SolarWinds Security Event Manager (SEM)

It came down to price on this one. SolarWinds gave us a great break on it. For the features that we were looking for, SolarWinds is a great value for our dollar. As far as features go, we were looking for some basics that SolarWinds had. We do look forward to implementing more features such as USB tracks. I would say that its simplicity and cost make SolarWinds SEM stack up quite well against its competitors. We installed the free trial and converted that to the production environment.

easier to use than Splunk, light linux core

Not applicable

This was the first product we used in this category and we are very happy with it.

Solarwinds Security Event Manager (SEM) is the best solution for price/performance. The solution has an easily understandable architecture and also the solution can be installed easily. The solution is a very stable and fast solution for our company size.

Fortianalzyer can only do logs from FortiGate so usefulness is limited. Elasticsearch was a lot slower than Solarwinds and the filters were a lot harder to set up and use. The connectors for SEM were far more stable.

Splunk was a pretty good product but the licensing structure needed a lot of work. They changed the structure three times that I am aware and I still had problems understanding LogRhythm had a lot of issues correlating users to IP addresses, the mappings were frequently wrong so this product could not be trusted in my environment as all our access logs are IP based and this needs to be matched to usernames from AD Fortianalzyer is a great product but it can only do logs from Fortigates so that was not helping for anything other than our firewalls.

We found that SolarWinds performed poorly when the Architecture included many large data centers spread across the globe. When evaluating the SolarWinds Security Event Manager (SEM) solution we quickly realized that we needed a distributed architecture with log aggregation to a Managed Security Services vendor. For this reason, we did not go with SolarWinds SEM however, it is an ideal solution for large enterprises with continental data center reach. Coupled with SolarWinds Network Performance Monitor, Application and Server Monitor, and other SolarWinds modules make this is an excellent solution for Enterprises looking for an end-to-end IT Operations tool.

SolarWinds SEM was selected because it integrates with VMAN on the Orion platform and allows all monitoring information and alerts to be aggregated in one place.

I have additionally used Netwrix Auditor, which has some similarity with SolarWinds SEM. I use both hand in hand, but typically use the SEM first since it is easier to manage. With Netwrix custom searches are more complex than customer searches in the SEM. The SEM makes it easy to save custom filters, which makes future similar research very easy.

We chose this product because of its integration to SolarWinds Orion. We were Threat Monitor users previously. This product has been a great substitute. Dollars to dollars this product performs fairly well.

I know the Qradar is not the right SIEM tool to compete with Solarwinds SEM but when we looked from a cost, audit & compliance perspective (which are major for many customers), we knew the log management and compliance with regulation would be achieved with SEM. But no machine learning stuff to impress by understanding the users' behaviors, as Qradar's add-on features do.

SEM is much better value proposition due to being priced by node and not by size of the event database. It's also much easier to configure that Splunk and needs much less infrastructure to run. Out of the box SEM beats Splunk on functionality. We looked at many products and compared before choosing SEM.

I find Tripwire Log Center to be adequate and stable but it lacks the graphics and the unified UI that you can have with SolarWinds products. It is also not as simple to set up and operate. One more advantage that SolarWinds products have is the THWACK forum, a big user base and plenty of documentation.

SolarWinds Security Event Manager (SEM) is more of a complete, turn key approach to event management.

It is a bit hard to compare, since Cortex XDR is kind of a different starship, with endpoint protection and such, and not really great for auditing Windows Event Logs.
ELK stack on the other hand is free in some of it's editions but seems much similar then Cortex. SolarWinds SEM has better premade dashboards and event filters.

We picked SolarWinds because of the better price point, integration with other SolarWinds products, and the ease of training. Because we were already familiar with the SolarWinds way of doing alerts and reports, it made this product a nice fit for our company and it has great capabilities built in to give our team a feeling of being more secure and to help deter possible attackers.

We had an older version of SolarWinds SEM, however, it was not being utilized.

This was recommended to us by a vendor. As we were using other SolarWinds products, we did not analyze many options.

The first reason is the ease of installation. Unlike competitor, SEM was running and partially deployed within a day. With the defaults already in the SEM, it's super easy to get result quickly, without a consultant. Also, it's not too resource-intensive, and does not require a complex setup. One server and you're good to go.

Several clients have moved away from LogRhythm because of cost. SEM offers the best ROI for the function. Its interface is much cleaner then LogRhythm. However, there is a steeper learning curve with SEM. The ease of search and data integrity offered by SEM is definitely a plus - as it stores multiple copies of the database and cross-checks for integrity.

It stacks behind it currently. We've decided as a company to go with CrowdStrike Falcom Endpoint Protection as our preferred method of protection after the Malware issues.

We use Splunk to also collect Syslog data across our enterprise. However, it is quite different in the correlation process. Splunk is less user-friendly and requires advanced-level training to manage. Solarwinds SEM is a lot easier to manage and set-up.

SolarWinds provides support so when you have problems you don't need to turn to information bases as you can just get a hold of SolarWinds support. I would say another reason for getting SEM is that it is generally easier to configure and easier to learn than the other solutions available, this means that IT staff at any level can easily learn how to start monitoring and alerting using a log-based solution. SEM also does a lot of the leg work for you whereas other solutions you have to get from point A to B on your own.