IT-Security

Whether you are a one-stop-shop IT guy or a network admin on a large IT team you owe it to yourself to learn about Security Information and Event Management (SIEM) technology.

Why? SIEM lets you correlate between events recorded in different logs for related systems. This is significant because attackers often exploit multiple vulnerabilities on separate but connected systems.

For a complete picture of what’s going on in your network, look beyond the network itself to correlate events in applications, databases, and middleware.

With today's distributed applications, the challenge of troubleshooting more routine failures or slowdowns is not so different. The breakdown often lies in the connection between two systems, rather than in one or the other.

What makes a good SIEM tool different from all other management and monitoring tools you have is its breadth. SolarWinds Log & Event Manager is a powerful SIEM tool that pulls together logs from virtually every system that records events and normalizes the data into a common taxonomy.

This makes it easy to browse events in real-time, spot correlations, and search the history of interactions across devices, networks, operating systems, and applications.


You can do this the hard way or the easy way

Most IT pros will rely on complex scripts or programs to extract basic information from log data. This is especially challenging when you don’t really know what you’re looking for in the first place. Log & Event Manager uses normalized log data to make data exploration simple. It’s like a search engine for your log data.

Log & Event Manager uses a variety of visualization and data discovery techniques to help you filter through the hundreds of thousands of logs your network is generating. This makes it easier to identify the events that are most important.

Proactive Monitoring

Being able to investigate problems is good, but being able to prevent problems is even better! Log & Event Manager can be configured to detect important events, such as firewall rule changes or port scans, and alert you immediately.

With Log & Manager’s Active Response you can also define rules that dictate actions to be performed automatically. For example, Windows® agents can be programmed to restart applications that crash or freeze automatically. Other actions include blocking access from a specific IP address, shutting down a service, or deactivating a user account.

Using correlation rules, you can go beyond detecting a single event to watching for patterns within common problems, such as configuration changes that result in network slowdowns. A correlation rule might also detect three failed attempts within a 30-second window to log on to a server that manages payroll. In this case, that user’s account could be deactivated, either across a domain or on that local machine. LEM comes with more than 700 built-in event correlation rules, which you can clone and modify as needed.

Solutions Instead of Finger-Pointing

Think of Log & Event Manager as a tool to help teams of network, system, application, database, and security professionals act more like one big team. The key to achieving a high-performing, reliable system isn’t to expect perfection, but to improve prevention skills and work to resolve issues faster when things do go wrong.

Network administrators have limited visibility beyond their area of expertise. What we can do is work with them to pay attention to the borders between our specialties so that nothing falls through the cracks.

By correlating data across the entire IT department, we have the opportunity to not merely point fingers but discover the probable root cause of a problem. So instead of saying, “It’s not the network, it’s the application,” you can indicate to where your system administrator peer can start looking by pointing to a specific series of log entries correlated with an application failure.

Additional features of Log & Event Manager:

  • Quickly conduct forensic analysis to figure out what happened before, during, and after an event to isolate fault and determine root cause.
  • Explore and analyze data intuitively with visual search tools, including word clouds, histograms, tree maps, and charts to easily spot anomalies and trends.
  • Leverage basic keyword searches and partial information to surface events. Then, with the click of a button, drilldown for more detailed data.
  • Build complex searches fast with a simple drag-and-drop interface, as well as save and reuse custom searches.
  • Run scheduled searches with the ability to automatically export and email results upon completion.
  • SolarWinds® Log & Event Manager (LEM) gives you advanced IT search functionality that enables you to view log data in a way that makes sense for fast and effective log management.


SHARE THIS

Author:

Previous Post
Next Post