LEMme tell you about Solarwinds LEM!
Overall Satisfaction with SolarWinds Log & Event Manager
- Incredibly easy to set up. It was deployed and had log sources pointed to it and performing basic correlations within a day.
- Auto-response. The automated responses that are available after deploying the agent give you incredible control to respond to events on your network.
- User-friendly interface. Some SIEMs can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
- No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed.
- Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.
- Faster turnaround when investigating access issues. LEM's search function allows you to quickly identify which ACL policy may be blocking a user's access - and as a result quickly resolve the issue.
- Regulatory compliance. If you have regulatory compliance requirements for security monitoring, this product will likely check off a few boxes.
- Stronger security posture. Not every company can afford a 24 hour Security Operations Center. Intelligent technology like LEM can help fill in those gaps to strengthen your security posture, and even allow for complex automated responses to threats during non-business hours.
In the past I have used Qradar, McAfee ESM, and RSA Security Analytics.
PROS:
Compared to these products, LEM is by far the most user friendly and easiest to deploy. LEM's ability to automate response and remediation also seems a cut above these products. LEM also ranks up at the top in terms of reliability. Very rarely have we had to resolve issues that prevented LEM from doing it's job.
CONS:
LEM is unfortunately lacking in the ability to create custom parsers like other SIEM solutions can. This means if LEM is unable to parse logs coming from a network appliance, you won't be able to view them until Solarwinds releases their official parser for that product. Complex correlations can also test the limits of LEM due to the way that logs are parsed into event type rather than log source type. Trying to correlate all of your IPS events in a complex correlation? This my prove to be difficult in LEM.