We changed our name from IT Central Station: Here's why

SolarWinds Security Event Manager  OverviewUNIXBusinessApplication

SolarWinds Security Event Manager is #16 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give SolarWinds Security Event Manager an average rating of 6 out of 10. SolarWinds Security Event Manager is most commonly compared to Splunk: SolarWinds Security Event Manager vs Splunk. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
What is SolarWinds Security Event Manager ?

When TriGeo was acquired by SolarWinds, TriGeo SIM became known as SolarWinds Log & Event Manager. This product is a leading Security Information and Event Management (SIEM) product and log management solution, which provides log collection, analysis, and real-time correlation.

SolarWinds Security Event Manager was previously known as SolarWinds LEM, Solarwinds SIEM, TriGeo, Log and Event Manager.

SolarWinds Security Event Manager Buyer's Guide

Download the SolarWinds Security Event Manager Buyer's Guide including reviews and more. Updated: January 2022

SolarWinds Security Event Manager Customers

NetSuite, EasyStreet, Legacy Texas Bank, and Energy Federal Credit Union, to name a few.

SolarWinds Security Event Manager Video

Archived SolarWinds Security Event Manager Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Director, Technical Architect at Archer Information Technology
Real User
Can be used across many platforms and has a user-friendly GUI
Pros and Cons
  • "The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."
  • "The reporting could be more robust. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment."

What is our primary use case?

Our installation is on-premises at the moment. We are a consultant group so we implement multiple solutions for different customers using a variety of different products. Some clients are in the Cloud, some on a WAN network and some are on-premises. SolarWinds LEM is one of the products we use for certain purposes and often recommend.  

I'm very technical. I work as a network and security technical architect. At the same time, I also own the company, so I'm the director. I still remain very technically involved with the solutions and the architecture for solutions, based on networks and security. SolarWinds is one of the products that I use, amongst many others to fit the needs of our customers which includes their budget, size, and industry.  

What is most valuable?

I like the graphical user interface because it is very user-friendly. I like the fact that SolarWinds is a hybrid solution so you can use it across many platforms.  

What needs improvement?

I think the product can use some improvement on the reporting side. The reporting could be easier and more robust. I also think the NetFlow Analyzer component can be improved substantially in the way it is integrated with SolarWinds and with Orion. In my opinion, you are not able to drill down enough into traffic flows. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment.  

I think that incorporating a security management platform would also be good. This would be a solution like a dashboard or control panel where you can just snap-in modules. A global dashboard where you can snap in all the different types of solutions or the different types of services and products that you will leverage would be a great step forward in ease-of-use by making integration easier.  

For how long have I used the solution?

I've been using SolarWinds LEM since its inception, so that would be for close to 10 years.  

What do I think about the stability of the solution?

This product is quite stable and I don't have any issues with it on that level. I think one other thing that could be improved is that the Syslog Server should be integrated as a system startup service. Right now you have to bring it up and take it down manually. This isn't entirely a stability issue but it might be an improvement. It would be valuable especially in the security environment.  

What do I think about the scalability of the solution?

I think that the scalability of the solution is good enough. I don't think there are any issues with that.  

How are customer service and technical support?

I have not actually had to use technical support very much. I can not even count more than five instances in the span of 10 years where I had to call in with an issue. As I have not really had the need to actually go that route much, it is hard to give constructive feedback in that regard. But it may say something positive about the quality of the product.  

How was the initial setup?

The initial setup is pretty straight forward. In the standalone small business solution, we are using Microsoft SQL Express which is already integrated with the solution. I think they could make it easier to move from the Express version to the SQL Server version to give the user more flexibility.  

What's my experience with pricing, setup cost, and licensing?

As far as pricing, we always want it to be less expensive or more cost-effective as a consumer, especially when you take into consideration that SolarWinds has got a very broad spectrum of services that can be integrated easily but need to be licensed separately. I think they can come up with a way of putting bundles together which would encourage customers to use a wider array of their products and it could be a better way of increasing sales. People would show a lot more interest in a package deal instead of having to buy the products separately. Bundling might reduce instances where customers look at other solutions for comparisons. For example, I've got some clients that use the Web Help Desk solution, and some users that use the NetFlow Analyzer and SolarWinds. If these solutions could be bundled together in a more cost-effective package when they are purchased together, I'm sure that SolarWinds would realize a lot more sales of peripheral products and increase their total market share.  

