns ArcSight?" There have, unfortunately, been some reports where people have been told that Sentinel will be EOL'd in favor of ArcSight. As the Dir. of Product Management responsible for Sentinel, I would like to take a moment and share with all of you what is really happening today, and what will happen based on our current thoughts. Of course, things can change somewhere in the future based on circumstances and events that we cannot currently foresee. However, as of now here are our current plans

    • There are no plans to EOL Sentinel

    If you look at Micro Focus history, there is solid evidence that when it is warranted, Micro Focus is completely comfortable with allowing two products to exist in a given market. For an example, look at Reflections and Rhumba. We want to do what is write for our customers, not what is expedient for ourselves. We are aware that our Sentinel customers selected Sentinel for a reason. We will respect those reasons as we look at what we are doing now, and in the future.

    I have attached a dual-signed open letter from myself and my ArcSight counterpart reaffirming this position

    • What are we doing in the near term

    When we spoke with customers about Sentinel throughout 2016 and 2017 the themes were clear. You, our customers, want us to

    1. Increase the breadth / depth / and currency of our collectors making it easier to integrate with the various systems, applications, and platforms you rely upon
    2. Analytics - Customers have been learning more about analytic technologies that help "reduce the noise", more quickly convert data to actionable information, and help proactively identify potential threats

    We realize that organizations are exposed to threats for the time it takes to detect and react to the threat. We know the mission of a SIEM is to reduce detection time and improve the reaction time both in terms of speed and efficacy. Some of our plans in the area of advanced analytics had to be delayed during the merger process as there were technologies that we would gain once the merger was completed. Specifically Vertica an analytics platform used by some of the largest companies in the world to drive their business decisions. So we are not as far along as we would have liked to be, but the wait is going to be worth it.

    In Sentinel 8.2, we will introduce the first "Stronger Together" integration by integrating the collector technology of ArcSight into Sentinel. This means that Sentinel customers will have access to the same collector library as ArcSight customers have. There may be some exclusions here and there for various business reasons, but overall Sentinel customers should expect to see a vast increase.

    Beyond Sentinel 8.2, we are working to deliver additional improvements to Sentinel leveraging ArcSight technology. Another example is the ArcSight Investigate component. ArcSight Investigate is a next-generation hunt and investigation solution built on a new advanced analytics platform to serve the evolving needs of security teams. It helps hunt and defeat unknown threats by processing large volumes of data almost instantly. Security analysts are empowered with an intuitive solution to investigate higher-priority threats quickly and accurately. With the ability to leverage data lakes, ArcSight Investigate provides insights from Big Data to drive real value. While Investigate is a great forward step, it is not the end of the analytics journey. There are additional capabilities that we are currently researching, and I hope to have more information I can share with you in the very near future. I hate to be vague, but hope that you'll understand for the time being.

    • Will we ultimately integrate / combine ArcSight and Sentinel?

    We believe that ultimately their should be a single unified SIEM solution from Micro Focus that offers our customers the best of both of our heritages. Both ArcSight and Sentinel have been in the SIEM market since its inception, and both have a strong heritage of excellence. However, we fundamentally believe that the "Stronger Together" platform should be delivered through evolution and not revolution.

    As stated previously, our first goal is to ensure that our Sentinel customers know both by words and actions that their Sentinel investment is a solid investment that they can count on, and that Micro Focus is a dedicated business partner that is invested in our customer's success. This means that we will execute a pathway to a converged platform through a series of evolutionary steps vs. revolutionary actions that would introduce unwelcomed burden. In addition, there are enhancements that the ArcSight team has to do in order to align the products to ultimately converge. These will take time to do right. Right now we do not know how long this journey will take. We believe that it will likely take at least 18 months because there is only so fast we can do the integrations, and only so fast our customers can absorb the updates.

    I want to end with a quote that you may have already seen in the 2017 Gartner MQ for SIEM. In the MQ we stated that "Since closing the merger with HPE, Micro Focus has stated that its current plan is to continue investment in Sentinel and ArcSight, leveraging the combined expertise and technologies from both for the foreseeable future. I realize that my post has not addressed every possible question that you may have. So I would encourage you to please ask. It is our intention to be at upfront and as transparent with our customers as we possible can be.

    On behalf of the entire Sentinel product team, I want to wish you the very best of 2018, and to say Thank you for being our customer and affording us the privilege to be a partner with you.


    Michael Mychalczuk
    Dir. Product Management

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts