Solarwinds LEM License
SolarWinds Log and Event Manager (LEM) is a helpful and great security information and event management solution (SIEM) for small and great companies and organizations. SolarWinds LEM is a comprehensive SIEM that aggregates, correlates, and normalizes log and data events into a central repository that can be easily managed by an IT team. With LEM functionality, the IT team can quickly scan or search historical event data and insert it into a report for forensic and more detailed analysis.
LEM virtual appliances can be deployed in a VMware ESX or Microsoft Hyper-V virtual environment, providing visibility into security events and helping with performance monitoring and compliance management.
Solarwinds LEM License key features
This solution can respond to a variety of events. Some highlights of this licensed solution:
- Provides IT compliance reports
- Provides USB device monitoring
- Enables real-time event correlation
- IT teams can perform advanced searches and forensics
- Enables active response through its agents installed on remote devices
Please note that LEM agents are the primary means of collecting data from remote devices such as servers, applications and workstations. These agents are responsible for gathering any kind of information, but they also have to respond promptly to an incident when it occurs. This is called active response technology.
Operations Center Dashboard
This screen provides a fully customizable dashboard that can easily see trends, node status, and alerts in one place. By clicking on any item on this dashboard you can get more detailed information about it.
Real-time Event Correlation
LEM is designed to receive and process thousands of event log messages generated by network devices. Potential threats or other security issues are identified by applying sophisticated matching engines to correlate events in real-time.
The dashboard in Figure 3 shows alerts as they flood. They are generated when the conditions match the rules previously defined in the LEM. Therefore, notifications can be configured for alert types that require immediate attention from the security team. The correlation rules are very flexible and simple. Rules can be configured to correlate events based on time, transactions that occur, or even groups of events.
Advanced Search and Forensics
Your ability to demonstrate the limited impact of a security incident could save your organization from fines, penalties and even legal action. With this licensed solution you can instantly see value with built-in defaults, correlation rules, reports, and active responses.
Real-time Event Correlation
Delayed detection and response to security threats can be costly for organizations of all sizes. You can get instant notifications and quickly remediate threats by processing log data in memory.
Threat Intelligence
IT security threats are dynamic and attack vectors are constantly changing. With Solarwinds LEM you can get alerts on suspicious security events with a threat intelligence feed that compares known malicious hosts and other risks to your environment.
USB Device Monitoring
USB flash drives pose a constant risk to IT security, whether they contribute to data loss or introduce threats to your network. Gain valuable insight into USB device and file activity while enforcing USB policies.
IT Compliance Reports
Demonstrating ongoing IT compliance to auditors can be challenging and time consuming. Improve compliance with out-of-the-box reports for HIPAA, PCI DSS, SOX, ISO, NCUA, FISMA, FERPA, GLBA, NERC CIP, GPG13, DISA STIG and more.
Active Response
Ongoing computer security requires quick action at the first sign of concern. Instantly mitigate threats with automated actions that block IP addresses, stop services, disable users, and more.
Active Response
LEM allows you to configure various automatic responses that agents run when an alert is detected. SolarWinds calls this “Active Response” and LEM includes a large library of possible responses to common situations. These include:
- Kill processes
- Reset passwords
- Block IP addresses
- Force users to log off
- Disable user accounts
- Restart or stop services
- Quarantine infected computers or force shutdown and restart
IT teams can however, still choose to manually respond to specific alerts with a few clicks on the dashboard. You can select an event from the monitoring windows and click the React button to immediately force a specific action.
USB devices continue to be a significant problem for many businesses. Hackers can steal a lot of sensitive data as many users are unaware of the dangers associated with these devices. Luckily, LEM can detect unauthorized access and copying of sensitive files and enable actions like auto-eject USB devices or quarantine workstations with USB devices.
Advanced Search Capabilities
NDepth is a powerful search engine used with the licensed LEM console that allows users to search for any original alert data or log messages that went through a specific agent. nDepth, available under the Explore option in LEM, performs custom searches, allowing users to explore search results with graphical tools and take action on their results.
The search interface is designed with a drag-and-drop interface like filters and rules. With this solution, running a search query is now more intuitive for IT administrators
This dashboard presents some visual analysis tools such as:
- Word Clouds: Keyword phrases that appear in the alert data.
- Treemap:Displays items that appear frequently in the data as a series of categorized fields.
Other visual widgets are also included, such as bar, line, pie, and bubble charts. It is possible to configure a histogram summarizing alarm activity over a specified period of time.
Reporting
SolarWinds technology includes a powerful reporting engine with Log and Event Manager. This licensed solution has 300+ built-in reports that can help reproduce any type of findings, from graphical summaries of activities to detailed threat and compliance reports.Compliance reports are specifically designed to show your organization’s compliance with standards and laws such as PCI DSS, Sarbanes-Oxley, HIPAA, and others. On the other hand, the reports can be fully customized to the needs of the organization.
Detect Suspicious Activity
Eliminate threats faster with instant detection of suspicious activity and automated responses.
Security Threat Mitigation
- Conduct security incident investigations and forensics for mitigation and compliance.
- Achieve auditable compliance
- Demonstrate compliance with audit-proof reports for HIPAA, PCI DSS, SOX, and more.
Maintaining Continuous Security
LEM is deployed as a hardened virtual appliance with data encryption in transit and at rest, smart card/SSO integration, and more.