This document compares the log management solutions SolarWinds Log & Event Manager (LEM) and Splunk. It outlines key advantages of LEM over Splunk such as node-based licensing, in-memory event correlation, advanced visual search tools, and active response capabilities. The document also provides details on LEM features like log collection, compliance reporting, real-time event correlation, and USB monitoring and prevention. IT professionals praise LEM's ease of use and ability to expose threats and prevent business damage. Resources for downloading a free trial and getting support are listed.

1. SolarWinds Log & Event Manager vs.
Splunk
September 2012
1

2. Agenda
» Top Reasons – LEM Over Splunk
» LEM vs. Splunk Comparison
» LEM Features
» What IT Pros say about SolarWinds LEM
» Helpful Resources
2

3. Top Reasons to Choose LEM Over Splunk
» Node-based licensing model
» In-memory event correlation
» Advanced visual IT Search
» Active Response technology
» End-point data loss protection with USB Defender
» No consultant do-it-yourself deployment
3

4. License Model
IMAGE COURTESY OF HTTP://GOV.AOL.COM/2012/06/13/BIG-DATA-VOLUME-AND-VALUE-REALLY-MATTER/
» LEM is licensed based on » Splunk licenses based on
the number of nodes that log volume
you are monitoring offering indexed/generated. This
greater predictability leads to a risk of exceeding
your license limit.
4

5. In-Memory Correlation
» LEM performs in-memory
event correlation allowing
you to analyze millions of
events across your
infrastructure in real-time.
» With Splunk, you need to
wait until the data has been
indexed and written to the
database prior to any
analysis
5

6. Advanced IT Search
» LEM uses a drag-and-drop » Splunk provides a 367 page
interface employing visual search manual of syntax
search tools such as word descriptions and usage
clouds, tree maps, bubble examples
charts, and histograms
6

7. Active Response
» LEM includes a library of » Splunk requires that you
built-in active responses manually respond to
that automatically responds actions and incidents
to operational issues and
taking actions
7

8. USB Defender
» LEM protects against end-point data loss with a built-in USB
Defender Technology that tracks unauthorized USB activity
and allows you to take immediate action.
8

9. Do-it-Yourself Deployment
» LEM allows you to be up
and running in no time
using a virtual appliance
deployment model, easy-
to-use web based console
and intuitive interface.
Consultants
» Splunk offers “Splunk
Professional Services” to
deliver deployment and
advisory services.
9

10. LEM Features
Log Collection, Analysis & Management Compliance Templates and Reports
Automatically indexes data from dozens Generate and schedule compliance
of security appliances, firewalls, and reports quickly with 300+ audit-proven
intrusion detection systems then templates and a console that enables you
normalizes log data into common formats to customize reports for your
to identify problems. organization’s specific needs.
10

11. LEM Features
Active Response & Threat Mitigation Real-Time, In-Memory Event Correlation
Proactively defend and mitigate security Analyze millions of events across your
threats with continuous real-time infrastructure with real-time, in-memory,
intrusion detection from multiple non-linear, cross-domain, and multi-
domains and systems. dimensional correlation.
11

12. LEM Features
Advanced IT Search USB Detection & Prevention
Explore data with drag-and-drop Protect sensitive data with real-time
simplicity and visual search tools to notification of USB devices and the ability
perform forensic analysis on events to to block their usage, as well as built-in
determine what really happened. reporting to audit USB usage over time.
12

13. LEM Features
Intuitive Drag & Drop Interface High Compression Data Storage
An easy to use interface with drag and Store log data in a high compression data
drop builders, clickable graphs and charts, store without worrying about
and tons of time saving features maintenance and administration and
satisfy your retention requirements.
13

14. What IT Pros are Saying
SolarWinds Log & Event Manager, Best Security
Information/Event Management (SIEM) Appliance
“We would need three or four experienced network
administrators working around the clock to manage the same
workload that SolarWinds LEM does. Even if we had the
money to staff an IT department like that, we still wouldn’t
get the same value and results that SolarWinds LEM delivers
day in and day out.”
- Ted Carmack, IS Manager, Energy Federal Credit Union
"With SolarWinds Log & Event Manager, we’re exposing
potential threats and preventing them from damaging our
business."
– Alan McHugh, Manager of Information Technology USPS FCU
14

15. Helpful Resources
Download a Free
SolarWinds Log & Even
Fully Functional 30-
day Trial
Compliance & Security
Test Drive the Demo
Navigating the LEM Con
Ask The Community
15