Item: SolarWinds Security Event Manager (SEM)
Rating: 7
Author: Swetal Jariwala

Use Cases and Deployment Scope

It is being used, at this time, only by my department. We use it to collect logs from all our network devices, servers, and other devices we use to support our services. It is useful for us to have all of our logs in a single place and searchable.

Pros and Cons

SEM normalizes logs very well. It is simple to be able to compare fields in logs from say a Cisco router and a Windows server, especially timestamps.
SEM has great flexibility in customizing its various aspects, especially its correlation rules and reports.

SEM doesn't support out-of-the-box several device manufacturers that are used in my environment. For example, Peplink and Netonix.
I have to purchase a separate log parser tool rather than having it included in SEM.

Return on Investment

The price is very reasonable for all the features and customizations SEM has. I especially like that pricing is based on node sources rather than the number of logs or rate of log ingestion.
Needing to buy separate log parser tool is a negative.

Alternatives Considered

McAfee Enterprise Security Manager

I was using RSA Envision for many years but RSA discontinued its support and development and recommended to migrate to its NetWitness platform. The price was prohibitive. I evaluated McAfee's ESM but found it quite difficult to set up and use. Getting useful information from ESM took a lot of time and effort for configuration. I went with SEM because installation and configuration were relatively simple and quick. And the pricing was well within my budget.

Support Rating

I have yet to contact support.

Key Insights

Do you think SolarWinds Security Event Manager (SEM) delivers good value for the price?

Yes

Are you happy with SolarWinds Security Event Manager (SEM)'s feature set?

Yes

Did SolarWinds Security Event Manager (SEM) live up to sales and marketing promises?

Yes

Did implementation of SolarWinds Security Event Manager (SEM) go as expected?

Yes

Would you buy SolarWinds Security Event Manager (SEM) again?

Yes

Other Software Used

vRealize Suite

Likelihood to Recommend

SEM is great in my environment for monitoring Windows Event Logs to view any changes in Active Directory such as adding users to administrators and domain admins groups. Also for auditing configuration changes on Cisco devices, it is very useful. I find it not so useful for logs from the VMware NSX platform. For these logs, I use VMware's own vRealize Log Insight. It would be great if I could consolidate everything onto SEM and have a single place to collect and analyze all logs.

Many reasons to use SolarWind's Security Event Manager as your SIEM!

Overall Satisfaction with SolarWinds Security Event Manager