SolarWinds Security Event Manager Reviews

Our primary use case is analyzing log files from any kind of source which is IT related. We use the product in our company on a daily basis and also integrate it for others. There are four people in our company using this software, and it's part of their daily routine to check everything. We are consultans and a reseller of the solution. 

The most valuable feature of the solution is intuitivity of navigation; it's easy to build rules and actions which are based on the logs and event types we collect with the software.

Some things on the roadmap could be improved but I understand they're working on those issues. The main area that would mean a big improvement for me would be for the product to include multiple dashboards. I would love to see a multi-page dashboard where you could see information side-by-side; to slice through the dashboard to see specific topics. For example, one network dashboard, one active directory dashboard, one VMware dashboard, etc.

That feature is something they could include in the next release - the ability for a report to flip to different technologies. And it would be nice if there were some pretty configured templates for the dashboard so that you don't have to fill all the data in. For example, a template for active directory or KPIs, or a template for VMware KPIs.

We've been using the solution for about one year.

It's a very stable solution. 

Scalability is a plus with this software. 

Technical support is good, they've even helped us during the night because they're in a different time zone.

The setup process and determining all the log files from all the different systems is quite easy. However, to get all the information out of the log files and create rules and access based on the log files, means that it's sensible to hire consultants. The simple setup of the virtual machine takes about two hours and after that it really depends on the number of log files and the number of devices. You're looking at about half a day and you have pretty much installed everything. 

The setup cost is not as expensive as Splunk or many other competitors. Cost is dependent on the size of the company.

I would advise people to make themselves familiar with the SolarWinds work community which has all the users' comments and where you can get the newest topics about everything connected to the software. It makes sense to peek around there. There is also SolarWinds SCM online training which is a big help when getting started with the software.

The product fills all our requirements but there is always room for improvement and so I would rate this product a nine out of 10. 

The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use.

It allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server. There was not much customization, which we had to do with Splunk.

I imagine we will have to develop our own reports soon, this seems to be more cumbersome.

For five months now.

Not really.

Not yet.

Not yet.

Good. There can be lag times on responses.

Eight on a scale of 10.

Splunk. The pricing was too high and you need a PhD on customizing the reports.

Setup was straightforward. We were able to use the default reports and window displays.

We did it ourselves.

The pricing was low, around 30K so ROI is less than one year. Splunk was elevating into the 100K arena.

Licensing is on devices, so if you have many, then this may be high. The storage can be an issue as well, we already had a SAN setup, but this is true for any SIEM.

Splunk and Oracle Audit Vault. We almost picked Oracle, because it pulls in the databases in a quick manner.

Don't over think the situation. We went with the one which had a better user presentation because we have managers using it as well. Splunk is nicer if you have a bunch of technical people wanting to play with it.

We are using this solution for our internal log event monitoring, as well as for file integrity monitoring.

SolarWinds LEM performs the job of log collection. It collects logs and nothing more. It does not really provide much in terms of security. It will trigger alerts but it will not give you any recommendations, filter according to rules, or anything other than logging the events if your server is attacked.

The most valuable feature is the reporting. The log conversion for generating reports is good.

The dashboard is running in Adobe Flash and this should be changed because there are vulnerabilities that are related to the browser. We constantly have to patch the system.

There is no information provided in terms of security.

The licensing model is poor, which in turn affects the scalability.

There is no correlation made between log entries, so no threat information is presented.

The performance degrades when there is a lot of traffic.

We have been using SolarWinds LEM for three years.

The stability is good when there are a low number of events per second on the servers. However, if there are a lot of events then the server is very slow. 

The scalability is poor because of the licensing. Having to buy blocks of fifty licenses is not good for our business. Our model is that of a managed service provider and our customers are interested in adding two or three nodes at a time. We cannot just keep buying fifty licenses at a time.

There is not much in terms of technical support because it is a web-based application. They do not support Adobe Flash because it is a third-party application. The just provide you the knowledge base, as with the other SolarWinds products. Using that, you experiment on your own.

It is a straightforward implementation. The deployment takes about two hours before everything is running.

Licenses can only be purchased in blocks of fifty at a time.

I am not expecting a future release of SolarWinds LEM because they have released another solution. They are continuing with a new security event and information management (SEIM) solution that is more suitable for large-scale enterprises.

I would rate this solution a five out of ten.

Its use case is to identify and help prevent and block known spyware or ransomware sites. Ransomware sites typically have bad IPs or domain names.

In terms of the version, I have had our clients log in and update the version a few times.

Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network.

It is a very technical program. They can simplify it so that it isn't so hard to deal with. 

You can be notified of various things, but you have to configure them. That's the downside. You got to work with it and configure it.

I have been using this solution for a couple of years. When we first started, it was flash-based, and now, it is not flash-based.

It is stable.

Its scalability is good now. Initially, we had some trouble with defining some of the hard drive things with ESXi.

When you get them on the phone, they're good. It could sometimes be tough to connect with them. Sometimes, you find someone who is probably a technician, but you need an engineer.

It is fairly complex, but once we have it installed and running, there is not much need to look at anything. Initially, when you set it up, it'll take a technician about a week to get things running close to right. It also depends on the time he has to sit down and do it.

It will identify things in your network that you just didn't know were going on. It will certainly open your eyes to other things that you might need.

