mag72

Splunk vs Solarwinds Log and Event Manager for SIEM

solarwinds vs splunk comparison for siem

When it comes to Event Log Monitoring and management, scalable overviews and the ability to respond to incidents and rectify problems is of the utmost importance. Two of the more popular and powerful monitoring programs are Solarwinds LEM and Splunk, and this article will outline key features and comparisons for each. The main application discussed from Solarwinds will be the Log & Event Manager and Splunk.

As far as installation goes, Splunk is definitely easy and quick. There is one base program to install, and then modules and add-on applications may be added from that program. The base program is fairly empty, and requires the user to add the necessary modules in order to make full or even partial use of the tool. On the plus side, the modules and add-ons are Free.

Solarwinds also has a fairly easy install. However, Solarwinds also separates key functions of network monitoring into several different installable programs. For example, if you want to monitor web traffic, you need to install the Network Traffic Analyzer add-on to the Network Performance Monitor program.

Features of Solarwinds LEM

Eliminate threats faster with instant detection of suspicious activity and Event correlation with Rules and Event based reporting and alerts

event log reporting and correlations

Using threat intelligence groups across the internet that monitor DDOS, botnets, SPAM and other threats online, Solarwinds LEM updates BAD IPs and Bad activity and assists you in Pinpointing Potential Security issues that could potentially cause issues in your infrastructure.

Threats that LEM protects you against include:

  • Malware Infections
  • Phishing Attempts
  • External Attacks from Known Malicious IP's and Hosts

LEM Allows you to create Rules and Filters that will automatically use the Threat intelligence data to help you thwart any attacks that could arise in your network before they occur.

Graphs and Reporting Features that assist in showing the constant threats and security issues that have been avoided within your Network and help meet compliance issues.

seim reports for compliance

File integrity Monitoring will help you comply with policy based auditing of files and registry keys and activity. You'll understand and have an overview of what files have been read, modified and deleted.

Monitoring file integrity will also assist with Compliance of Regulations including:

  • PCI DSS
  • HIPAA
  • Sarbanes-Oxley

hipaa pci sox templates

On top of all the features mentioned above, File Integrity Monitoring is more important than ever right now with the constant worry of Ransomware attacks and Malware that is posing threats on every business in the world.

Solarwinds helps you pinpoint file modifications and allows you to see what is going on within your network computers.

file integrity changes and monitoring

USB Drive monitoring is another great feature of Solarwinds LEM which assists you in blocking malicious executables that are set to auto-run when plugged into a USB port. The LEM Dashboard shows you threats from USB Devices, including USB Files that are created, modified, deleted, attached and Detached.

You have the ability to specify the blocking of USB executables along with other threats that are Auto-Run via USB Devices within the Dashboard.

usb device monitoring blocking

 

Comparison of Solarwinds LEM vs Splunk

Below you'll find a quick Comparison of the Solarwinds vs Splunk for SIEM and Event Log Analysis and Monitoring. For more information on each software, Please visit their Respective website to Download a Trial of the Software and test it out in your network. Download Links are available below as well!

Solarwinds LEMSplunk
Compliance Auditing
(PCI DSS, Sarbanes-Oxley (SOX),
HIPAA, ISO, NCUA, FISMA, FERPA,
GLBA, NERC CIP, GPG13,
DISA STIG)
Detect Suspicious/Malicious Activity
Real-Time Event/Threat Detection &
Aggregation
Real-Time Threat Remediation
Reports & Graph of Threat Management
File Integrity Monitoring (FIM)
Hardware device Monitoring
(USB Drives)
Customizable Dashboards
Robust Event Log Search/Indexing
Forensic Event & Incident Analysis
Threat Correlation Tracking & Analysis
Single Sign-On/LDAP FunctionalityOnly Available in Enterprise
and Cloud Versions
High Availability, Clustering &
Disaster Recovery
Only Available in Enterprise
and Cloud Versions
Download FREELearn More

Both Solarwinds and Splunk have an Array of Features, Tools and Capabilities that make them extremely attractive for SIEM, Threat Detection and Event Log analysis. We've Suggest you download either one of these Solutions based on your requirements to get a better feel for the software package.

Splunk has a basic Free Version That gives you Limited Access access to the Features, which is good for testing out at a basic level:

https://www.splunk.com and Click on “FREE SPLUNK” in the Top Right corner.

 

Solarwinds offers a 30 Day Free Trial that gives you Full Access to their Software suite without any Limitations.

Download Here:

http://www.solarwinds.com/siem-security-information-event-management-software

Marc Wilson

Marc is one of the Editors of PCWDLD & loves to get his Hands into Things he Shouldn't. He's passionate about Networking (Cisco, etc), Microsoft Server and has a knack for Audio Engineering as well. With an Extensive History in Windows Server Administration and Exchange Server Administration, Marc is paving the Future for newcomers to learn more about Tools & Software they can use to make your job easier!