SolarWinds: Security Event Manager Review
Stability information and facts and function management (SIEM) instruments grant IT security specialists intuitive, at-a-glance summations of security programs. They can detect anomalous, perhaps threatening tendencies, and situation automated responses that can stave off catastrophe.
There are dozens of these instruments on the current market, from common names these types of as IBM, Microsoft, and McAfee. In this article, we dive into SolarWinds’ Security Occasion Management solution:
SIEM Nowadays
The SIEM market is mostly predicted to develop by shut to $4 billion more than the next several years, reflecting a 12% growth around its recent point out. Substantially of that is fueled by the improve in cyber crimes, specifically as state actors mount extra intense attacks in opposition to each individual other. About a quarter of that expansion is expected to take place in North The us alone.
Apart from SolarWinds, some of the significant distributors in the current market involve Broadcom, Dell Systems, Hewlett Packard Organization, and Splunk. Governing administration organizations are a single of the most significant individuals of SIEM systems to safeguard sensitive data, along with health and fitness treatment, telecom, and power.
In which SolarWinds Matches In
SIEM equipment are a mix of protection information and facts administration (SIM) instruments and protection event administration (SEM) instruments. All 3 types tend to get blurred, but traditionally SIM resources consolidate and assess log data files from a central repository. Furthermore, SIM methods are log-concentrated to start with and foremost. Comparatively, SEM instruments purpose more in authentic time, searching for situations this kind of as suspicious targeted traffic or account action throughout the network.
This receives even much more difficult, as SolarWinds Safety Function Manager is specifically concentrated on analyzing logs — the regular purview of an SIM rather than an SEM. A previous iteration of SolarWinds SEM, then referred to as Log Event Manager, contained the community exercise detection capabilities, but the organization has refocused its software on log examination and management.
As a point of distinction, that may well nudge SolarWinds SEM into the additional apt title, SolarWinds SIM, but in both situation, SEM and SIM resources are risk detectors in their own legal rights.
Attributes
SolarWinds Security Party Supervisor is beneath energetic improvement and nonetheless adding features. Some of its crucial characteristics include things like:
Centralized Log Administration: Delivers an intuitive, basic exhibit to regulate and review logs across the IT infrastructure. The log manager is capable to assess gatherings, carry out function correlation, observe metrics, scan for alterations, operate tailored reviews, and detect suspicious log designs that might be a prelude to a cyber assault.
Danger Detection: SEM arrives with a risk database, and compares real-time, method-wide log facts against the databases to locate corollaries to a likely attack. SEM catalogs negative IPs, malicious actors, most likely contaminated hosts, botnets, and spammers and delivers stories of obtain tries from these resources. SEM also includes a botnet detection instrument, which performs analytic inspections on facts packets across its servers to obtain anomalous styles and abnormal behaviors.
Automated Response: SEM will kill suspicious procedures, log off consumers, quarantine equipment, block IPs, and even block USB units, for every admin configuration. Additional, it can be configured to dispatch e mail notifications to workforce members, alerting everybody of a potential breach.
Compliance Administration: Authentic-time checking and auditing to detect IT compliance violations. SEM will difficulty automatic responses to compliance violations, such as blocking IPs, resetting passwords, and sending alerts. It will also generate compliance studies to match regulatory requirements, this kind of as HIPAA or SOX.
Occasion Correlation Engine: Ingests log facts from many sources this kind of as servers, firewalls, third-celebration cloud suppliers, and security purposes. This information is normalized and introduced in a unified format, increasing information visualization and enabling IT safety teams to swiftly locate traits.
Cross-Website Scripting Assault Detection: Examines logs from a number of resources to detect and answer to XSS attacks.
Post-Breach Studies: Makes visualizations to assist forensic assessment and auditing.
Insider Danger Detection: Privileged accounts can bring about a whole lot of problems if in the improper arms. SolarWinds SEM can develop a historic baseline of predictable person exercise, then flag serious-time exercise that could be anomalous or malicious.
High Diploma of Customizability: Specific consumers can configure the program with their very own alerts, triggers, search phrases, notifications, filters, stories, and queries. Although the program is made to capture all logs from just about everywhere, the scope can be restricted to keep an eye on only selected resources.
Use Instances
SolarWinds SEM exists largely to encapsulate all logged information and current it in a clear and reliable manner in authentic time. Older logs are compressed and archived when additional modern logs are readily available and searchable.
Consumer accounts are also very easily monitored working with SolarWinds SEM. Admins can check out which accounts are logged in and from in which and also gain facts on what varieties of devices are being applied or irrespective of whether a user is logged in from a distant desktop.
File integrity monitoring stops bad actors from hiding any traces of their actions. Similar to consumer account monitoring, SEM’s file integrity software establishes a file of all access tries to safeguarded files and generates an audit chain, so injury can be tracked, undone, or isolated.
Differentiators
SolarWinds SEM aims to distinguish itself on two crucial grounds. The 1st is that it is rather straightforward to set up, with very little challenging configuration essential for it to purpose out of the box.
And for the next, although it is not the lowest priced selection on the sector, SolarWinds has furnished an SEM resolution that is mostly more cost-effective than its main competitors. It also operates on a less complicated, far more transparent pricing plan, starting at $2,639 to invest in the solution outright, but subscriptions are also an alternative.
Rankings
Previous and present end users of SolarWinds SEM fee the merchandise a collective 4 out of 5 stars on G2. Quite a few reviewers note gratification with the competitive pricing of the solution and praised the simplicity of solution deployment.
Reviewers are happy with the simplicity of understanding of the licensing conditions compared to rivals with extra obtuse strategies. The dashboard is also greatly praised for its simplicity of use, and shopper company is noticed as responsive and beneficial.
Interestingly, although quite a few prospects come across SolarWinds SEM to be person helpful, a number of had troubles configuring the assistance for their particular necessities. Scalability was also viewed as minimal.
Conclusions
This is a crowded market place, and though SolarWinds SEM is aggressive on pricing, it may well not be as total-showcased or scalable as some clients would like.
For prospects at massive enterprises trying to find an SIEM resource designed to detect advanced persistent threats by a mix of log evaluation and tracking community situations, there are dozens of robust, potent, and significantly more expensive alternatives out there.
For more modestly-sized companies with additional limited budgets, SolarWinds SEM is a potent, able security resource that may possibly be excellent for their requirements.