SolarWinds Log & Event Manager (LEM) is a SIEM or security analytics system. It is based on technology that it acquired from TriGeo which released its first SIEM product in January 2002. As such, it is a mature product that has been on the market for as long as most of its competitors.
LEM is primarily aimed at the mid-market, although it is also used by a wide range and number of large enterprises. It provides the core functionality of enterprise-class products offered by competing vendors, including real time centralised event and log collection, correlation, analysis and storage from virtually every system that makes up an organisation’s IT infrastructure. SolarWinds also offers extensive remediation capabilities to automate response.
LEM allows organisations of all sizes to meet the security monitoring, incident response and compliance challenges that they face in an efficient yet affordable manner since the product is a fraction of the cost of competing offerings. Many smaller organisations face the same challenges and mandates as their larger counterparts, but lack the budget or resources to invest in and deal with expensive, complex, technology platforms. LEM is also easy to deploy, use and manage for those without specialist security expertise, with its features designed with ease of use as the foremost priority.
Originally based in Oklahoma in the US, SolarWinds relocated to Austin, Texas, in 2006, where it still maintains its headquarters. It has since expanded both within the US and internationally, with a number of offices in Europe and Asia, and is looking for further international expansion. In 2013, SolarWinds announced its intention to invest US$50 million in a new operations hub in Salt Lake City in Utah. It currently has more than 1,200 employees in 13 offices worldwide. SolarWinds has been a public company since its IPO in 2009.
SolarWinds works with a wide variety of partners, including a network of channel partners throughout the world to service local customers. It has a number of partnerships with hardware and software technology providers and with managed security service providers that offer hosted versions of its technology. Strategic partnerships include Microsoft and Cisco Systems.
SolarWinds claims to service some 100,000 customers worldwide, ranging from small companies to more than 425 of the Fortune 500 organisations. However, its primary target market is the mid-market as well as departments and branches of organisations. Many of its mid-market customers have small IT teams that are often over-stretched owing to the scarcity of resources.
Among the main features available in the SolarWinds LEM offering are:
- Real time event collection and correlation for immediate threat detection
- Integrated Active Responses for automated remediation
- Advanced search and data visualisation for forensic analysis
- USB Defender for endpoint data protection
- Workstation and user activity monitoring for internal threat protection
- Built-in templates for regulatory compliance reporting
The primary differentiators of SolarWinds’ LEM product are that it provides an easy-to-use yet comprehensive SIEM and log management solution aimed at the needs of mid-market organisations that often lack the IT and security resources of their larger counterparts, often leaving what resources they do have over-stretched. Such organisations have many of the same needs as larger enterprises—especially with regard to complying with regulations such as data protection and with managing the overall security of their networks. The distribution and implementation model espoused by SolarWinds makes the product easy to evaluate and buy, with a 30-day evaluation period offered for all products, and easy to deploy and maintain.
However, LEM is also popular with and widely used by a large number of enterprise customers, including more than 425 of the Fortune 500, which is helped by its proven scalability and ability to store massive amounts of data. As well as being deployed across such organisations, it is highly suited to the needs of departments, business units and branches within such organisations.
A particular differentiator is the value for money that is offered by the LEM product. With LEM, organisations get the core capabilities they need to improve their security posture and help ensure continuous compliance, but at a fraction of the cost of competing solutions. This core functionality includes real time collection, correlation and analysis of log and event data from a wide variety of sources throughout the IT infrastructure, along with the ability to normalise, store, search, and report on log data to help meet security and compliance objectives. On top of this core functionality, LEM offers a set of features that set it apart from its competitors, including in-memory event correlation, built-in automated responses, USB defence technology and data visualisation tools.
Another prime differentiator of SolarWinds’ LEM product is its ease of deployment and use. Downloadable from the internet, it can generally be deployed without outside help either from the vendor or from consultants. LEM offers many features that make it extremely easy to use right out of the box without the need for security expertise, including hundreds of built-in rules, filters, searches and reports, with everything governed by a centralised management console with a drag-and-drop interface.
Where support is required, 24/7 phone and email support is included in the purchase price. Plus, there is a dedicated support site, thwack, which has more than 100,000 IT professional community members. Directly accessible from inside the product, it functions as an online community for sharing and solving problems, tips and tricks, discussing best practices, downloading extra tools, requesting additional features be added to the product, and for sharing custom applications and plug-ins. It provides extensive support documentation and tutorials, and provides information regarding new features and capabilities.
SolarWinds sell its technology products directly from its website, from which users can download an executable for immediate implementation. It is delivered as an all-in-one virtual appliance that runs on either VMWare or Hyper-V. The operating system and database are packaged into the virtual appliance, with no additional hardware required. Upon download, the user is provided with a wide range of out-of-the-box tools, including setup wizards, charts, graphs and lists, as well as direct access to support documentation that includes both quick start and full user guides. There are also a number of tools to allow users to customise the implementation, such as developing specific correlation rules. Some of the more advanced features require the deployment of additional agents, as does support for systems that do not use SNMP/Syslog.
The first year of unlimited 24/7 phone and email support is included in the product purchase price and further support resources are available online in its comprehensive thwack community that offers forums, additional tools, and the ability to share best practices and request new product features. Thwack is used by some 125,000 people.
Recent enhancements and upgrades have seen tighter integration with other products from the IT management tools offered by SolarWinds in its overall product portfolio. These integrations allow for bidirectional information exchange between the products. Among the integrations is that with its Server & Application Monitor (SAM) product for adding visibility into server and application performance, for correlating alerts from SAM with events captured in LEM, and for creating new rules and enhancing correlation notifications for improving incident response capabilities. LEM also integrates with SolarWinds’ Alert Central for incident escalation and response to events captured by and forwarded from LEM. Integration with the Network Performance Monitor product allows for network fault, performance and availability monitoring.