Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.
N/A
SolarWinds Security Event Manager (SEM)
Score 7.8 out of 10
N/A
SolarWinds LEM is security information and event management (SIEM) software.
N/A
Pricing
Snort
SolarWinds Security Event Manager (SEM)
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Snort
SolarWinds Security Event Manager (SEM)
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Snort
SolarWinds Security Event Manager (SEM)
Features
Snort
SolarWinds Security Event Manager (SEM)
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Snort
-
Ratings
SolarWinds Security Event Manager (SEM)
8.9
18 Ratings
12% above category average
Centralized event and log data collection
00 Ratings
9.018 Ratings
Correlation
00 Ratings
8.015 Ratings
Event and log normalization/management
00 Ratings
8.018 Ratings
Deployment flexibility
00 Ratings
10.018 Ratings
Integration with Identity and Access Management Tools
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
Optimal for SolarWinds Security Event Manager needs for smaller companies - it is a very cool product but has some limitations around EPS (which gets chewed up quickly if you're doing it the right way & adding servers/storage/FW & other network devices)... Also pricing model is GREAT (not consumption-based, which is the greatest grift the SIEM industry has created).
It does a great job of notifying us when accounts have been locked out. We can then find out the device on the network where the login attempt occurred.
Searching for incidents is now a lot faster with the implementation of the HTML 5 interface.
All SolarWinds product suffer from slow response times in management portals. SolarWinds SEM is no exception. While it is much preferred over a "thick client" there is much room for improvement in speed.
If you use the email alert features with SolarWinds make sure to prepare you staff and team for the large amount of emails they could receive. Make sure to reduce the number of alerts so your team does not ignore the alerts.
It is pretty likely that we will renew SEM when the time comes up. It is easy to use and maintain so there isn't much of a need to replace this product. It is also a pretty fair price for the capabilities provided by the SEM
If you are familiar with SolarWinds then you can use this product it's as easy as that. If you have never used a SolarWinds product then it will take a minute to get how they do reports and make dashboards but that being said the tool is great and can make things very easy once you get a feel for how it works and get everything setup how you like it.
The quality of support can vary depending on whom you end up speaking with. I was fortunate enough to work with a support representative who was very familiar with the product. He had even authored some of the support documentation on the website. On the flip side, I had two other experiences where I was simply directed to online training material.
For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.
Fortianalzyer can only do logs from FortiGate so usefulness is limited. Elasticsearch was a lot slower than Solarwinds and the filters were a lot harder to set up and use. The connectors for SEM were far more stable.
For the price, it produced a decent value. It did a lot of the easy stuff well. I can't give any specific data given the objective of the product was to monitor very basic events in the environment.
