Hello, I'm Rob Johnson, Sales Engineer here at SolarWinds and today I'd like to introduce you to an important product in SolarWinds' security portfolio: SolarWinds Log & Event Manager or LEM.
Log & Event Manager is a Security Information & Event Management (or SIEM) product designed to make monitoring log data for security easy.
SIEM solutions, like LEM, are built on the principle that centralizing your log data, analyzing it in real-time, and providing you actionable intelligence is critical to keeping your business secure.
Core features of SIEM solutions include: Log & event data centralization, Event correlation historical analysis or search and reporting.
Log & Event Manager has these features and more.
The heart of any SIEM tool is data collection.
Collecting this data is the core of your ability to track, audit, and correlate critical security events.
LEM supports data collection from hundreds of different devices out-of-the-box.
These devices and logs generate messages that include things like authentication, network and security activity, system changes, and more.
Correlation is an important feature of true SIEM tools, and LEM provides real-time event correlation as your events are collected.
Correlation rules can be as simple as "any logon failure" to the more complex "alert on logon failures to my servers from remote desktop.
" Also, time and frequency correlations like "alert me when you see 5 logon failures from the same IP address to my servers from remote desktop" to multiple event correlations like "alert me when you see multiple logon failures followed by a successful logon from the same account.
" LEM also ships with hundreds of predefined correlation rules out-of-the-box to solve your most critical log & event monitoring needs quickly.
Beyond correlation, LEM has the ability to automate remediation steps with dozens of built-in active responses.
Within a correlation rule or manually from your LEM console, if you spot suspicious activity yourself , you can instantly perform actions like disabling a domain user account after repeat suspicious activity, removing a user from a privileged group like local admins, or blocking an attacking IP address.
LEM's visibility extends beyond servers and network devices into endpoint activity as well.
With USB-Defender, you can monitor systems for usage of USB mass storage devices, including what files and processes are being launched.
If you see something you don't like you can detach the USB device or build correlation rules to detach automatically based on what should be allowed.
If you need to extend your USB device policy to laptops that might be regularly disconnected or isolated, USB-Defender includes local policies that will be enforced as if they were.
Once you've started collecting log & event data, it's critical to have extended historical analysis, search, and reporting capabilities as well.
Troubleshoot or perform some basic forensic analysis with LEM's historical search functionality, which includes visual tools to help spot potential issues without combing through text of log records.
Report on historical data to create audit trails using our hundreds of pre-built report templates.
Last but not least, compliance initiatives all but spell out that a SIEM system is critical in establishing and maintaining compliance with requirements like PCI, HIPAA, Sarbanes-Oxley and others, not to mention countless internal audit requirements.
LEM includes content categorized specifically for compliance, making it easy to find various rules and reports applicable to a range of industries.
To learn more or to download a fully-functional 30-day trial of LEM, go to www.