SolarWinds Security Event Manager Review

We’re most impressed by LEM’s ease of deployment, automated reporting, and easy interface navigation.

We’re an Infrastructure-as-a-Service provider and a few months ago, a health care customer with a private cloud and mandatory HIPAA regulatory requirements approached us. The customer had one employee spending over a half day per week manually reviewing log files. Needless to say, manually reviewing log files is boring and generally not a good use of human time. It’s also easy to miss important information about malicious behavior.

They had to review a large number of logs every single day, and they basically didn’t have a good way to do that—they had an employee manually scrolling through each log file. When you start looking at log files you quickly realize that there is not a lot of good in sitting there manually combing through them, especially when you don’t know the sorts of things that you’re looking for. The client came to us and asked if we could find a better way for them to manager their log files.

We came up with a new offering for the customer to provide log management using SolarWinds Log & Event Manager. We had a very short timeline to respond on this for one. We’re a SolarWinds customer, in fact we’ve been one for quite some time. At one point we used the LEM product in the lab at our company, so I mentioned that to our customer and gave them an overview of LEM to see if it would meet their needs. They very quickly decided it was just what they were looking for.

We’re most impressed by LEM’s ease of deployment, automated reporting, and easy interface navigation. It makes digging through tons of log files very quick and easy to find what you need.

Since this initial client implementation, more of our customers have now approached us with compliance and SIEM needs. We now address two distinct markets for our offering in our private cloud customer base: customers needing SIEM for security analysis and automated response, and customers needing to comply with standards such as HIPAA and PCI. Just months after introducing the offering, we already have several customer deployments and several more in the pipeline.

Update 5/20/2019

While I am still a huge fan of SolarWinds and the LEM solution; I have significantly downgraded this from my original review.  I feel as though LEM has not kept up with the rest of the SIEM industry which has seen significant advancements in the last few years.  LEM lacks many of the features that you can now find in many next-gen SIEM solutions such as integrated threat intelligence, User Behavior Analytics and integration with SOAR technologies.  If you are looking for a robust log management solution and LEM supports the log source you are looking to ingest then this could be a good solution for you; however, if you are looking for a next-gen SIEM solution I would caution you on LEM and suggest you look at other solutions.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More SolarWinds Security Event Manager reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about SolarWinds Security Event Manager . Get advice and tips from experienced pros sharing their opinions. Updated: August 2021.
534,468 professionals have used our research since 2012.
Add a Comment
ITCS user

author avatarit_user131655 (Sr. Manager - IT at a tech services company with 501-1,000 employees)

Hi Byron,

We're HIPAA and PCI Certified because we have clients from the healthcare sector and clients from the financial Sector who are always dealing with credit card and ACH transactions. We were having the same issue. HIPAA' s security standards are not very high like PCI, since PCI is more on the security side. We had to review each and every single log from workstations, network gear, servers, firewall, etc.. Which was really boring.

Then finally we implemented OSSEC which is an open-source log management and event management tool, but it's really effective. It automatically reviews all logs and sends email alerts for only specific alert levels. We got PCI certified also with that. The PCI auditor was familiar with this tool so that was really good for us.

author avatarit_user3405 (Partner at a tech services company with 51-200 employees)

I guess the question I have, have you tried other SIEM solutions on the market (i.e.

1. HP ArcSight

2. McAfee Nitro

3. IBM QRadar

4. Splunk SIEM

5. RSA Security Analytic

6. LogRhythm.

There is an investigative report for the various SIEM solutions on the market, Gartner has provided a quadrant analysis where the solutions are consistent?

Has anyone had any real-world experience using the various products?

Please elaborate.


author avatarit_user3405 (Partner at a tech services company with 51-200 employees)

Report mentioned -

author avatarByron Anderson
Real User

@raj10101 you are not kidding in that PCI is much more strict with regard to security requirements. We are just finishing up with our PCI certification as a service provider and the amount of work required was significant. Our auditors were also familiar with OSSEC; however, they were also familiar with LEM and several other tools. Because of our use of LEM we breezed through the Log Management components of PCI.

author avatarByron Anderson
Real User

@ctsanders when we were in the evaluation process for a SIEM product I tried to evaluate IBM QRadar; however, after two weeks of working with IBM to try and get an evaluation copy of the software I finally gave up. Part of my evaluation of software is also an evaluation of the vendor that supports the software; if the vendor isn't responsive and willing to help me out then I am not interested in their software no matter how good it may be.

I have worked with Splunk and I think that it's an incredibly flexible framework; however, when it comes to SIEM I found that Splunk was more like being handed a bucket of parts and then having to go off and assemble my own SIEM versus having a working SIEM out-of-the-box. We are a service provider that offer the SIEM as SAS like solution so I wanted something that is quick to deploy and configure and shows quick value for a customer, Splunk was not that product.

I have not worked with any of the other products though I do hope to have an opportunity to work with them all at some point.

Ultimately at the end of the day it's all about finding a product that fits your specific needs. Every SIEM product I worked with and evaluated was significantly different which made the process both fun and difficult.

author avatarit_user3405 (Partner at a tech services company with 51-200 employees)


Ok, so I think the answer is no, lol. I do understand that it can be difficult to get a copy of the product but is there anyone who is part of this discussion has ever worked with the solutions described above?

I do agree that Splunk is like putting together a SIEM device but I am curious if individuals have worked with the items mentioned above, this will give me a real-world idea of some of the best products on the market (I do like the reports but oftentimes there are hidden agendas.


author avatarit_user2652 (Project Manager at a non-tech company with 10,001+ employees)
Top 20PopularVendor

Are Solarwind log management tools network tools? Can they even gather logs from clients and store in a centralized server?

author avatarByron Anderson
Real User

@kapilmalik1983 I am not sure what you mean when you ask if it's a network tool? It runs on the network and does gather logs from any systems that can reach it on the network and then stores them in it's centralized repository.

author avatarByron Anderson
Real User

@ctsanders I can assure you there are no hidden agendas here. In fact we just went back to re-evaluate Solarwinds Log & Event manager against other solutions to make sure it was the best solution for our new roadmap and we had several vendors including IBM and LogRythm provide us demo's of their products and our conclusion was that we are going to continue with Solarwinds Log & Event Manager as we felt it provided the best value.

author avatarit_user631224 (Information Security Analyst at a non-profit with 1,001-5,000 employees)
Real User

We have LEM and its been left to rot really and a new manager came in and we have bought logrythm but not put it in yet. Since we have LEM i am now thinking of getting it working and trying to get the money back on the logrythm as it sounds like a bit of loving care and it would work for us