The renewals are currently priced so attractively that they are much cheaper and more cost-effective than when you buy a solution brand new. This helps retain clients over time. My comments on cost mainly refer to the initial purchase of solutions where you are deploying a product and purchasing it for the first-time.  

What other advice do I have?

On a scale from one to ten where one is the worst and ten is the best, I would rate SolarWinds LEM as somewhere between eight and ten, so let's say nine. To make it a ten they would have to make improvements in pricing, reporting, and product integration. These facets of the solution are not so bad now but they can be improved.  

The advice I would give people considering network event management would be to go with the product that appeals to me the most. The advice that I would like to give would be to go with NPM (Network Performance Monitor) which is a different, more sophisticated SolarWinds product. As far as I'm concerned, that is a product that can challenge any competing product out there on the market. If anyone is looking to do any type of network performance monitoring at a high level, I would definitely recommend Network Performance Monitor Orion — the Orion version of the product of SolarWinds is the one to go for. As far as NetFlow Analyzer, I like it and it fits some company's needs very well, but I've used better products. That is why I mention making improvements in its feature set.  

From a security perspective, which is a lot of work that I do, the Syslog Server needs to be completely integrated as a system service. That is one of my biggest wishes for the improvement of the LEM product at the moment because the product itself is a good product. The only trouble is that when server engineers work on the servers and they perform some type of updates to get the operating systems back on par, or need to do something with security updates and so on, the servers get stopped. When the servers are rebooted, the Syslog Server does not automatically restart. That is a major problem, especially from an auditing perspective.  

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Solutions Engineer at a tech services company with 11-50 employees
Real User
Provides good visibility for login events
Pros and Cons
  • "The most valuable feature of this solution is the visibility into both attempted and failed logins."
  • "I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."

What is our primary use case?

I use this solution to examine our logs and the logs of our customers

We have experience with on-premises deployments.

What is most valuable?

The most valuable feature of this solution is the visibility into both attempted and failed logins.

What needs improvement?

The query capability in this solution needs improvement. When you watch to fetch logs at specific times, sometimes there are issues.

The filtering engine needs to be improved to make it more accurate. When you are filtering, it comes with a lot of unwanted data.

I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis.

For how long have I used the solution?

I have been using this solution for six years.

What do I think about the stability of the solution?

This is a stable solution. I have seen issues, but they have been related to the platform, and not to the product itself. We use this solution on a daily basis.

What do I think about the scalability of the solution?

I don't think that this solution would do well for very large organizations. For smaller organizations, it should be good.

We have approximately three hundred users. The users are a mixture of programmers, system engineers, database administrators, and others in our IT company. 

When we were doing the scoping we left room to grow, I don't expect that we will be expanding our usage anytime soon.

Which solution did I use previously and why did I switch?

I have used IBM QRadar. It is a SIEM solution, but it can do what LEM can do.

How was the initial setup?

The initial setup of this solution is straightforward.

The length of deployment depends on how big the infrastructure is. Most of the deployments take less than a week, but some go beyond that. In my experience, it all depends on how many boxes you have and how many we are taking logs from. Some people will give you a whole list, while others will choose only specific things. You have to give people something that is unique to their environment.

One person is enough for the deployment.

What about the implementation team?

I take care of the implementation and deployment of this solution.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution. Some of the customers have their preference and will ask for something else, so that is what we will do for them.

What other advice do I have?

My advice for anybody who is considering this solution is to really review their expectations. I know that some people who do not review their expectations are upset after the implementation because they feel that they are getting less than what they bargained for.

People also have to consider the system resources, and what they will be on the physical box or on a VM. If the proper resources are not assigned then it will impact the solution.

This is a good solution but there is no perfect system.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Learn what your peers think about SolarWinds Security Event Manager . Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,143 professionals have used our research since 2012.
Andrew Njagi
Communications and Networks Engineer at a transportation company with 1,001-5,000 employees
Real User
A solution that offers easy operation and configuration with a straightforward setup
Pros and Cons
  • "We did previously use a different solution, but SolarWinds is much better. It's easy to interact with SolarWinds. It's easy to operate, easy to configure and is generally easier compared to what we were working with before."
  • "The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."

What is our primary use case?

We primarily use the solution for monitoring the network.

What is most valuable?

The NTA & NPM are the most valuable features of the solution.

The solution is very user-friendly.

