Try our new research platform with insights from 80,000+ expert users
PeerSpot user
IT Infrastructure Analyst at AG Group
Real User
Easy to install and will tell you such things as Failing MS SQL Server backups (Full, Diff or Transactional) etc
Pros and Cons
  • "It's extremely easy to deploy."
  • "It won't tell you when your backups are failing, but it will give you hints when your database is running on full recovery."

What is our primary use case?

The primary use case is for privilege account monitoring. It's monitoring admin accounts for things such as who logged in, where they logged in from, what time they logged in, and from what devices they used Remote desktop, with the privileged accounts.

It's a good tool to do troubleshooting, you can see extensive Info about Kerberos User Auth tickets or Windows Kerberos Machine Auth tickets, which can alert you to say , failing Kerberos Authentications due to incorrect NTP (Network time).

How has it helped my organization?

We're able to do a bit more in terms of forensic analysis.

I am able to correlate  the S.A.M. Service Applications Monitoring in SolarWinds ORION Platform.

I can trace back several things including the performance at a certain date and time. 

What is most valuable?

It's extremely easy to deploy.

The LEM 6.6, if it's a Windows host, you use the 64-bit or 32-bit installer, and  install it. Immediately, you'll start seeing Windows SYSTEM, SECURITY and Application Logs from the host where you deployed the Agent. So, this makes the deployment very easy to install.

On a daily basis, it's good for PKI monitoring.

It's very good for troubleshooting, and data monitoring. It gives you an advanced warning with your backups. If you have no monitoring tool in place, SolarWinds SIEM is a good place to start and very inexpensive.

What needs improvement?

They need to do better with the Connectors. I had to battle with the IIS Web server Connector that comes built in with this product. No matter how I configured the IIS Web connector, I never saw SW pull in any IIS logs from my hosts , where Agent was installed.?

They have over 500 connectors, but in my experience only handful work. Also there's no PowerShell Logging connectors, if you want to pull in PowerShell Logging logs from your hosts into the SIEM.

Buyer's Guide
SolarWinds Security Event Manager
October 2024
Learn what your peers think about SolarWinds Security Event Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.

For how long have I used the solution?

SolarWinds LEM is a product that I have been using for approximately a year and a half.

What do I think about the stability of the solution?

Very stable. It seems backend database is PostgreSQL and needs no maintanence.

What do I think about the scalability of the solution?

Not very scalable in my opinion. That's why I'm investigating new SIEM replacement.

How are customer service and support?

good. can be hit or miss sometimes, but sometime you get some good tech support over there.

Which solution did I use previously and why did I switch?

With this company, there was no real SIEM and no real use cases before I deployed it. Because of that, I can develop the use cases the educate the management on what they need in terms of SIS security monitoring.

How was the initial setup?

Very easy setup.

What about the implementation team?

in-house.

What was our ROI?

very good.

What's my experience with pricing, setup cost, and licensing?

Easy setup, very cheap and licensing cost is very fair and easy to understand

Which other solutions did I evaluate?

There was no time. Just read several reports from Gartner, IT Central etc. I did try ManageEngine , but it was a product which was already in Test phase implemented by my predeccesor

What other advice do I have?

n/a

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
‎IT Consultant at a consultancy with 5,001-10,000 employees
Real User
Good security monitoring features, but the user interface needs to be replaced
Pros and Cons
  • "It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
  • "Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."

What is our primary use case?

We are using this solution for the purpose of security monitoring. It performs network behavior monitoring, log monitoring, and disaster recovery monitoring.  

What is most valuable?

The most valuable feature of this solution is the log monitoring.

What needs improvement?

The flash-based interface can be improved because sometimes, the speed of monitoring is reduced. The interface should be replaced with something else.

Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product.

The gadgets in SolarWinds should all be in one place.

There should be a default template because as it is now, the user has to create one for each and everything.

For how long have I used the solution?

We have been using this solution since the end of 2016.

What do I think about the stability of the solution?

SolarWinds is a big brand, and they will adapt as necessary. 

What do I think about the scalability of the solution?

Our monitoring team has between fifteen and twenty users.

We do not have any new infrastructure, so we do not need to increase usage at this time.

How are customer service and technical support?

Technical support for this solution is good. We have had no problems with them.

Which solution did I use previously and why did I switch?

Prior to this solution, we were using AlienVault and IBM QRadar. I have also used Nagios, which is faster than SolarWinds LEM regarding alerts.

How was the initial setup?

I would not say that the initial setup is straightforward or complex. It is a bit of both. I would say it's forty percent straightforward and sixty percent complex.

Deployment time depends on the size of the infrastructure, the number of services that are going to be monitored, and the types of services.

