[Review] Log & Event Manager (LEM) Security Information and Event Management Software by SolarWinds

Strong network security is a requirement for the success of any modern company. It plays a key role in meeting the regulatory compliance requirements which govern how a business protects sensitive data of all types. Falling short of these objectives can come at a cost. Cases where companies have failed to meet their compliance requirements include $3,300,000 for unsecured electronic health records (HHS OCR,) $300,000 for failing to follow banking regulations (FinCEN,) and $25,000,000 for data breaches (FCC.) Despite the critical importance of network security, many IT departments are under-resourced and struggle daily with being spread thin. They are burdened by laborious manual processes, making it difficult or even impossible to identify security incidents when they occur. Resource-constrained IT departments cannot respond to security events appropriately, or better yet, avoid them altogether. What’s more, some compliance policies require security automation processes, and without them, meeting compliance standards is simply out of reach.

Enter LEM (Log & Event Manager,) the full-featured Security Information and Event Management (SIEM) solution by SolarWinds. Equipped with time-saving automation features that require no coding skills, it is an all in one solution for resource-constrained IT professionals looking for security management and compliance support. LEM lets even non-security specialists tackle security threats, perform root cause analysis, monitor file integrity, and more, all in real time. It is engineered to help aid in compliance, providing out of the box compliance reports for stress-free auditing.

All-In-One Tool for IT Security and Compliance Support:

LEM is deployed as a virtual appliance for Windows machines and runs on VMware® or Microsoft Hyper-V®. The software gathers, analyzes, and consolidates easy to read, simple to search event logs using connectors that support over 500 data source types. In-memory log collection, compression, and encryption are handled by a Secure Socket Layer\Transport Layer Security (SSL/TLS) agent. For non-agent devices like firewalls, routers, and switches, LEM uses syslog.

Other SIEM’s use a data indexing volume license scheme, which requires users to predict daily log volume. However, LEM uses an affordable node-based licensing system, so you can easily select the best license tier for your needs. LEM puts a stop to worrying about the rise and fall of data volume and how it affects your costs.

Figure 1: No programming or security specialist skills are required to provide 24/7 network security monitoring, fast automatic threat response, and detailed compliance support.

No Programming or Specialized Security Knowledge Required to Monitor, Log, Analyze, and Take Action

LEM has many security features with a strong emphasis on auditable compliance support. Centralized continuous monitoring lets you watch all activity for the network. Maintain vigilance 24/7 with real-time security incident awareness. Detection and response are incredibly fast thanks to in-memory correlation. React automatically before problems can spread with hundreds of pre-built correlation rules, or easily build your own with the programming-free drag and drop UI. Active response, blocking IP’s and LEM’s nDepth feature helps summarize event activity with simple visual tools that you can use to select and investigate areas of interest easily. Support all your compliance efforts with compliance reporting and save time by utilizing LEM’s 300+ report templates, which include popular standards such as HIPAA, PCI DSS, SOX, and more.

All the Data You Need for Security and Compliance Support at Your Fingertips

LEM stores every log you collect, so you do not have to invest the time in hunting down relevant information during a crisis. The Ops Center gives you the big strategic picture, while the Explore tab (which features the nDepth search capability) lets you dig deeper, examine details, and filter event logs. The powerful SQL auditing features monitor and alert you to changes to schema and tables, protecting you from SQL injection attacks. Charts and graphs make it easy to find specific issues, like unusual keywords or IP addresses or a particular device with a high number of events.

LEM is Your Secret Agent Against Security Threats and is Always On Watch

In-memory data collection means you process log data before it is written to the database to bring down security threats the moment they occur, so they do not have the chance to spread. Thanks to the in-memory correlation capabilities of LEM, it can detect attacks in real-time without the need for indexing. Using the built-in or custom built response rules, corrective action rolls out right away, neutralizing the threat in seconds.

Take Down Security Threats Fast with Easy-to-Configure Rules and Automatic Corrective Action.

Creating rules or using any of the hundreds of prebuilt options provided by SolarWinds is easy and requires no programming. The intuitive drag-and-drop rule correlation builder UI lets you set up detection rules and reaction steps as simple or complex as you would like. For example, if a certain app starts, LEM will automatically shut it down and inform you of the location and time of the event. The Threat Intelligence Feed ensures daily updates to LEM’s knowledge base of bad IP’s and other known threats. It comes pre-configured with an extensive library of known bad IP addresses so it can start protecting you right away.

Modern USB devices represent a unique and serious threat to network security. Their capacity for storage, portability, and susceptibility for abuse makes them well suited to data exfiltration and establishing malicious code on a network. However, with LEM’s active response options, your network can be protected from this threat. For example, you can create a blacklist or whitelist of USB devices allows you to block devices the moment they try to connect. The USB Analyzer is an incredibly useful tool that specializes in detection and automatic prevention of these threats.

Figure 2: Security responses, both simple and complex, can be implemented programming-free even without specialized security training.

Easy to Use UI’s Grant Fast Access to Critical Details

nDepth makes searching logs fast and easy, no matter how large or complex. The drag-and-drop UI lets you search in a very granular way to find specific events, or you can use simple keyword searches. No prior knowledge of any query languages is needed to dig deeply and precisely into event logs.

Figure 3: nDepth is incredibly easy to use, allowing you to search millions of logs and get specific data fast without any prior query language knowledge.

Spend Less Time Assessing and Correcting Compliance Issues

Automatic reporting features mean no more time-consuming and error-prone manual reporting. You can easily manage different kinds of reports, like those for security and auditing purposes, from a single screen. The filtering tools let you grab specific data quickly, again with no programming required. The rule-based event correlation features LEM uses to detect and respond to threats can be customized to help you stay in compliance, and the software comes preloaded with policy-specific rule templates. All the event logs are encrypted and highly compressed down to 95%-98% to save space so you can hold onto more info for longer to meet log retention policy requirements.

Figure 4: From one place, manage all your reports from security to compliance audits. Get details with a single click.

Proven History of Successfully Supporting Users Compliance Objectives and Reducing Costs

LEM is trusted by thousands of IT professionals working with constrained resources. Using LEM’s security and compliance features, this telecommunications company saved over $1,000,000, and this eHealth Technologies company met certain regulatory compliance requirements. You can see more case studies at Tech Validate.

In-Depth Technical and Community Support

Should you ever have a question, the SolarWinds support team provides extensive resources. SolarWinds offers one year of maintenance from the date of purchase of LEM. The SolarWinds Success Center is a rich resource full of free training videos, comprehensive and concise FAQ’s, and quick access to manuals and user guides. For additional resources head on over to THWACK®, an extensive user support group full of tips, tricks, and advice.

Figure 5: Free training, easy to use guides, free tools, and an incredibly supportive user community.

Download a Free Trial Today

LEM provides out-of-the-box protection and audit-proven compliance tools, no programming or advanced security knowledge required. Pricing starts at 30 nodes for $4995 and includes one year of maintenance. SolarWinds offers additional savings with specialized pricing for the monitoring of Windows® workstations. For more information regarding LEM Windows Workstation Licensing, click here.

Download a free trial of LEM for 30 days, or contact SolarWinds at 866.530.8100 or [email protected], to request a customized quote.

 

Shane Landry

Shane Landry is a technical content writer with a degree in Applied Physics and over five years of experience as a scientist and an engineer. His work experience includes 13 months in the South Pole in Antarctica as a research assistant. He specializes in copywriting and technical writing for both technical and non-technical audiences. You can learn more about him at www.theshanelandry.com.