SolarWinds Security Event Manager Reviews

We are using this solution for our internal log event monitoring, as well as for file integrity monitoring.

SolarWinds LEM performs the job of log collection. It collects logs and nothing more. It does not really provide much in terms of security. It will trigger alerts but it will not give you any recommendations, filter according to rules, or anything other than logging the events if your server is attacked.

The most valuable feature is the reporting. The log conversion for generating reports is good.

The dashboard is running in Adobe Flash and this should be changed because there are vulnerabilities that are related to the browser. We constantly have to patch the system.

There is no information provided in terms of security.

The licensing model is poor, which in turn affects the scalability.

There is no correlation made between log entries, so no threat information is presented.

The performance degrades when there is a lot of traffic.

We have been using SolarWinds LEM for three years.

The stability is good when there are a low number of events per second on the servers. However, if there are a lot of events then the server is very slow. 

The scalability is poor because of the licensing. Having to buy blocks of fifty licenses is not good for our business. Our model is that of a managed service provider and our customers are interested in adding two or three nodes at a time. We cannot just keep buying fifty licenses at a time.

There is not much in terms of technical support because it is a web-based application. They do not support Adobe Flash because it is a third-party application. The just provide you the knowledge base, as with the other SolarWinds products. Using that, you experiment on your own.

It is a straightforward implementation. The deployment takes about two hours before everything is running.

Licenses can only be purchased in blocks of fifty at a time.

I am not expecting a future release of SolarWinds LEM because they have released another solution. They are continuing with a new security event and information management (SEIM) solution that is more suitable for large-scale enterprises.

I would rate this solution a five out of ten.

I use this solution to examine our logs and the logs of our customers

We have experience with on-premises deployments.

The most valuable feature of this solution is the visibility into both attempted and failed logins.

The query capability in this solution needs improvement. When you watch to fetch logs at specific times, sometimes there are issues.

The filtering engine needs to be improved to make it more accurate. When you are filtering, it comes with a lot of unwanted data.

I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis.

This is a stable solution. I have seen issues, but they have been related to the platform, and not to the product itself. We use this solution on a daily basis.

I don't think that this solution would do well for very large organizations. For smaller organizations, it should be good.

We have approximately three hundred users. The users are a mixture of programmers, system engineers, database administrators, and others in our IT company. 

When we were doing the scoping we left room to grow, I don't expect that we will be expanding our usage anytime soon.

I have used IBM QRadar. It is a SIEM solution, but it can do what LEM can do.

The initial setup of this solution is straightforward.

The length of deployment depends on how big the infrastructure is. Most of the deployments take less than a week, but some go beyond that. In my experience, it all depends on how many boxes you have and how many we are taking logs from. Some people will give you a whole list, while others will choose only specific things. You have to give people something that is unique to their environment.

One person is enough for the deployment.

I take care of the implementation and deployment of this solution.

We did not evaluate other options before choosing this solution. Some of the customers have their preference and will ask for something else, so that is what we will do for them.

My advice for anybody who is considering this solution is to really review their expectations. I know that some people who do not review their expectations are upset after the implementation because they feel that they are getting less than what they bargained for.

People also have to consider the system resources, and what they will be on the physical box or on a VM. If the proper resources are not assigned then it will impact the solution.

This is a good solution but there is no perfect system.

I would rate this solution a nine out of ten.

We primarily use the solution for monitoring the network.

The NTA & NPM are the most valuable features of the solution.

The solution is very user-friendly.

We're currently looking for an application monitoring solution and maybe a DHCP management module. It would be ideal if the solution could add these in its next release.

The solution should offer better support and better SLAs.

The solution is very stable.

Scalability is fairly simple if you have the right licenses in place

The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow.

We did previously use a different solution, but SolarWinds is much better. It's easy to interact with SolarWinds. It's easy to operate, easy to configure and is generally easier compared to what we were working with before.

