Security Information and Event Management (SIEM) has evolved to become one of the most trusted and reliable solutions for log management, security and compliance. This Slideshare presentation will cover critical topics to consider, when choosing an SIEM solution.
2. 2
Agenda
• SIEM- An Overview
• Factors to ensure when evaluating an SIEM solution
• Log Analysis & Event Forensics
• Automated Response to threats
• Compliance Regulations and Reporting
• Affordability of an SIEM Solution
• SolarWinds Log & Event Manager
• Top 3 reasons to try SolarWinds LEM
• ROI on SolarWinds LEM
2
3. 3
SIEM – An overview
» Security Information and Event Management (SIEM) has
evolved to become one of the most trusted and reliable
solutions for log management, security and compliance.
» The demand for SIEM is continuously increasing due to the
colossal surge of security breaches and cyber-attacks that
largely impact organizations.
» This presentation would cover critical topics to consider,
when choosing an SIEM solution.
SOLARWINDS LOG & EVENT MANAGER
4. 4
Factors to ensure when evaluating an SIEM
solution
» At the heart of an SIEM solution, we have:
• Log collection
• Event Correlation
» Logs are collected from across the IT infrastructure covering all your network
devices, security appliances, servers, workstations, databases, etc.
» Log correlation is real-time and happens in-memory to detect zero-day threat
vectors
SOLARWINDS LOG & EVENT MANAGER
5. 5
Factors to ensure when evaluating an SIEM
solution (Contd…)
» Your SIEM tool is able to perform multiple event correlation to process all time and
transaction-based events to provide actionable data and incident awareness
» Your SIEM tool sends you real-time notification and alerts about irregularities in the
network
» The success of a SIEM software depends on the principle and mechanism of
effective event log correlation.
SOLARWINDS LOG & EVENT MANAGER
6. 6
Log Analysis & Event Forensics
SOLARWINDS LOG & EVENT MANAGER
» Being able to gain quick access to historical log data and analyze events will help
you identify anomalies and deviant behavior network activity patterns.
» Ensure your SEIM software allows you to
• Interactively explore historical log data with simplicity and ease
• Isolate the root-cause of a threat, breach, failure or any non-compliant
activity
• Perform event forensics to determine what really happened before, during
and after the event
• Track log activity over time and in context of suspicious events
7. 7
Automated Response to Threats
» Incident response is the ability of the SIEM software to respond to a
detected (by log correlation) security threat, contain or prevent it with
automated response actions.
» The application of incident response has expanded beyond security to cover
IT troubleshooting and issue remediation for IT efficient IT administration.
» Your SIEM software should be able to
• Mitigate emerging security threats with automated active response
• Remediate operational IT issues with pre-programmed corrective actions
• Respond to policy violations and non-compliant activities with built-in
correlation rules
• Counter activities like insecure network connections, system settings and
policies and unauthorized network and user access, USB misuse, etc.
SOLARWINDS LOG & EVENT MANAGER
8. 8
Compliance Regulations & Reporting
SOLARWINDS LOG & EVENT MANAGER
» Satisfying compliance reporting requirements of key security policies such as PIC-
DSS, HIPAA, GLBA, NERC CIP, etc. is a key aspect of SIEM.
» With out-of-the-box reporting templates and the power of customization and
report scheduling, SIEM becomes an integral part of your IT security architecture.
» Starting from federal policies to compliance with internal corporate standards,
SIEM software should be able to provide
• Detailed reports of non-compliant activities and policy violations in the
network
• Historical system-based, user-based and network-based event data for
compliance auditing
• Information about threat response and mitigation measures carried out to
contain or prevent attacks
9. 9
Affordability of an SIEM Solution
» When you choose a SIEM software that provides most value for the
money you invest in.
» Choose an SIEM system that offers
• Node-based licensing to cover log collection and correlation from a variety of
network devices, servers and workstations
• Scalability and flexibility to expand to more nodes easily
• Simple-to-use software that is affordable, easy to evaluate and procure
SOLARWINDS LOG & EVENT MANAGER
10. 10
SolarWinds Log & Event Manager
» SolarWinds® Log & Event Manager (LEM) is an SIEM software that can help you
expand security and protection across the breadth of your IT landscape.
» SolarWinds LEM is an available as a virtual appliance offering centralized log
management and network defense from an intuitive Web-based interface.
» LEM provides built-in active responses to:
• Block an IP address
• Remove user from domain groups
• Detach USB devices
• Kill processes by ID or name
• Disconnect networking on computers
• Restart or shutdown machines, and more…
SOLARWINDS LOG & EVENT MANAGER
11. 11
Top 3 Reasons to try SolarWinds LEM
» Full-function SIEM capabilities including real-time event correlation,
alerting, log analytics, active response, USB Defense, and over 300 built-
in compliance repotting templates
» Easy to deploy and use virtual appliance available on intuitive Web
console
» Affordable and reliable SIEM software that monitors your entire IT
infrastructure 24/7
SOLARWINDS LOG & EVENT MANAGER
Download the fully-functional 30-day evaluation
of SolarWinds Log & Event Manager (LEM)
Check Out the Other Network Security
Solutions from SolarWinds
12. 12
ROI on SolarWinds LEM
» Increased Productivity: LEM automates your monitoring routine and reduces
time spent to normalize and analyze event logs. Also being a virtual appliance, it
helps in cutting costs and increasing efficiency.
» Enhanced Security: It helps you
• Reduce the time taken to identify attacks, thereby reducing their impact
• Reduce the time spent on forensic analysis
• Reduce the time and cost incurred on policy compliance
» Network High Availability: LEM helps you be proactive in detecting potential
network downtimes and device unavailability that cause business and service
interruption. Monitoring and analyzing logs from across the network will help get
real-time notifications on network issues, device configuration changes so
network admins can be prepared to troubleshoot issues immediately.
SOLARWINDS LOG & EVENT MANAGER