Dot your i's and cross your t's. If you're looking for something specific, then you better specify that when you talk to the sales engineers and the engineers. Always talk to an engineer after you talk to the sales guys, just to confirm that what they said is true and accurate.

For non-Windows or non-Linux devices, they may not have a connector. So, that's where you need to go and ask somebody if it will support your device.

I would rate it a seven out of 10. The only reason for that is some of the complexity of the rules.

We are using this solution for the purpose of security monitoring. It performs network behavior monitoring, log monitoring, and disaster recovery monitoring.  

The most valuable feature of this solution is the log monitoring.

The flash-based interface can be improved because sometimes, the speed of monitoring is reduced. The interface should be replaced with something else.

Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product.

The gadgets in SolarWinds should all be in one place.

There should be a default template because as it is now, the user has to create one for each and everything.

SolarWinds is a big brand, and they will adapt as necessary. 

Our monitoring team has between fifteen and twenty users.

We do not have any new infrastructure, so we do not need to increase usage at this time.

Technical support for this solution is good. We have had no problems with them.

Prior to this solution, we were using AlienVault and IBM QRadar. I have also used Nagios, which is faster than SolarWinds LEM regarding alerts.

I would not say that the initial setup is straightforward or complex. It is a bit of both. I would say it's forty percent straightforward and sixty percent complex.

Deployment time depends on the size of the infrastructure, the number of services that are going to be monitored, and the types of services.

This is one of the good products in this market. People are always looking for easy-to-use products, and don't want to invest time on learning new or complex things.

This is a solution that I recommend, although there are a lot of products that are better.

I would rate this solution a seven out of ten.

The tool would see all the events and be able to judge on its own which event was not a big deal. It also gives you insights, email alerts and app directory changes. 

The solution helps me to go back in time and search for different events. For example, if you wanted to know who activated an account; you could go back in time and find out.

The product should  improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way.

I have been using the product for ten years. 

It's good. I haven't had an issue ever with stability. 

I think the solution scales well.

The solution is easy to deploy. 

We have had ROI with the use of the tool. 

I would rate the solution an eight out of ten. It's a good tool for what it costs.

I use SolarWinds for log and incident monitoring. More than 100 engineers at my company are currently using it. 

SolarWinds has provided greater visibility into incidents and activities on the network. It's crucial to have visibility into user activities, logins, event field attempts, etc.

SolarWinds is easy to configure, and it provides timely alerts.

I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture.

I have been using SolarWinds SEM for about four years.

SolarWinds is stable. 

I rate SolarWinds support eight out of 10. They're very helpful. 

Positive

I've used a couple of SEM solutions, like PRTG. SolarWinds is more like a log to get data or a smart listing. In many ways, SolarWinds is unique. I don't think there was a similar product. 

Setting up SolarWinds is straightforward, and you can deploy it in a few hours. One person is enough to deploy and maintain the solution. Our company trains people like me to use multiple solutions. 

For example, I am responsible for more than six solutions: SolarWinds, WhatsApp Gold, PRTG, and firewalls like MAC, TUM, WAF, etc. At other companies, you may have a whole team doing just two of those things. It may differ from company to company, but one person is enough at our firm.

You have to consider the costs of attacks. Sometimes it is not about what you get, but what you prevent yourself from losing. 

SolarWinds costs around $50,000, but I'm not certain because a different unit deals with costs.

I rate SolarWinds Security Event Manager eight out of 10. I would recommend it. Most of my friends are still using the solution. I rate it eight out of 10 because I think it still has room for improvement in terms of scalability. 

I would rate it nine for a small or medium-sized business. However, if I compare what it can do to the global market, it is more of an eight. When it was first released, these technologies were not too common, and SolarWinds LEM was still very popular. 

We use SolarWinds as a kind of SIEM solution, so I don't have other additional security needs. Lately, we've been exploring other solutions. We are a Managed Security Services Provider, and we have nine people predominantly working on that solution. We also have team members who work on multiple solutions.

Lately, all of the solutions continue to improve, so I believe SolarWinds will also improve. But all the solutions need to have the same features, so I don't see any specific feature that needs to be more user-friendly. There is no unique element that makes SolarWinds better than the others.

SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways. Another area that needs improvement is the integration of the IT framework. We are automating the framework using their tools. I think that automation will help.

We've been using SolarWinds for three years.

SolarWinds' stability is fine. I don't think we've had any software issues.

There are some scalability issues with SolarWinds. For example, whether it will be on-prem or on the cloud, there are several things we have to leave with the integrators. Many solutions are integrated. SolarWinds is not convenient enough to meet our current needs and it requires an upgrade, but I'm also thinking about some others. I believe that Azure is doing well as a cloud tool right now.

We're not happy with SolarWinds' support.

Whether SolarWinds is easy to set up depends on what you're doing. Before a technician did the implementation, someone had been tweaking and operating. However, the tool does not support many things or have much to offer.

Licensing cost it's an issue with SolarWinds. 

I rate SolarWinds six out of 10. Comparing SolarWinds with Azure, it seems like Azure can do much more, so we are considering switching to Azure. If you are thinking of adopting SolarWinds, I would suggest considering what your business needs. Every business has different requirements. For example, if you're an IoT guy, you don't need tools that will help you with your IT environment. If you're in the manufacturing or oil and gas industry, you have a combination of IT and IoT, so then you'll go for something that fits those needs.