The initial setup was straightforward. The deployment took about two weeks. You only need two people for both deployment and maintenance.

We handled the implementation ourselves in house.

It gives the business visibility as to what is down so that the turnaround time for fixes is much less.

We do a yearly license renewal.

We are using the on-premises deployment solution.

It is a good solution to work with and it's very easy to use. I would only ensure that the organization that decides to implement the solution has the internal capability to manage it. If not, then I would ensure that direct support or an SLA is in place to help handle any issues or troubleshoot problems. 

I would rate the solution nine out of ten.

We are using this solution for the purpose of security monitoring. It performs network behavior monitoring, log monitoring, and disaster recovery monitoring.  

The most valuable feature of this solution is the log monitoring.

The flash-based interface can be improved because sometimes, the speed of monitoring is reduced. The interface should be replaced with something else.

Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product.

The gadgets in SolarWinds should all be in one place.

There should be a default template because as it is now, the user has to create one for each and everything.

SolarWinds is a big brand, and they will adapt as necessary. 

Our monitoring team has between fifteen and twenty users.

We do not have any new infrastructure, so we do not need to increase usage at this time.

Technical support for this solution is good. We have had no problems with them.

Prior to this solution, we were using AlienVault and IBM QRadar. I have also used Nagios, which is faster than SolarWinds LEM regarding alerts.

I would not say that the initial setup is straightforward or complex. It is a bit of both. I would say it's forty percent straightforward and sixty percent complex.

Deployment time depends on the size of the infrastructure, the number of services that are going to be monitored, and the types of services.

This is one of the good products in this market. People are always looking for easy-to-use products, and don't want to invest time on learning new or complex things.

This is a solution that I recommend, although there are a lot of products that are better.

I would rate this solution a seven out of ten.

We have a hyper requirement to maintain logs of access and changes, so this solution logs everything.

The most valuable feature is the ease of use for the end user. 

It can be difficult for users who are inexperienced with the solution. 

It is managed by our tech support team that is in-house, so we do not need their tech support help. 

My advice to users of this solution is to make sure that you know what it is you are looking for, and what it is you are trying to log. Otherwise, it will be difficult to manage.

The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use.

It allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server. There was not much customization, which we had to do with Splunk.

I imagine we will have to develop our own reports soon, this seems to be more cumbersome.

For five months now.

Not really.

Not yet.

Not yet.

Good. There can be lag times on responses.

Eight on a scale of 10.

Splunk. The pricing was too high and you need a PhD on customizing the reports.

Setup was straightforward. We were able to use the default reports and window displays.

We did it ourselves.

The pricing was low, around 30K so ROI is less than one year. Splunk was elevating into the 100K arena.

Licensing is on devices, so if you have many, then this may be high. The storage can be an issue as well, we already had a SAN setup, but this is true for any SIEM.

Splunk and Oracle Audit Vault. We almost picked Oracle, because it pulls in the databases in a quick manner.

Don't over think the situation. We went with the one which had a better user presentation because we have managers using it as well. Splunk is nicer if you have a bunch of technical people wanting to play with it.

We were suffering from a lack of visibility into our logs, so we implemented SolarWinds LEM. After building a few rules and alerts, we were notified when events happened before our end users notified us. Many times we were able to fix an issue before a call to the helpdesk was made.

• Alerting
• Searching

The solution was a little slow when running some larger queries. After upgrading our SAN many of the problems disappeared.

Tech support was always on top of things. I usually got a response within a couple hours of opening a ticket and once on the phone, they took time to answer my questions.

We needed a product but didn’t have one. We found it when it was still Trigeo, and followed it to SolarWinds.

The initial setup was very easy to start getting logs to the solution. It took some time to understand what data to get and what was important.

We did the implementation. My advice, understand what you want in the system and after letting it collect some data, swing back and make sure you have everything setup that you need. Give it some time, and learn it to get the most use out of it.

It’s a great product, but like other SIEM software solutions, you only get out what you put into it.