SolarWinds has released Security Event Manager (SEM), a SIEM solution for IT and security professionals. The new product essentially succeeds SolarWinds Log and Event Manager. And in some ways, it's also an alternative to SolarWinds Threat Monitor -- giving the IT management software company two SIEM (security information and event management) oriented options for customers.
MSSP Alert reached out to SolarWinds for further information about the positioning of SEM and Threat Monitor; whether the two products come from the same code base; and their use cases for MSSPs and MSPs. Here's a sampling of SolarWinds' perspectives.
On SEM vs. Threat Monitor product positioning: SolarWinds Director of Business Development Marco Muto said,
"SolarWinds has always been about meeting the customer where the customer wants us to meet them. Offering two flavors of threat detection and monitoring solutions on-premises and in the cloud gives our customers even more choice to tackle security the way they want to."
On SEM's market focus and capabilities: Muto offered these views,
"This replaces SolarWinds Log and Event Manager, adding key enhancements including three consoles for events, rules, and node & connector management, plus a file integrity monitoring upgrade, and the option to deploy using Amazon AWS. While a large part of the market is moving to cloud-based solutions, there is still a good sized portion that requires on-premises solutions. SEM addresses this need specifically. It’s also a great example of SolarWinds commitment to getting security solutions into the hands of tech professionals who can’t absorb the cost and complexity of the typical enterprise-level security software. The product combines core SIEM features including audit-ready reporting tools which is a critical piece for many organizations."
On each product's code base: Muto adds,
"SEM does not pull from the Threat Monitor code base; Threat Monitor is a SaaS-based solution while SEM is delivered on-premises. However, we are leveraging best practices from both products and looking at what we can share across the customer base."
More SolarWinds SEM Capabilities
Other SEM features, according to a press release, include:
- Amazon Web Services (AWS) Deployment: Ensures organizations can use SEM across AWS environments.
- Events Console: Provides real-time and historical viewing, searching and filtering of log data.
- File Integrity Monitoring Filter Exclusions: Offers file integrity monitoring to improve threat detection accuracy.
- Notes & Connector Management Console: Allows organizations to add new log sources and manage existing sources.
- Rules Console: Enables organizations to build and manage correlation rules to identify and respond to security weaknesses and cyberattacks.
SEM is now available, and pricing starts at $4,665. Also, SolarWinds is offering a free 30-day SEM trial.
SolarWinds Threat Monitor
In contrast to SolarWinds SEM, the company launched a Threat Monitoring Service Program (TMSP) at its Empower MSP customer conference in 2018. The program is designed to help MSSPs (in this case, TMSPs) build SOC services. Those TMSPs, in turn, can offer managed security services to smaller MSPs and end-customers. The offering is based on SolarWinds MSP’s Trusted Metrics acquisition of mid-2018.
Early TMSPs include Falanx Group and Secuvant.
SOCaaS and SIEM: Market Forecasts
Demand for various SOC as a Service (SOCaaS) and SIEM offerings continues to surge.
The global SIEM market is projected to expand at a compound annual growth rate (CAGR) of more than 12 percent between 2017 and 2021, market research firm Technavio stated. Global SIEM market revenues also could reach $5.9 billion by 2021.
Also, the global SOC as a service market size is expected to grow from USD$372 million in 2019 to USD $1,137 million by 2024, at a Compound Annual Growth Rate (CAGR) of 25.0% during the forecast period, according to Research and Markets.
Key MSP Software Industry Moves
Many of SolarWinds' core rivals in the MSP software market have been making security-centric moves. Key examples include:
ConnectWise has:
- introduced an identity risk assessment tool for MSPs;
- invested in Perch Security for threat intelligence;
- acquired Sienna Group for MSSP capabilities that MSPs can leverage; and
- promoted a NIST-developed cybersecurity framework for partners.
Continuum has:
- expanded and rebranded its cybersecurity services for MSPs;
- acquired CARVIR for expanded SOC capabilities; and
- accelerated its cyber strategy since an original launch in October 2017.
Datto has:
- Positioned its data protection platforms as a natural antidote to ransomware;
- Built security into its networking gear;
- Hinted that security surprises could surface at DattoCon 2019 in June 2019.
Kaseya has:
- Acquired ID Agent for dark web monitoring, threat intelligence and identity monitoring capabilities;
- acquired RapidFire Tools for internal threat detection, network and security assessments, and compliance products; and
- continued to round out its AuthAnvil multi-factor authentication and password management capabilities.
Additional insights from Daniel Kolbialka.
