Item: SolarWinds Security Event Manager (SEM)
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

The Solarwinds SEM is used for our client for 24/7 incident monitoring and reporting. The primary use is for account events, such as lockouts, disablement, and enablement to both user and computer accounts. It really works well in correlation and helps to stick with the audit and compliance. With a user-friendly web interface and automation modules, SolarWinds is an overall excellent cost-effective SIEM product if the intention is just to monitor for security incidents by manually created correlation rules.

Pros and Cons

Has a nice user-friendly interface. Some SIEM can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
The logging agent in the source device is really simple to deploy and integrate.
Monitoring and reporting the account disablement with detail to whoever disabled an account for audit and compliance.

Some logs are not parsed well, happen to depend on the external log parser tool.
The update method needs to be made even simpler, auto update would be better.
The email alert features with SolarWinds will send a large number of emails if the number of alerts email. The duplication of email alerting needs to be reduced.

Return on Investment

Helps to active the audit and compliance by proper log management for the complete retention period.
The Solarwinds SEM helps various IT departments such as server and network to work together using normalized common events. This increases operational efficiency and helps to find the hole in the infra.
for cognitive SIEM perspective, it doesn't helps to find the flaw in the network and impress management.

Alternatives Considered

IBM QRadar

I know the Qradar is not the right SIEM tool to compete with Solarwinds SEM but when we looked from a cost, audit & compliance perspective (which are major for many customers), we knew the log management and compliance with regulation would be achieved with SEM. But no machine learning stuff to impress by understanding the users' behaviors, as Qradar's add-on features do.

Other Software Used

Cisco Firepower 1000 Series, Zscaler Internet Access, SolarWinds Service Desk (SSD), Fortinet FortiGate

Likelihood to Recommend

The Solarwinds SEM will get your logs collected and analyzable, especially for Windows servers or workstations, it can be a good solution. Alerting and reporting need to be done manually, but once you have it set up the way you want, it will work solidly. If you are looking at a log collection solution that has any of its own smarts and analytics, Solarwind doesn't have such machine learning features, maybe in the future. If you want out of the box reporting and alerting, that won't happen. They need to create and fine-tune the rules more.

Products Replaced

Key Differentiators

Price
Product Usability

Solarwinds SEM is one of the less cost SEM in the market which suits all the requirement we have as an Security monitoring analyst. the User interface of the product is it's main advantage, simple UI helps anyone to learn faster and get in operation. Solarwinds is one of the reputed SEM with good price.

The SolarWinds SEM: Cost effective centralized log management tool that helps your audit and security.

Overall Satisfaction with SolarWinds Security Event Manager (SEM)