Threat Detection
Correlate event logs with integrated threat intelligence
SolarWinds® Security Event Manager (SEM) is built to automatically gather, organize, and normalize raw log data from across your network into one central location. Easily compare this system-wide log data against potential issues from an out-of-the-box threat database feed to better analyze event logs and detect potential threats. With SEM, admins gain a comprehensive overview of all their endpoints, including firewalls, IDS/IPS devices and apps, servers, routers, switches, OS logs, and other applications.
As SEM collects logs from these endpoints, it provides real-time correlation with a regularly updated security feed based on a variety of research sources. This allows SEM to tag events while detecting bad IPs and other potentially malicious activity. For up-to-the-minute security support, SEM automatically downloads up-to-date lists of confirmed bad actors like potentially infected hosts, command and control networks, botnets, and spammers.
Achieve real-time, system-wide threat detection
Do you know what’s happening across your network? SEM performs continuous threat detection monitoring and alerting, so suspicious activities don’t go overlooked. The tool is designed to use automated processes to detect threats across your devices and services, helping minimize the need for manual detection efforts. You can also set custom alerts or view SEM alert feeds to catch red flags, including:
- IDS/IPS systems with infection symptoms
- Antivirus software addressing potential infections
- Security system event stream triggers
- System errors and crash reports
SEM is built to identify the services that are being consumed, further reducing the manual effort it takes to detect cyber threats.
It’s also simple to drill down into logs with SEM grouping and filter features. SEM includes several filter categories out-of-the-box designed to support security industry best practices, such as events that could indicate virus attacks, events detected by IDS tools, and events from Windows event logs that contain “error.”
Automate responses to cyber threat detection
Security Event Manager alerts can enable admins to take manual action more quickly, with the ability to configure the tool to perform automatic actions based on event types or log activity. Admins can use the SEM configuration options to create rules for responding to flagged threats, including security, operational, and policy-driven events. As part of the real-time threat detection process, SEM offers several automated Active Response actions, such as killing processes, logging off users, and even blocking USB devices that may pose a threat. You can also configure the tool to quarantine infected machines, block IP addresses, and adjust Active Directory settings.
Catch threats from end-user activity, including USB use
Use Security Event Manager to track end-user activity in real time and know when privileged accounts are active, as well as how and where they are being used. You can also leverage the file integrity monitoring (FIM) feature in SEM to view and address unauthorized or suspicious activity across files, folders, and Windows Registry settings. Fine-tune FIM filters to help ensure only higher-priority file changes trigger alerts. Additionally, SEM can provide real-time notifications when users connect USB devices, with reporting features to help you audit USB usage. If a USB device poses a potential threat, you can also create a USB device rule to instantly block an unauthorized connection.
What is threat detection?
Threat detection consists of all the actions IT admins take to catch, view, and understand potential cyber threats in a timely manner. Threat detection is one of the critical steps IT admins must take to protect a company’s network, digital resources, sensitive data, and end users. One objective of threat detection is to prevent threats from going undetected, an oversight that can wreak havoc on a business network—with many cyber threats, the potential for damage increases the longer the vulnerability remains unknown and unaddressed.
Another objective of threat detection is to understand the type and scope of a threat to quickly implement security measures and formulate a plan for additional measures that could protect against similar cybersecurity risks in the future. Effective threat detection processes include finding anomalies in normal network behavior or comparing network activity or entities (like IPs) to a list of known threats.
How to Detect Cyber Threats
There are a wide range of tools designed to detect and counter cyber threats, but effective cyber threat detection relies on enhanced visibility and situational awareness. Your network and endpoints—including firewalls and other security applications like IDS/IPS and antivirus tools—are constantly generating logs. These logs are a valuable resource for threat detection, as certain types of log events or patterns may signal security issues.
