SolarWinds LEM Review
We’re most impressed by LEM’s ease of deployment, automated reporting, and easy interface navigation.


We’re an Infrastructure-as-a-Service provider and a few months ago, a health care customer with a private cloud and mandatory HIPAA regulatory requirements approached us. The customer had one employee spending over a half day per week manually reviewing log files. Needless to say, manually reviewing log files is boring and generally not a good use of human time. It’s also easy to miss important information about malicious behavior.

They had to review a large number of logs every single day, and they basically didn’t have a good way to do that—they had an employee manually scrolling through each log file. When you start looking at log files you quickly realize that there is not a lot of good in sitting there manually combing through them, especially when you don’t know the sorts of things that you’re looking for. The client came to us and asked if we could find a better way for them to manager their log files.

We came up with a new offering for the customer to provide log management using SolarWinds Log & Event Manager. We had a very short timeline to respond on this for one. We’re a SolarWinds customer, in fact we’ve been one for quite some time. At one point we used the LEM product in the lab at our company, so I mentioned that to our customer and gave them an overview of LEM to see if it would meet their needs. They very quickly decided it was just what they were looking for.

We’re most impressed by LEM’s ease of deployment, automated reporting, and easy interface navigation. It makes digging through tons of log files very quick and easy to find what you need.

Since this initial client implementation, more of our customers have now approached us with compliance and SIEM needs. We now address two distinct markets for our offering in our private cloud customer base: customers needing SIEM for security analysis and automated response, and customers needing to comply with standards such as HIPAA and PCI. Just months after introducing the offering, we already have several customer deployments and several more in the pipeline.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
1 visitor found this review helpful

10 Comments

it_user131655Real User

Hi Byron,

We're HIPAA and PCI Certified because we have clients from the healthcare sector and clients from the financial Sector who are always dealing with credit card and ACH transactions. We were having the same issue. HIPAA' s security standards are not very high like PCI, since PCI is more on the security side. We had to review each and every single log from workstations, network gear, servers, firewall, etc.. Which was really boring.

Then finally we implemented OSSEC which is an open-source log management and event management tool, but it's really effective. It automatically reviews all logs and sends email alerts for only specific alert levels. We got PCI certified also with that. The PCI auditor was familiar with this tool so that was really good for us.

19 June 14
ctsandersResellerTOP 5POPULAR

I guess the question I have, have you tried other SIEM solutions on the market (i.e.

1. HP ArcSight

2. McAfee Nitro

3. IBM QRadar

4. Splunk SIEM

5. RSA Security Analytic

6. LogRhythm.

There is an investigative report for the various SIEM solutions on the market, Gartner has provided a quadrant analysis where the solutions are consistent?

Has anyone had any real-world experience using the various products?

Please elaborate.

Todd

24 June 14
ctsandersResellerTOP 5POPULAR
24 June 14
Byron AndersonReal UserPOPULAR

@raj10101 you are not kidding in that PCI is much more strict with regard to security requirements. We are just finishing up with our PCI certification as a service provider and the amount of work required was significant. Our auditors were also familiar with OSSEC; however, they were also familiar with LEM and several other tools. Because of our use of LEM we breezed through the Log Management components of PCI.

26 June 14
Byron AndersonReal UserPOPULAR

@ctsanders when we were in the evaluation process for a SIEM product I tried to evaluate IBM QRadar; however, after two weeks of working with IBM to try and get an evaluation copy of the software I finally gave up. Part of my evaluation of software is also an evaluation of the vendor that supports the software; if the vendor isn't responsive and willing to help me out then I am not interested in their software no matter how good it may be.

I have worked with Splunk and I think that it's an incredibly flexible framework; however, when it comes to SIEM I found that Splunk was more like being handed a bucket of parts and then having to go off and assemble my own SIEM versus having a working SIEM out-of-the-box. We are a service provider that offer the SIEM as SAS like solution so I wanted something that is quick to deploy and configure and shows quick value for a customer, Splunk was not that product.

I have not worked with any of the other products though I do hope to have an opportunity to work with them all at some point.

Ultimately at the end of the day it's all about finding a product that fits your specific needs. Every SIEM product I worked with and evaluated was significantly different which made the process both fun and difficult.

26 June 14
ctsandersResellerTOP 5POPULAR

@Bryon,

Ok, so I think the answer is no, lol. I do understand that it can be difficult to get a copy of the product but is there anyone who is part of this discussion has ever worked with the solutions described above?

I do agree that Splunk is like putting together a SIEM device but I am curious if individuals have worked with the items mentioned above, this will give me a real-world idea of some of the best products on the market (I do like the reports but oftentimes there are hidden agendas.

Todd

26 June 14
kapilmalik1983ConsultantTOP REVIEWER

Are Solarwind log management tools network tools? Can they even gather logs from clients and store in a centralized server?

06 July 14
Byron AndersonReal UserPOPULAR

@kapilmalik1983 I am not sure what you mean when you ask if it's a network tool? It runs on the network and does gather logs from any systems that can reach it on the network and then stores them in it's centralized repository.

04 May 16
Byron AndersonReal UserPOPULAR

@ctsanders I can assure you there are no hidden agendas here. In fact we just went back to re-evaluate Solarwinds Log & Event manager against other solutions to make sure it was the best solution for our new roadmap and we had several vendors including IBM and LogRythm provide us demo's of their products and our conclusion was that we are going to continue with Solarwinds Log & Event Manager as we felt it provided the best value.

04 May 16
Steve SwitzerReal UserTOP 5LEADERBOARD

We have LEM and its been left to rot really and a new manager came in and we have bought logrythm but not put it in yet. Since we have LEM i am now thinking of getting it working and trying to get the money back on the logrythm as it sounds like a bit of loving care and it would work for us

21 March 17
Guest
Why do you like it?

Sign Up with Email