SolarWinds Security Event Manager Review

Provides good visibility for login events

What is our primary use case?

I use this solution to examine our logs and the logs of our customers

We have experience with on-premises deployments.

What is most valuable?

The most valuable feature of this solution is the visibility into both attempted and failed logins.

What needs improvement?

The query capability in this solution needs improvement. When you watch to fetch logs at specific times, sometimes there are issues.

The filtering engine needs to be improved to make it more accurate. When you are filtering, it comes with a lot of unwanted data.

I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis.

For how long have I used the solution?

I have been using this solution for six years.

What do I think about the stability of the solution?

This is a stable solution. I have seen issues, but they have been related to the platform, and not to the product itself. We use this solution on a daily basis.

What do I think about the scalability of the solution?

I don't think that this solution would do well for very large organizations. For smaller organizations, it should be good.

We have approximately three hundred users. The users are a mixture of programmers, system engineers, database administrators, and others in our IT company. 

When we were doing the scoping we left room to grow, I don't expect that we will be expanding our usage anytime soon.

Which solution did I use previously and why did I switch?

I have used IBM QRadar. It is a SIEM solution, but it can do what LEM can do.

How was the initial setup?

The initial setup of this solution is straightforward.

The length of deployment depends on how big the infrastructure is. Most of the deployments take less than a week, but some go beyond that. In my experience, it all depends on how many boxes you have and how many we are taking logs from. Some people will give you a whole list, while others will choose only specific things. You have to give people something that is unique to their environment.

One person is enough for the deployment.

What about the implementation team?

I take care of the implementation and deployment of this solution.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution. Some of the customers have their preference and will ask for something else, so that is what we will do for them.

What other advice do I have?

My advice for anybody who is considering this solution is to really review their expectations. I know that some people who do not review their expectations are upset after the implementation because they feel that they are getting less than what they bargained for.

People also have to consider the system resources, and what they will be on the physical box or on a VM. If the proper resources are not assigned then it will impact the solution.

This is a good solution but there is no perfect system.

I would rate this solution a nine out of ten.

Which version of this solution are you currently using?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
More SolarWinds Security Event Manager reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about SolarWinds Security Event Manager . Get advice and tips from experienced pros sharing their opinions. Updated: August 2021.
534,299 professionals have used our research since 2012.
Add a Comment
ITCS user