What other advice do I have?

This is one of the good products in this market. People are always looking for easy-to-use products, and don't want to invest time on learning new or complex things.

This is a solution that I recommend, although there are a lot of products that are better.

I would rate this solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
SolarWinds Security Event Manager
October 2024
Learn what your peers think about SolarWinds Security Event Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
System Engineer at a government with 51-200 employees
User
Allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server.
Pros and Cons
  • "The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."
  • "I imagine we will have to develop our own reports soon, this seems to be more cumbersome."

What is most valuable?

The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use.

How has it helped my organization?

It allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server. There was not much customization, which we had to do with Splunk.

What needs improvement?

I imagine we will have to develop our own reports soon, this seems to be more cumbersome.

For how long have I used the solution?

For five months now.

What was my experience with deployment of the solution?

Not really.

What do I think about the stability of the solution?

Not yet.

What do I think about the scalability of the solution?

Not yet.

How are customer service and technical support?

Customer Service:

Good. There can be lag times on responses.

Technical Support:

Eight on a scale of 10.

Which solution did I use previously and why did I switch?

Splunk. The pricing was too high and you need a PhD on customizing the reports.

How was the initial setup?

Setup was straightforward. We were able to use the default reports and window displays.

What about the implementation team?

We did it ourselves.

What was our ROI?

The pricing was low, around 30K so ROI is less than one year. Splunk was elevating into the 100K arena.

What's my experience with pricing, setup cost, and licensing?

Licensing is on devices, so if you have many, then this may be high. The storage can be an issue as well, we already had a SAN setup, but this is true for any SIEM.

Which other solutions did I evaluate?

Splunk and Oracle Audit Vault. We almost picked Oracle, because it pulls in the databases in a quick manner.

What other advice do I have?

Don't over think the situation. We went with the one which had a better user presentation because we have managers using it as well. Splunk is nicer if you have a bunch of technical people wanting to play with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Alireza Ghahrood - PeerSpot reviewer
Alireza GhahroodConsultant & Instructor -Cyber Security,GovernanceRIskCompliance (CISO as a Services) at Independent
Top 10Real User

SolarWinds Log and Event Manager offers the core SIEM capabilities supported by nearly every SIEM, and in addition, the product also supports enhanced file and registry integrity monitoring to generate additional security log entries for endpoints. No other advanced security capabilities are available from SolarWinds Log and Event Manager.

Reporting capabilities
Robust built-in reporting capabilities are offered by SolarWinds SIEM product, including over 300 reporting templates. These templates address the requirements of many security compliance initiatives, including the following:

Federal Information Security Management Act of 2014
Gramm-Leach-Bliley Act
Health Insurance Portability and Accountability Act
International Organization for Standardization/International Electrotechnical Commission 27001/27002, Information Security Management
North American Electric Reliability Corporation Critical Infrastructure Protection
Payment Card Industry Data Security Standard
Sarbanes-Oxley Act

Information Security Analyst at Detecon Al Saudia Co. Ltd.
Real User
Good log collection and reporting, but it provides no security information and the licensing model needs to be changed
Pros and Cons
  • "The most valuable feature is the reporting."
  • "There is no correlation made between log entries, so no threat information is presented."

What is our primary use case?

We are using this solution for our internal log event monitoring, as well as for file integrity monitoring.

How has it helped my organization?

SolarWinds LEM performs the job of log collection. It collects logs and nothing more. It does not really provide much in terms of security. It will trigger alerts but it will not give you any recommendations, filter according to rules, or anything other than logging the events if your server is attacked.

What is most valuable?

The most valuable feature is the reporting. The log conversion for generating reports is good.

What needs improvement?

The dashboard is running in Adobe Flash and this should be changed because there are vulnerabilities that are related to the browser. We constantly have to patch the system.

There is no information provided in terms of security.

The licensing model is poor, which in turn affects the scalability.

There is no correlation made between log entries, so no threat information is presented.

The performance degrades when there is a lot of traffic.

For how long have I used the solution?

We have been using SolarWinds LEM for three years.

What do I think about the stability of the solution?

The stability is good when there are a low number of events per second on the servers. However, if there are a lot of events then the server is very slow. 

What do I think about the scalability of the solution?

The scalability is poor because of the licensing. Having to buy blocks of fifty licenses is not good for our business. Our model is that of a managed service provider and our customers are interested in adding two or three nodes at a time. We cannot just keep buying fifty licenses at a time.

How are customer service and technical support?

There is not much in terms of technical support because it is a web-based application. They do not support Adobe Flash because it is a third-party application. The just provide you the knowledge base, as with the other SolarWinds products. Using that, you experiment on your own.

