Security, et al

One of the most frequent complaints I hear from you folks is “We need a SIEM but can’t afford the big enterprise solutions.”  And as a tech-heavy small business owner I truly understand the need for software that installs in minutes and doesn’t require a ton of planning, learning, design and professional services before you start getting results.

Well, I’ve installed SolarWinds Log and Event Manager (LEM) in my lab and I can say that it is all of the above and more.  There’s actually no install of software or provisioning of a server because it’s a prebuilt virtual appliance.  When you download and run the LEM install package it simply unpacks the OVA template.  You just open VMWare or Hyper-V, deploy a new VM from template and point it at the file from SolarWinds.  After it boots up for the first time all you have to do is point your web browser at its DHCP assigned address which you can see in VMWare or Hyper-V.  Answer a few configuration questions such as static IP address and you are up and running.  To start pulling events from your servers click on Ops Center and click on the green plus sign.  We’re talking minutes.

LEM has all the features you need and expect from a SIEM.  And it’s flexible; you can monitor server logs with or without agents and you can also accept SNMP traps and Syslog flows from devices and UNIX/Linux systems. 

LEM is affordable, too.  It starts at $4495 and monitors up to 30 servers.  That’s the total price – no server OS or databases to license much less manage.

Since there’s such a need for affordable SIEM and log management and so many of you in my webinar are still trying get by with free utilities I’ve partnered with SolarWinds to raise awareness about LEM.  Please download it and try it out.  Even if you don’t have a virtualization server, you can still run the virtual appliance with a free desktop virtualization program like VM Player.  

LEM is affordable but it’s not “cheap” software.  LEM is actually one of the few SEIMs out there that implements my #1 feature: normalization and categorization.  LEM understands what events actually mean from each of the many, many log sources it supports.  By that I mean that whether the event comes from Linux, Windows, Cisco or anything other source if it’s a logon event (for instance) it gets parse and categorized as such.  This is important because every log source out there logs the same kind of events but in a different format.  None of us have time to learn all the formats and arcana out there about each log source.  LEM’s normalization makes so many things not only possible but also effortless.  For instance “show me all failed logon events for Randy Smith across all my systems and devices regardless of log source and format”.  Voila!

So, please, take a look at LEM.  Download it here.