As an admin, your best bet for achieving comprehensive threat detection is to first ensure that industry standard security measures are in place, then use SIEM log monitoring software that includes integrative threat intelligence features to monitor, resolve, and proactively prevent threats in the future. Admins can no longer rely on manually scanning logs and flagging suspicious activity, as doing so is too slow and leaves many attacks unnoticed. An automated threat detection tool can flag a spectrum of risks from code-red incidents to potential issues, then send immediate alerts, perform automatic responses to address and contain the situation, and provide historical and real-time access to additional details—so admins can drill down into devices and events when necessary. A threat detection system that includes robust prevention and real-time detection tools is your best bet for helping ensure network security.
Why is threat detection important?
The more businesses rely on digital technology and IT resources, the more vulnerable they can become to cyber threats. Bad actors or automated malware can target a business at any time, potentially causing loss of productivity, sensitive data, and profit. Of course, IT admins configure networks to protect against risk by incorporating firewall security, access controls, antivirus software, and application updates, among other tools. However, cyberthreats evolve rapidly and may be able to bypass these measures, or end users may inadvertently introduce risks. As a result, IT admins must have an adequate threat detection system in place.
With a real-time threat detection system, admins can receive alerts on any potential threats and drill down to more quickly and deeply understand the specific security issue. Admins can then take the necessary steps to protect their network and sensitive data or configure the threat detection tool to implement automatic responses itself.
What does a threat detection system do?
A threat detection system provides enhanced visibility into the integrity of network devices and services, including end user activities. One way for a threat detection system to ensure visibility is to collect and analyze event logs from across a network environment. An effective cyber threat detection system should provide a holistic view of critical information from these logs as well as flag potential issues, from repeatedly denied account logins to unauthorized changes in group policies.
A threat detection system can also collect and analyze information from existing IT security tools, like antivirus software or IDS/IPS tools, to detect unaddressed issues by providing a complete overview of your current network security situation. Additionally, a threat detection system should be able to perform automated actions that can resolve and support containing the threat until an admin can fully resolve an incident.
How does threat detection work in Security Event Manager?
SolarWinds Security Event Manager is designed to provide a more comprehensive overview of the security status of devices, services, and components across your infrastructure, enabling you to achieve more effective threat detection. The tool collects logs from across network infrastructure elements like workstations, firewalls, and routers. SEM then scans for suspicious log information, including end-user activity, and can compare log data to a database of known threats.
SEM even collects logs from network intrusion detection systems, antivirus tools, and other security software and integrates these details into one normalized, searchable, and centralized view of this log data. Admins can then use this information to optimize their security systems and protocols with its integrated and customizable rules, groups, and filter capabilities.
SolarWinds SEM allows for automated, in-platform threat detection responses, as the tool can be configured to shut down suspicious services, users, or devices. Suspicious log events like excessive login attempts or irregular traffic patterns can also immediately trigger admin alerts. Additionally, admins can use the built-in IT security reporting tools to produce audits that help demonstrate compliance.
- What is threat detection?
- How to Detect Cyber Threats
- Why is threat detection important?
- What does a threat detection system do?
- How does threat detection work in Security Event Manager?
- Related Features and Tools
What is threat detection?
Threat detection consists of all the actions IT admins take to catch, view, and understand potential cyber threats in a timely manner. Threat detection is one of the critical steps IT admins must take to protect a company’s network, digital resources, sensitive data, and end users. One objective of threat detection is to prevent threats from going undetected, an oversight that can wreak havoc on a business network—with many cyber threats, the potential for damage increases the longer the vulnerability remains unknown and unaddressed.
Another objective of threat detection is to understand the type and scope of a threat to quickly implement security measures and formulate a plan for additional measures that could protect against similar cybersecurity risks in the future. Effective threat detection processes include finding anomalies in normal network behavior or comparing network activity or entities (like IPs) to a list of known threats.
Use threat detection to achieve an up-to-date overview of security
Security Event Manager
- Correlate log data with a regularly updated list of security threats
- Keep tabs on suspicious end-user activity like excessive login attempts
- Automatically gather logs from across integrated security tools
Starts at
Subscription and Perpetual Licensing options available