How was the initial setup?

It is a straightforward implementation. The deployment takes about two hours before everything is running.

What's my experience with pricing, setup cost, and licensing?

Licenses can only be purchased in blocks of fifty at a time.

What other advice do I have?

I am not expecting a future release of SolarWinds LEM because they have released another solution. They are continuing with a new security event and information management (SEIM) solution that is more suitable for large-scale enterprises.

I would rate this solution a five out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Information Security Engineer at a cloud solution provider with 51-200 employees
Real User
We’re most impressed by LEM’s ease of deployment, automated reporting, and easy interface navigation.

We’re an Infrastructure-as-a-Service provider and a few months ago, a health care customer with a private cloud and mandatory HIPAA regulatory requirements approached us. The customer had one employee spending over a half day per week manually reviewing log files. Needless to say, manually reviewing log files is boring and generally not a good use of human time. It’s also easy to miss important information about malicious behavior.

They had to review a large number of logs every single day, and they basically didn’t have a good way to do that—they had an employee manually scrolling through each log file. When you start looking at log files you quickly realize that there is not a lot of good in sitting there manually combing through them, especially when you don’t know the sorts of things that you’re looking for. The client came to us and asked if we could find a better way for them to manager their log files.

We came up with a new offering for the customer to provide log management using SolarWinds Log & Event Manager. We had a very short timeline to respond on this for one. We’re a SolarWinds customer, in fact we’ve been one for quite some time. At one point we used the LEM product in the lab at our company, so I mentioned that to our customer and gave them an overview of LEM to see if it would meet their needs. They very quickly decided it was just what they were looking for.

We’re most impressed by LEM’s ease of deployment, automated reporting, and easy interface navigation. It makes digging through tons of log files very quick and easy to find what you need.

Since this initial client implementation, more of our customers have now approached us with compliance and SIEM needs. We now address two distinct markets for our offering in our private cloud customer base: customers needing SIEM for security analysis and automated response, and customers needing to comply with standards such as HIPAA and PCI. Just months after introducing the offering, we already have several customer deployments and several more in the pipeline.

Update 5/20/2019

While I am still a huge fan of SolarWinds and the LEM solution; I have significantly downgraded this from my original review.  I feel as though LEM has not kept up with the rest of the SIEM industry which has seen significant advancements in the last few years.  LEM lacks many of the features that you can now find in many next-gen SIEM solutions such as integrated threat intelligence, User Behavior Analytics and integration with SOAR technologies.  If you are looking for a robust log management solution and LEM supports the log source you are looking to ingest then this could be a good solution for you; however, if you are looking for a next-gen SIEM solution I would caution you on LEM and suggest you look at other solutions.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user631224 - PeerSpot reviewer
it_user631224Information Security Analyst at a non-profit with 1,001-5,000 employees
Real User

We have LEM and its been left to rot really and a new manager came in and we have bought logrythm but not put it in yet. Since we have LEM i am now thinking of getting it working and trying to get the money back on the logrythm as it sounds like a bit of loving care and it would work for us

See all 10 comments
it_user121770 - PeerSpot reviewer
Manager of Information Technology with 51-200 employees
Vendor
We selected SolarWinds for 24/7 monitoring, forensic trail of unauthorized activity and security at the endpoint.

We needed a solution that could monitor and respond to all of our network and user activity, down to each endpoint, while providing auditors with granular and customizable reports and ensuring forensic traceability in the event of a breach or policy violation.

We stumbled upon a couple of challenges known to other small to mid-sized enterprises:

  1. Outsourced log management was too expensive and incredibly risky. Our network data is too valuable to share with another company. Our members trust us to keep all sensitive data in house.
  2. Enterprise-grade SIEM solutions are priced for large companies and thus stretched well beyond our IT budget. Additionally, all that money didn’t buy real-time analysis and blocking capabilities, which were the most important proactive defense to stop emerging attacks. Enterprise tools watch, aggregate data, and report, but they don’t take action. We needed more advanced solutions to provide comprehensive network management capabilities in real time.

We selected SolarWinds LEM for four specific reasons:

  1. Right-sized for smaller budgets: The solution’s architecture and pricing are tailored to smaller companies. The appliance-based technology is plug-and-play, meaning that implementation takes hours, not weeks or months. And the cost starts at $20,000 – a fraction of competitors’ prices.
  2. 24/7 monitoring: SolarWinds LEM monitors all network activity – even when no one is watching – and stops policy violations and network and data breaches in real time, notifying network administrators of threats instantly via email, pager, and/or cell phone. I’ll even know if the cleaning crew or security guard is trying to log on after hours.
  3. Outing the insider: SolarWinds LEM provides a forensic trail of user activities. It identifies insider policy breaches instantly – including unauthorized USB flash drive insertions and downloads – and stops violators in their tracks while notifying network managers.
  4. Security at the end point: SolarWinds LEM’s solution controls policies from servers to endpoints, giving us the ability to shut down any system or user group across our seven branches in the event of threat detection. This granular control prevents fast-moving worms from spreading, quarantining at-risk systems before they can compromise member data.

