Anomali Threat Platform

2 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.1 out of 101

SolarWinds Log & Event Manager

36 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.7 out of 101

Add comparison

Likelihood to Recommend

Anomali Threat Platform

Being the best threat intelligence platform/tool on the market, it is fantastic in terms of performance and it has taken a lot of burden of curating and weeding through false positives off of our team freeing them up to focus on manual threat hunting and content building.
No photo available

SolarWinds Log & Event Manager

SolarWinds Log & Event Manager (LEM) is a SIEM that is very well suited for environments where you have a small team managing your technology and need a powerful tool that is easy to set up and requires little maintenance and care to continue doing it's job. In the time that we have had LEM deployed, it has been very solid and has required very little intervention to resolve issues. It comes pre-packaged with some great correlations to get up and running right out of the box as soon as log sources are pointed at it. If you need a SIEM and either don't have the expertise in house, or don't want to spend the resources for professional services, this may be a good fit. There are only a handful of situations where we have run into LEM's limitations when trying to setup functionality or correlations. Otherwise, it is an excellent SIEM that offers some great features.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

Anomali Threat Platform
SolarWinds Log & Event Manager
6.7
Centralized event and log data collection
Anomali Threat Platform
SolarWinds Log & Event Manager
8.7
Correlation
Anomali Threat Platform
SolarWinds Log & Event Manager
8.0
Event and log normalization
Anomali Threat Platform
SolarWinds Log & Event Manager
7.7
Deployment flexibility
Anomali Threat Platform
SolarWinds Log & Event Manager
5.2
Integration with Identity and Access Management Tools
Anomali Threat Platform
SolarWinds Log & Event Manager
5.3
Custom dashboards and views
Anomali Threat Platform
SolarWinds Log & Event Manager
4.7
Host and network-based intrusion detection
Anomali Threat Platform
SolarWinds Log & Event Manager
7.0

Pros

  • Fantastic UI
  • STAXXX for sharing intelligence
  • Threat Intelligence feeds
  • Automation and collaboration cuts work down for the analysts
No photo available
  • Incredibly easy to set up. It was deployed and had log sources pointed to it and performing basic correlations within a day.
  • Auto-response. The automated responses that are available after deploying the agent give you incredible control to respond to events on your network.
  • User-friendly interface. Some SIEMs can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
No photo available

Cons

No answers on this topic
  • No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed.
  • Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.
No photo available

Alternatives Considered

No answers on this topic
In the past I have used Qradar, McAfee ESM, and RSA Security Analytics.
PROS:Compared to these products, LEM is by far the most user friendly and easiest to deploy. LEM's ability to automate response and remediation also seems a cut above these products. LEM also ranks up at the top in terms of reliability. Very rarely have we had to resolve issues that prevented LEM from doing it's job.
CONS: LEM is unfortunately lacking in the ability to create custom parsers like other SIEM solutions can. This means if LEM is unable to parse logs coming from a network appliance, you won't be able to view them until Solarwinds releases their official parser for that product. Complex correlations can also test the limits of LEM due to the way that logs are parsed into event type rather than log source type. Trying to correlate all of your IPS events in a complex correlation? This my prove to be difficult in LEM.
No photo available

Return on Investment

  • After the Initial startup cost, it has overall had a positive impact by increasing efficiency of the team and freeing up analysts to do manual threat hunting
No photo available
  • Faster turnaround when investigating access issues. LEM's search function allows you to quickly identify which ACL policy may be blocking a user's access - and as a result quickly resolve the issue.
  • Regulatory compliance. If you have regulatory compliance requirements for security monitoring, this product will likely check off a few boxes.
  • Stronger security posture. Not every company can afford a 24 hour Security Operations Center. Intelligent technology like LEM can help fill in those gaps to strengthen your security posture, and even allow for complex automated responses to threats during non-business hours.
No photo available

Pricing Details

Anomali Threat Platform

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

SolarWinds Log & Event Manager

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details