SolarWinds LEM License
Table of Contents
SOLARWINDS LOG & EVENT MANAGER (LEM)
Over 3500 resource-constrained security professionals rely on SolarWinds Log & Event Manager (SIEM) for powerful, affordable, and efficient security information and event management. The all-in-one SolarWinds Log & Event Manager combines business tools such as log management, correlation, reporting, file integrity monitoring, user activity monitoring, USB detection and prevention, threat intelligence and active response in a virtual appliance – that’s easy to deploy, manage, and use.
KEY FEATURES OF SOLARWINDS LOG & EVENT MANAGER
PROACTIVE LOG ANALYSIS
The multitude of distributed systems, applications, and networks in the organization’s infrastructure – they all have associated log files. However, this information is useless if the organization can’t effectively collect and analyze it. SolarWinds Log & Event Manager not only provides real-time log analysis, but also delivers interactive data visualization and built-in knowledge that automates collecting, normalizing, and interpreting logs from a variety of devices and applications. This means users can immediately spot events that are of interest and take action.
REAL-TIME EVENT CORRELATION
Correlating millions of events from organization’s network, systems, applications, virtual machines, and storage infrastructure can be daunting… unless organizations have SolarWinds Log & Event Manager at their fingertips. With nearly 700 built-in correlation rules, SolarWinds LEM starts delivering visibility right out of the box, eliminating hours of work. Moreover, it creates a very simple correlation rule builder that employs a graphical interface to quickly build custom rules.
AD HOC IT SEARCH
Log & Event Manager’s advanced ad-hoc IT search capability makes it easy to discover issues using a drag-and-drop interface that tracks events instantly. With an intuitive search interface, customers can get immediate insight into activities that would normally go unnoticed. Using a unique Word Cloud, along with treemaps, bubble charts, and histograms, SolarWinds Log & Event Manager offers a fully interactive search environment that enables users to visualize search data and understand how to take action on it. Finally, innovative approach to data aggregation, archiving, and encryption enables users to quickly and securely search terabytes of data.
Log & Event Manager makes it easy to generate and schedule compliance reports quickly using over 300 audit-proven templates and a console that enables to customize reports for organization’s specific compliance needs. Users can even schedule the reports to run on a regular basis. Moreover, reports can be exported in a wide variety of formats. Finally, users can be assured that SolarWinds Log & Event Manager also meets the security monitoring and log management requirements imposed by every major auditing authority.
ACTIVE RESPONSE & THREAT MITIGATION
Log & Event Manager enables organizations to immediately respond to security, operational, and policy driven events. With built-in active responses users can quarantine infected machines, block IP addresses, kill processes, and adjust Active Directory® settings.
USB DETECTION & PREVENTION
USB devices are a nightmare for IT administrators because gigabytes of sensitive data can just walk out through the door. In order to prevent business from data loss, Log & Event Manager includes unique technology that tracks USB activity identifies unauthorized use or copying of sensitive files. In fact, this product can notify network admins in real time, disable user account or automatically eject the USB drive.
WHO SHOULD USE LOG & EVENT MANAGER?
Resource-constrained security pros challenged with:
- Lack of visibility into attacks as well as limited time for staffed monitoring
- Compliance demands requiring automation or file integrity monitoring
- Inability to priorities, manage, and respond to security incidents
- Slow incident response time
- Inability to determine the root cause of suspicious activity
- The need to monitor internal users for acceptable use and insider threats
- The need to share log and activity data across security, network, applications, and systems
- Inefficient, inoperable, or costly existing SIEM implementations