WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
See our complete list of Top 10 SIEM Products.
Company description: Since 1999, SolarWinds has been providing tools related to security, networks, servers, applications, storage, databases, virtualization and the cloud. It is a private company.
Product description: SolarWinds Log & Event Manager offers: ingestion and interpretation of logs; ability to connect to regularly updated threat intelligence feeds; correlation and analytics; advanced profiling; security alerts; data presentation and compliance. Additional features include file integrity monitoring (detection and alerts on changes to key files, folders, and registry keys), active response (allows users to automate incident response to counter real-time threats and take preventative actions such as blocking IP addresses, logging off users, shutting down machines and killing processes), USB Defender (monitors for unauthorized USB device usage) and SQL auditing (integrates with Microsoft SQL Server to provide a real-time feed of database activity such as schema changes, user/group additions, and changes and failures to do any activity such as insert, update, and delete).
Markets and use cases: It is said to be is ideally suited for tightly resourced, budget-conscious security teams as it is quick to deploy and easy to use. Mav Turner, Senior Director, Product Strategy, SolarWinds, added that it is particularly strong in sensitive and heavily regulated industries such as financial services, healthcare, and government agencies.
Metrics: Large deployments can receive up to 250 million events per day.
Security qualifications: CC certified at assurance level (EAL) 2+. Department of Defense (DoD) agency-specific certifications for the U.S. Army and Navy.
Intelligence: SolarWinds Log & Event Manager customers leverage pre-defined correlation rules targeted at user and system change monitoring. These rules include direct change auditing (user permission, metadata, group memberships, etc.) and system change auditing (policies, files, etc.). Thresholds for behavior can be applied to differentiate normal from abnormal behavior.
Delivery: It ships as a virtual appliance, which supports both VMware and Microsoft Hyper-V.
Agents: SolarWinds Log & Event Manager requires an agent to collect logs from servers and workstations. The agent can be deployed manually via a local installer, or pushed from a central machine via a remote installer.
Pricing: It is licensed based on the number of nodes sending logs to SolarWinds Log & Event Manager, not on log volume. Costs include all SIEM components. The company offers specialized pricing for Microsoft Windows workstations. Pricing starts at $4,495 for 30 nodes.