One of the services often offered by Managed Service Providers (MSP) is security services. And for those MSPs offering this type of service, it’s nice to be able to support it all using a single integrated tool.
The SolarWinds Threat Monitor is one such tool. It is an integrated tool that provides several different security services and that specifically targets Managed Service Providers or large organizations.
Today, we’re happy to bring you our review of this great product. As you shall soon see, this is a perfect solution for those who want to accomplish a lot with as little software as possible. Generally speaking, using an integrated tool such as this one is way easier than using individual tools for each function.
We’ll start off our exploration by first introducing SolarWinds MSP, a division of SolarWinds specializing in tools for Managed Service Providers. We’ll then introduce the SolarWinds Threat Monitor which we’ll follow with a description of the tools most important and significant features. Next, we’ll briefly review some of the most important benefits of the tool to your business and have a look at what little we know about the product’s pricing before we conclude.
About SolarWinds MSP
SolarWinds MSP was born by bringing together SolarWinds, SolarWinds N-able, and LOGICnow, three major players in the MSP tools market.
Before the creation of SolarWinds MSP, LOGICnow, and SolarWinds N-able provided outstanding software such as Remote Monitoring and Management, Backup and Disaster Recovery, Remote Control, Help Desk, Mail, and Risk Intelligence, all aimed at helping Managed Service Providers make the most of their business potential. The two companies served their clients in complementary ways. One served small and mid-sized MSPs beautifully, while the other was perfect for mid-sized and large MSPs.
Noticing how well the two companies fit together, the smart people at SolarWinds, a leading provider of products designed to make network and system administrators’ lives easier, brought the two together to form SolarWinds MSP. The result is a scalable, end-to-end IT service management platform built for MSPs of all sizes—from the one-person shops all the way to 100+ employee powerhouses.
Introducing the SolarWinds Threat Monitor
As a managed security service provider, your customers expect you to safeguard their businesses from security threats no matter what they are and where they are coming from. The SolarWinds Threat Monitor empowers managed security service providers of all sizes by reducing the complexity and cost of threat detection, response, and reporting. You get an all-in-one security operations center (SOC) that is unified, scalable, and affordable all within one tool.
Benefit from a powerful security center to offer a better value to your client with an all-in-one solution created to watch threats, automatically react to incidents, and generate compliance reports. Try the SolarWinds Threat Monitor and find out how you can stand out among the Managed Service Provider crowd with a tool designed with Managed Service Providers in mind.
Centralized Cloud Security Monitoring
Watch for potential threats, process them and generate reports from almost anywhere and at any time.
A powerful and intuitive cyberthreat engine to help you resolve issues quickly.
Efficiently provision and manage several clients from a unique user-friendly workspace.
Simple And Highly Scalable Deployment
You can easily modify the tool’s functionality as your clients’ activities grow.
Features Of The SolarWinds Threat Monitor
As an integrated security suite, the SolarWinds Threat Monitor is so rich in features that this post could be twice as long as it already is. There is so much to say about the product that we’ll have to limit ourselves the best and most important and significant features of the product. So, let’s see what the product has to offer in terms of features.
The idea behind the threat intelligence built into the SolarWinds Threat Monitor is to help you make smart decisions. The threat intelligence is continuously updated from multiple sources so you always have the most recent information. It is designed to help you find and respond to threats across your on-premises and hosted data centers as well as your public cloud environments like Microsoft Azure or Amazon AWS.
Security Information And Event Management (SIEM)
Security Information and Event Management (SIEM) tools are in a class by themselves. They offer protection against various types of threats by analyzing logged events from your devices. They go well beyond just reacting to specific events, though. SIEM tools correlate data from various sources and can analyze the trail left by an attacker on your devices, allowing you to locate and block it.
It is particularly complicated in the context of Managed Service Providers as correlation has to remain within each client’s domain. The Security Information and Event Management features of this platform can give you a centralized view into near real-time log notifications from your customers’ networks. The tool collects log-file information from several disparate sources and helps you hone in on the most critical threats by rapidly assessing intent and severity.
Log Correlation And Analysis
The SolarWinds Threat Monitor is designed to help discover threats for you, enabling you to focus on real threats, not sifting through logs. The system will correlate logs from your customers’ systems in near-real-time and analyze them against multiple sources of continuously updated threat intelligence.
When it comes to providing security-related services like threat detection to their customers, Managed Service Providers face challenges when gathering and correlating log data. For instance, applications running on customers’ networks may have different log output formats. Additionally, existing text search tools can have limitations that could potentially lead to key log data being overlooked or omitted. Furthermore, manually gathering and correlating log data can be complex and time-consuming. Many MSPs don’t have the time or the in-house expertise to accomplish this which can lead to event logs piling up while potential cyber incidents remain undetected.
The SolarWinds Threat Monitor is designed to reduce complexity by automating the log correlation and normalization process. This can potentially help reduce time spent gathering and analyzing logs, so you can focus on identifying threats to your managed networks.
This feature alone provides many benefits such as:
Streamlined Management Via Log And Data Collection In One Tool
Network logs are less useful for understanding cyberthreats when kept in isolation. You can often only recognize attacks when logs generated across your managed networks are analyzed side-by-side. This tool was designed to automatically collect logs and data feeds from nearly everything on your managed networks—including networking equipment, firewalls, servers, and more and organizes this information into a single solution.
Actionable Insights Via Automatic Log Normalization
As a Managed Service Provider, you may be responsible for managing networks that generate thousands—if not millions—of events in a short period of time. Manually identifying, categorizing, and making sense of these can be challenging and costly due to the amount of incoming data. This tool automatically correlates and normalizes logs to help you better identify the relationships between ongoing events.