With SolarWinds LEM, we’re exposing potential threats and preventing them from damaging our business. In one case, SolarWinds LEM instantly red-flagged multiple, simultaneous log-on failures. We examined the attempted user names, passwords, and incoming IP addresses, and quickly recognized that a bot was attempting to hack into our network. With the evidence provided by SolarWinds LEM, we contacted the hacker’s Internet service provider and shut them down.

SolarWinds LEM is a natural extension of our network. In reality, we consider the SolarWinds LEM appliance to be our fourth IT employee.

Disclosure: PeerSpot has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.
PeerSpot user
it_user104178 - PeerSpot reviewer
it_user104178Chief Marketing Officer with 201-500 employees
Vendor

LEM is not open source, it is a commercial product licensed by nodes. There is a free trial you can download at solarwinds.com/lem

See all 2 comments
Chief ICT Officer at Barbados Public Workers Cooperative Credit Union Ltd
Real User
Top 5Leaderboard
A highly reliable, with valuable features for monitoring & alerting, including email alerts
Pros and Cons
  • "The solution helps me to go back in time and search for different events. For example, if you wanted to know who activated an account; you could go back in time and find out."
  • "The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."

What is our primary use case?

The tool would see all the events and be able to judge on its own which event was not a big deal. It also gives you insights, email alerts and app directory changes. 

What is most valuable?

The solution helps me to go back in time and search for different events. For example, if you wanted to know who activated an account; you could go back in time and find out.

What needs improvement?

The product should  improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way.


For how long have I used the solution?

I have been using the product for ten years. 

What do I think about the stability of the solution?

It's good. I haven't had an issue ever with stability. 

What do I think about the scalability of the solution?

I think the solution scales well.

How was the initial setup?

The solution is easy to deploy. 

What was our ROI?

We have had ROI with the use of the tool. 

What other advice do I have?

I would rate the solution an eight out of ten. It's a good tool for what it costs.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
JohnTamakloe - PeerSpot reviewer
Solutions Architect at a tech services company with 51-200 employees
Real User
Top 5
The solution provides greater visibility into incidents and activities on the network.
Pros and Cons
  • "SolarWinds is easy to configure, and it provides timely alerts."
  • "I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture."

What is our primary use case?

I use SolarWinds for log and incident monitoring. More than 100 engineers at my company are currently using it. 

How has it helped my organization?

SolarWinds has provided greater visibility into incidents and activities on the network. It's crucial to have visibility into user activities, logins, event field attempts, etc.

What is most valuable?

SolarWinds is easy to configure, and it provides timely alerts.

What needs improvement?

I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture.

For how long have I used the solution?

I have been using SolarWinds SEM for about four years.

What do I think about the stability of the solution?

SolarWinds is stable. 

How are customer service and support?

I rate SolarWinds support eight out of 10. They're very helpful. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've used a couple of SEM solutions, like PRTG. SolarWinds is more like a log to get data or a smart listing. In many ways, SolarWinds is unique. I don't think there was a similar product. 

How was the initial setup?

Setting up SolarWinds is straightforward, and you can deploy it in a few hours. One person is enough to deploy and maintain the solution. Our company trains people like me to use multiple solutions. 

For example, I am responsible for more than six solutions: SolarWinds, WhatsApp Gold, PRTG, and firewalls like MAC, TUM, WAF, etc. At other companies, you may have a whole team doing just two of those things. It may differ from company to company, but one person is enough at our firm.

What was our ROI?

You have to consider the costs of attacks. Sometimes it is not about what you get, but what you prevent yourself from losing. 

What's my experience with pricing, setup cost, and licensing?

SolarWinds costs around $50,000, but I'm not certain because a different unit deals with costs.

What other advice do I have?

I rate SolarWinds Security Event Manager eight out of 10. I would recommend it. Most of my friends are still using the solution. I rate it eight out of 10 because I think it still has room for improvement in terms of scalability. 

I would rate it nine for a small or medium-sized business. However, if I compare what it can do to the global market, it is more of an eight. When it was first released, these technologies were not too common, and SolarWinds LEM was still very popular. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
Download our free SolarWinds Security Event Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free SolarWinds Security Event Manager Report and get advice and tips from experienced pros sharing their opinions.