SolarWinds Log & Event Manager Integrates Log Collection with Threat Intelligence Feeds

By CIOReview | Wednesday, September 16, 2015

AUSTIN, TX: SolarWinds, provider of hybrid IT infrastructure management software, has enhanced SolarWinds Log & Event Manager- a powerful security information and event management (SIEM) product, by adding a threat intelligence feed to it.

Designed for resource-constrained IT organizations, SolarWinds Log & Event Manager offers threat intelligence data and automatically tags events to ensure that suspicious activity can be identified by simply running a report or search. IT security pros are there to identify known, proven threats and limit the impact of cyber-attacks by analyzing and comparing activity against a list of known malicious threats but now with a new security reality, even IT pros have to assume the worst.

“A breach has already occurred- it is imperative to have constant visibility into known threats in order to quickly detect security issues and limit the loss associated with a data breach. With added threat intelligence, SolarWinds Log & Event Manager now enables IT security pros to take immediate action if a threat is detected and proactively monitor for additional vulnerabilities in their environment,” says Nikki Jennings, Group Vice President, Product Strategy, SolarWinds.

Enhanced SolarWinds Log & Event Manager features out-of-the-box filters and correlation rules that can be customized to alert on specific threats; enables immediate action on any threat detected by disabling network connections; and automatically updates log normalization templates to allow SolarWinds Log & Event Manager to support the most current vendors and devices. 

Also, with the threat intelligence, latest Log & Event Manager integrates data from various threat feeds to quickly identify suspicious activity and pinpoint security issues, which comprises malware infections targeting internal hosts; phishing attempts, where internal hosts click on an unsuspecting email and “phone home” to a malicious command and control server; and external attacks from hosts that might be infected themselves.