Cyber Threat Detection
Perform automated, in-depth threat detection across your network infrastructure
Correlate event logs with integrated cyber threat intelligence
SolarWinds Security Event Manager (SEM) is designed to automatically collect, organize, and normalize raw log data from across your network into a single, centralized location. Easily compare this system-wide log data against potential issues from an out-of-the-box threat database feed to better analyze event logs and detect potential threats. With SEM, administrators can carry out comprehensive endpoint detection, including firewalls, IDS/IPS devices and applications, servers, routers, switches, OS logs, and other relevant systems.
As SEM collects logs from these endpoints, it provides real-time correlation with a regularly updated security feed based on a variety of research sources. This allows SEM to tag events while detecting bad IPs and other potentially malicious activity. For up-to-the-minute security support, SEM automatically downloads the latest lists of confirmed bad actors, including potentially infected hosts, command and control networks, botnets, and spammers.
Achieve real-time, system-wide threat detection
Do you know what’s happening across your network? SEM performs continuous threat detection, monitoring, and alerting, so suspicious activities don’t go overlooked. The tool is designed to utilize automated processes of threat hunting across your devices and services, thereby minimizing the need for manual detection efforts. You can also set custom alerts or view SEM alert feeds to catch red flags, including:
- IDS/IPS systems with infection symptoms
- Antivirus software addresses potential infections
- Security system event stream triggers
- System errors and crash reports
SEM is designed to identify the services being consumed, thereby further reducing the manual effort required to detect cyber threats.
It’s also simple to drill down into logs with SEM grouping and filter features. SEM includes several filter categories out of the box, designed to support security industry best practices, such as events that could indicate virus attacks, events detected by IDS tools, and events from Windows event logs that contain the word “error,” which helps prioritize tasks.
Automate responses to cyber threat detection
Security Event Manager alerts can enable admins to take manual action more quickly, with the ability to configure the tool to perform automatic actions based on event types or log activity. Admins can use the SEM configuration options to create rules for responding to flagged threats, including security, operational, and policy-driven events. As part of the real-time threat detection process, SEM offers several automated Active Response actions, including terminating processes, logging off users, and blocking USB devices that may pose a threat. You can also configure the tool to quarantine infected machines, block IP addresses, and adjust Active Directory settings.
Catch threats from end-user activity, including USB use
Use Security Event Manager to track end-user activity in real time and know when privileged accounts are active, as well as how and where they are being used. You can also leverage the file integrity monitoring (FIM) function in SEM to view and address unauthorized or suspicious activity across files, folders, and Windows Registry settings. Fine-tune FIM filters to help ensure only higher-priority file changes trigger alerts. Additionally, SEM can provide real-time notifications when users connect USB devices, with reporting features to help you audit USB usage. If a USB device poses a potential threat, you can also create a USB device rule to instantly block an unauthorized connection.
Get More on Threat Detection
Do you find yourself asking…
Threat detection encompasses all the actions IT administrators take to identify, monitor, and understand potential cyber threats in a timely manner. Threat detection is one of the critical steps that IT administrators must take to protect a company’s network, digital resources, sensitive data, and end-users. One objective of advanced threat detection is to prevent threats from going undetected, an oversight that can cause significant harm to a business network. With many cyber threats, the potential for damage increases the longer the vulnerability remains unknown and unaddressed.
Another objective of threat detection is to understand the type and scope of a threat, enabling the quick implementation to security measures and the formulation of a plan for additional measures that can protect against similar cybersecurity risks in the future. Effective threat detection processes involve identifying anomalies in normal network behavior or comparing network activity or entities (such as IP addresses) to a list of known threats.
Threat detection encompasses all the actions IT administrators take to identify, monitor, and understand potential cyber threats in a timely manner. Threat detection is one of the critical steps that IT administrators must take to protect a company’s network, digital resources, sensitive data, and end-users. One objective of advanced threat detection is to prevent threats from going undetected, an oversight that can cause significant harm to a business network. With many cyber threats, the potential for damage increases the longer the vulnerability remains unknown and unaddressed.
Another objective of threat detection is to understand the type and scope of a threat, enabling the quick implementation to security measures and the formulation of a plan for additional measures that can protect against similar cybersecurity risks in the future. Effective threat detection processes involve identifying anomalies in normal network behavior or comparing network activity or entities (such as IP addresses) to a list of known threats.
Use threat detection to achieve an up-to-date overview of security
Security Event Manager
- Correlate log data with a regularly updated list of security threats
- Keep tabs on suspicious end-user activity like excessive login attempts
- Automatically gather logs from across integrated security tools
Starts at