What needs improvement?

We're currently looking for an application monitoring solution and maybe a DHCP management module. It would be ideal if the solution could add these in its next release.

The solution should offer better support and better SLAs.

For how long have I used the solution?

I've been using the solution since 2005.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

Scalability is fairly simple if you have the right licenses in place

How are customer service and technical support?

The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow.

Which solution did I use previously and why did I switch?

We did previously use a different solution, but SolarWinds is much better. It's easy to interact with SolarWinds. It's easy to operate, easy to configure and is generally easier compared to what we were working with before.

How was the initial setup?

The initial setup was straightforward. The deployment took about two weeks. You only need two people for both deployment and maintenance.

What about the implementation team?

We handled the implementation ourselves in house.

What was our ROI?

It gives the business visibility as to what is down so that the turnaround time for fixes is much less.

What's my experience with pricing, setup cost, and licensing?

We do a yearly license renewal.

What other advice do I have?

We are using the on-premises deployment solution.

It is a good solution to work with and it's very easy to use. I would only ensure that the organization that decides to implement the solution has the internal capability to manage it. If not, then I would ensure that direct support or an SLA is in place to help handle any issues or troubleshoot problems. 

I would rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
‎IT Consultant at a consultancy with 5,001-10,000 employees
Consultant
Good security monitoring features, but the user interface needs to be replaced
Pros and Cons
  • "It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
  • "Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."

What is our primary use case?

We are using this solution for the purpose of security monitoring. It performs network behavior monitoring, log monitoring, and disaster recovery monitoring.  

What is most valuable?

The most valuable feature of this solution is the log monitoring.

What needs improvement?

The flash-based interface can be improved because sometimes, the speed of monitoring is reduced. The interface should be replaced with something else.

Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product.

The gadgets in SolarWinds should all be in one place.

There should be a default template because as it is now, the user has to create one for each and everything.

For how long have I used the solution?

We have been using this solution since the end of 2016.

What do I think about the stability of the solution?

SolarWinds is a big brand, and they will adapt as necessary. 

What do I think about the scalability of the solution?

Our monitoring team has between fifteen and twenty users.

We do not have any new infrastructure, so we do not need to increase usage at this time.

How are customer service and technical support?

Technical support for this solution is good. We have had no problems with them.

Which solution did I use previously and why did I switch?

Prior to this solution, we were using AlienVault and IBM QRadar. I have also used Nagios, which is faster than SolarWinds LEM regarding alerts.

How was the initial setup?

I would not say that the initial setup is straightforward or complex. It is a bit of both. I would say it's forty percent straightforward and sixty percent complex.

Deployment time depends on the size of the infrastructure, the number of services that are going to be monitored, and the types of services.

What other advice do I have?

This is one of the good products in this market. People are always looking for easy-to-use products, and don't want to invest time on learning new or complex things.

This is a solution that I recommend, although there are a lot of products that are better.

I would rate this solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Byron Anderson
Information Security Engineer at a cloud provider with 51-200 employees
Real User
We’re most impressed by LEM’s ease of deployment, automated reporting, and easy interface navigation.
We’re an Infrastructure-as-a-Service provider and a few months ago, a health care customer with a private cloud and mandatory HIPAA regulatory requirements approached us. The customer had one employee spending over a half day per week manually reviewing log files. Needless to say, manually reviewing log files is boring and generally not a good use of human time. It’s also easy to miss important information about malicious behavior. They had to review a large number of logs every single day, and they basically didn’t have a good way to do that—they had an employee manually scrolling through each log file. When you start looking at log files you quickly realize that there is not a lot of good in sitting there manually combing through them, especially when you don’t know the…

We’re an Infrastructure-as-a-Service provider and a few months ago, a health care customer with a private cloud and mandatory HIPAA regulatory requirements approached us. The customer had one employee spending over a half day per week manually reviewing log files. Needless to say, manually reviewing log files is boring and generally not a good use of human time. It’s also easy to miss important information about malicious behavior.

They had to review a large number of logs every single day, and they basically didn’t have a good way to do that—they had an employee manually scrolling through each log file. When you start looking at log files you quickly realize that there is not a lot of good in sitting there manually combing through them, especially when you don’t know the sorts of things that you’re looking for. The client came to us and asked if we could find a better way for them to manager their log files.

