SolarWinds Log and Event Manager: SIEM product overview
Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.
The SolarWinds Log and Event Manager is a product for security information and event management (SIEM). SolarWinds SIEM product collects security event log records from an enterprise's security controls, operating systems, applications and other software. As logs are collected, SolarWinds Log and Event Manager analyzes them to identify potentially malicious activity, such as attacks or malware infections. This alerts administrators so they can manually respond to an incident, or the product can attempt to automatically stop attacks through a variety of interactions with other enterprise security controls.
Product versions
The SolarWinds SIEM tool is available as a virtual appliance that is supported by VMware ESX and Microsoft Hyper-V. The virtual appliance models are as follows:
- LEM30, up to 30 nodes
- LEM50, up to 50 nodes
- LEM100, up to 100 nodes
- LEM250, up to 250 nodes
- LEM500, up to 500 nodes
- LEM650, up to 650 nodes
- LEM800, up to 800 nodes
- LEM1000, up to 1000 nodes
- LEM1500, up to 1500 nodes
- LEM2500, up to 2500 nodes
Larger organizations can buy a virtual appliance from SolarWinds that supports an even higher number of maximum nodes.
Additional security capabilities
SolarWinds Log and Event Manager offers the core SIEM capabilities supported by nearly every SIEM, and in addition, the product also supports enhanced file and registry integrity monitoring to generate additional security log entries for endpoints. No other advanced security capabilities are available from SolarWinds Log and Event Manager.
Reporting capabilities
Robust built-in reporting capabilities are offered by SolarWinds SIEM product, including over 300 reporting templates. These templates address the requirements of many security compliance initiatives, including the following:
- Federal Information Security Management Act of 2014
- Gramm-Leach-Bliley Act
- Health Insurance Portability and Accountability Act
- International Organization for Standardization/International Electrotechnical Commission 27001/27002, Information Security Management
- North American Electric Reliability Corporation Critical Infrastructure Protection
- Payment Card Industry Data Security Standard
- Sarbanes-Oxley Act
Licensing and pricing
Organizations can download a free 30-day trial of SolarWinds Log and Event Manager here.
SolarWinds Log and Event Manager are licensed by the maximum number of nodes a model supports. See here for current pricing by model.
SolarWinds Log and Event Manager
SolarWinds Log and Event Manager is available in a variety of virtual appliance models that are each distinguished by the number of logging nodes they can support; additionally, customized virtual appliances are available to support even larger numbers of nodes. SolarWinds Log and Event Manager's security capabilities are not cutting-edge, but its reporting capabilities are substantially better than average. Nearly any organization, other than the largest enterprises, should consider SolarWinds Log and Event Manager as a possible candidate for SIEM evaluation.