We came up with a new offering for the customer to provide log management using SolarWinds Log & Event Manager. We had a very short timeline to respond on this for one. We’re a SolarWinds customer, in fact we’ve been one for quite some time. At one point we used the LEM product in the lab at our company, so I mentioned that to our customer and gave them an overview of LEM to see if it would meet their needs. They very quickly decided it was just what they were looking for.

We’re most impressed by LEM’s ease of deployment, automated reporting, and easy interface navigation. It makes digging through tons of log files very quick and easy to find what you need.

Since this initial client implementation, more of our customers have now approached us with compliance and SIEM needs. We now address two distinct markets for our offering in our private cloud customer base: customers needing SIEM for security analysis and automated response, and customers needing to comply with standards such as HIPAA and PCI. Just months after introducing the offering, we already have several customer deployments and several more in the pipeline.

Update 5/20/2019

While I am still a huge fan of SolarWinds and the LEM solution; I have significantly downgraded this from my original review.  I feel as though LEM has not kept up with the rest of the SIEM industry which has seen significant advancements in the last few years.  LEM lacks many of the features that you can now find in many next-gen SIEM solutions such as integrated threat intelligence, User Behavior Analytics and integration with SOAR technologies.  If you are looking for a robust log management solution and LEM supports the log source you are looking to ingest then this could be a good solution for you; however, if you are looking for a next-gen SIEM solution I would caution you on LEM and suggest you look at other solutions.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Systems administrator at a healthcare company with 501-1,000 employees
Real User
Helps maintain logs of access and changes

What is our primary use case?

We have a hyper requirement to maintain logs of access and changes, so this solution logs everything.

What is most valuable?

The most valuable feature is the ease of use for the end user. 

What needs improvement?

It can be difficult for users who are inexperienced with the solution. 

For how long have I used the solution?

One to three years.

How is customer service and technical support?

It is managed by our tech support team that is in-house, so we do not need their tech support help. 

What other advice do I have?

My advice to users of this solution is to make sure that you know what it is you are looking for, and what it is you are trying to log. Otherwise, it will be difficult to manage.

What is our primary use case?

We have a hyper requirement to maintain logs of access and changes, so this solution logs everything.

What is most valuable?

The most valuable feature is the ease of use for the end user. 

What needs improvement?

It can be difficult for users who are inexperienced with the solution. 

For how long have I used the solution?

One to three years.

How is customer service and technical support?

It is managed by our tech support team that is in-house, so we do not need their tech support help. 

What other advice do I have?

My advice to users of this solution is to make sure that you know what it is you are looking for, and what it is you are trying to log. Otherwise, it will be difficult to manage.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Engineer at a government with 51-200 employees
User
Allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server.
Pros and Cons
  • "The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."
  • "I imagine we will have to develop our own reports soon, this seems to be more cumbersome."

What is most valuable?

The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use.

How has it helped my organization?

It allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server. There was not much customization, which we had to do with Splunk.

What needs improvement?

I imagine we will have to develop our own reports soon, this seems to be more cumbersome.

For how long have I used the solution?

For five months now.

What was my experience with deployment of the solution?

Not really.

What do I think about the stability of the solution?

Not yet.

What do I think about the scalability of the solution?

Not yet.

How are customer service and technical support?

Customer Service:

Good. There can be lag times on responses.

Technical Support:

Eight on a scale of 10.

Which solution did I use previously and why did I switch?

Splunk. The pricing was too high and you need a PhD on customizing the reports.

How was the initial setup?

Setup was straightforward. We were able to use the default reports and window displays.

What about the implementation team?

We did it ourselves.

What was our ROI?

The pricing was low, around 30K so ROI is less than one year. Splunk was elevating into the 100K arena.

What's my experience with pricing, setup cost, and licensing?

Licensing is on devices, so if you have many, then this may be high. The storage can be an issue as well, we already had a SAN setup, but this is true for any SIEM.

Which other solutions did I evaluate?

Splunk and Oracle Audit Vault. We almost picked Oracle, because it pulls in the databases in a quick manner.

What other advice do I have?

Don't over think the situation. We went with the one which had a better user presentation because we have managers using it as well. Splunk is nicer if you have a bunch of technical people wanting to play with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user313953
IT Manager at a computer software company with 51-200 employees
Vendor
Its alerting feature enabled us to fix issues before logging a call with the helpdesk.

How has it helped my organization?

We were suffering from a lack of visibility into our logs, so we implemented SolarWinds LEM. After building a few rules and alerts, we were notified when events happened before our end users notified us. Many times we were able to fix an issue before a call to the helpdesk was made.

What is most valuable?

  • Alerting
  • Searching

What do I think about the stability of the solution?

The solution was a little slow when running some larger queries. After upgrading our SAN many of the problems disappeared.

How are customer service and technical support?

Tech support was always on top of things. I usually got a response within a couple hours of opening a ticket and once on the phone, they took time to answer my questions.

Which solution did I use previously and why did I switch?

We needed a product but didn’t have one. We found it when it was still Trigeo, and followed it to SolarWinds.

How was the initial setup?

The initial setup was very easy to start getting logs to the solution. It took some time to understand what data to get and what was important.

What about the implementation team?

We did the implementation. My advice, understand what you want in the system and after letting it collect some data, swing back and make sure you have everything setup that you need. Give it some time, and learn it to get the most use out of it.

What other advice do I have?

It’s a great product, but like other SIEM software solutions, you only get out what you put into it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user121770
Manager of Information Technology with 51-200 employees
Vendor
We selected SolarWinds for 24/7 monitoring, forensic trail of unauthorized activity and security at the endpoint.
We needed a solution that could monitor and respond to all of our network and user activity, down to each endpoint, while providing auditors with granular and customizable reports and ensuring forensic traceability in the event of a breach or policy violation. We stumbled upon a couple of challenges known to other small to mid-sized enterprises Outsourced log management was too expensive and incredibly risky. Our network data is too valuable to share with another company. Our members trust us to keep all sensitive data in house. Enterprise-grade SIEM solutions are priced for large companies and thus stretched well beyond our IT budget. Additionally, all that money didn’t buy real-time analysis and blocking capabilities, which were the most important proactive defense to stop emerging…

We needed a solution that could monitor and respond to all of our network and user activity, down to each endpoint, while providing auditors with granular and customizable reports and ensuring forensic traceability in the event of a breach or policy violation.

We stumbled upon a couple of challenges known to other small to mid-sized enterprises:

  1. Outsourced log management was too expensive and incredibly risky. Our network data is too valuable to share with another company. Our members trust us to keep all sensitive data in house.
  2. Enterprise-grade SIEM solutions are priced for large companies and thus stretched well beyond our IT budget. Additionally, all that money didn’t buy real-time analysis and blocking capabilities, which were the most important proactive defense to stop emerging attacks. Enterprise tools watch, aggregate data, and report, but they don’t take action. We needed more advanced solutions to provide comprehensive network management capabilities in real time.

We selected SolarWinds LEM for four specific reasons:

  1. Right-sized for smaller budgets: The solution’s architecture and pricing are tailored to smaller companies. The appliance-based technology is plug-and-play, meaning that implementation takes hours, not weeks or months. And the cost starts at $20,000 – a fraction of competitors’ prices.
  2. 24/7 monitoring: SolarWinds LEM monitors all network activity – even when no one is watching – and stops policy violations and network and data breaches in real time, notifying network administrators of threats instantly via email, pager, and/or cell phone. I’ll even know if the cleaning crew or security guard is trying to log on after hours.
  3. Outing the insider: SolarWinds LEM provides a forensic trail of user activities. It identifies insider policy breaches instantly – including unauthorized USB flash drive insertions and downloads – and stops violators in their tracks while notifying network managers.
  4. Security at the end point: SolarWinds LEM’s solution controls policies from servers to endpoints, giving us the ability to shut down any system or user group across our seven branches in the event of threat detection. This granular control prevents fast-moving worms from spreading, quarantining at-risk systems before they can compromise member data.

With SolarWinds LEM, we’re exposing potential threats and preventing them from damaging our business. In one case, SolarWinds LEM instantly red-flagged multiple, simultaneous log-on failures. We examined the attempted user names, passwords, and incoming IP addresses, and quickly recognized that a bot was attempting to hack into our network. With the evidence provided by SolarWinds LEM, we contacted the hacker’s Internet service provider and shut them down.

SolarWinds LEM is a natural extension of our network. In reality, we consider the SolarWinds LEM appliance to be our fourth IT employee.

Disclosure: PeerSpot has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.
Buyer's Guide
Download our free SolarWinds Security Event Manager Report and get advice and tips from experienced pros sharing their opinions.