Help With Demonstrating Regulatory Compliance
Many organizations must adhere to regulations for networked systems and security. The SolarWinds Threat Monitor was designed to help you gather information during the log correlation process that can be used to assist in demonstrating a strong security monitoring policy, which could help in demonstrating regulatory compliance.
Greater Visibility To Your Customer
This tool was also designed to help Managed Service Providers provide additional value via strong reporting. They can send reports to stakeholders that itemize security-related events and threats identified within a specified period. These reports can also help demonstrate the steps taken to address the risks.
Network And Host Intrusion Detection Systems
This feature is designed to pinpoint unwanted traffic and software across your managed networks and systems. It will alert you to unusual traffic patterns on the network and malicious software on systems. Small- and medium-sized businesses have at least two crucial assets to consider—their networks and their customer data. Both are connected in terms of security compromises. If a network is breached, the attackers will likely have a direct line to valuable data. The SolarWinds Threat Monitor can spot anomalies and it is designed to sound the alarm only when needed.
As an MSP, your customers trust you to keep their assets secure and help them avoid breaches. To keep that trust, you need a solution that, like the SolarWinds Threat Monitor, can help you proactively monitor your managed networks for malicious traffic and suspicious activity patterns as either of these could lead to a breach or threaten business continuity.
This excellent tool provides sophisticated threat detection capabilities that are kept current with a global threat intelligence feed. It was built to help you easily analyze network traffic and identify advanced threats across on-premises and hosted data centers, as well as public cloud environments like Microsoft Azure or Amazon AWS. It was truly designed to help you earn and keep your customers’ trust.
This is another feature of the product which provides extensive benefits such as:
Greater Visibility Into Network Intrusions
The SolarWinds Threat Monitor was built to help you determine the types and frequency of attacks against your managed networks. It can assist you in optimizing your security protocols to help safeguard your customers. In addition, this information can be helpful for creating risk assessment reports.
The tool was built to help improve efficiency by automating the complex processes of intrusion detection. The SolarWinds Threat Monitor deploys network sensors dedicated to detecting and analyzing threats and suspicious patterns to help you reduce wasted time running manual tasks.
Decreased Security Blind Spots
Just like when driving a vehicle, blinds spots should be avoided at all cost. When used in conjunction with the latest threat intelligence information, an intrusion detection solution can help you gain a more complete view of the evolving cyber threat landscape. This can, in turn, potentially make you better equipped to fight back against cyber threats.
Advanced Log Search
The SolarWinds Threat Monitor offers high-speed log search which can be of great help for post-incident forensic analysis. The tool will rapidly normalize, search, and analyze thousands of logs to help understand the nature of threats and attacks.
This is another super-useful feature of the SolarWinds Threat Monitor. It helps you react faster by setting the system to automatically respond to threats. You can, for instance, automate intelligent action steps to help remediate security incidents, reducing the need for constant user interaction. This feature gives you a sort of set-and-forget advantage. It might require some extra configuration but your efforts will be well-rewarded when a security event is automatically addressed—and resolved—by the system.
Nobody—not even Managed Service Providers—want to spend much time sitting in front of a dashboard, waiting for something to happen. This is where the tool’s Alarm Engine can come in handy. It will let you set rules to help make sure you receive only relevant alarms. The SolarWinds Threat Monitor was designed from the ground up to alert you to only relevant threats. It will distinguish benign activity based on user-configured thresholds and rules and ignore it. In addition, the system will help you identify and summarize important events.
Many of your clients must be subject to various regulatory compliance requirements. Even your organization, as a Managed Service Provider, might be. The SolarWinds Threat Monitor can help you simplify your compliance efforts—and your clients’—with detailed reports. You can start with some of the many pre-built report templates which are available on the system or create and/or customize your own reports to help with your efforts in passing regulatory and compliance audits
While this might not be the most useful feature of this platform, it certainly is one of the coolest. It allows you to custom-brand the tool’s interface with your own corporate image and logo. This is a simple measure but it goes a very long way into making your organization’s professionalism stand out.
Even more important than the custom branding of the tool’s user interface, the feature is also present in the tool’s reporting engine. This lets you deliver professional-looking reports that emphasize your organization’s service rather than the tool it’s using. It also helps reinforce the value of your services.
Not all security events are of short duration. Some will last a rather long time and sometimes leave a trail of evidence. The SolarWinds Threat Monitor will archive log events for up to one year. This lets you easily view threats over time to help identify and troubleshoot short-term issues, spot patterns and longer-term trends so that you can begin forensic investigations after a breach.
Benefits For Your Business
Reduce Noise With Centralized Security Monitoring
As you are probably aware, there’s simply no silver bullet in cybersecurity. Any security strategy worthwhile requires an all-encompassing approach. This can present a challenge, however. As the security tools you need to manage increase, so does your overhead. The SolarWinds Threat Monitor was designed to give you a central command hub to help you monitor for threats, respond to them, and generate reports from anywhere at any time
Cover Your Customer Base With A Multitenant Solution
As a managed security service provider, your security solution must be able to handle multiple customers at multiple locations. The SolarWinds Threat Monitor was built from the ground up with managed security service providers in mind, helping you seamlessly cover your customer base from a single, centralized dashboard.
Reinforce Your Value With Custom Branding
What your customers need from you is to keep them secure. Yet, one of the challenges with cybersecurity is that when you do your job well, customers don’t hear from you often. The SolarWinds Threat Monitor was designed to help remind your customers of your value by enabling you to custom-brand the tool’s interface and its reports.
Onboard New Customers Quickly With Simple, Scalable Deployment
It shouldn’t take you too long to set up a threat monitoring solution. And when you want to expand your business, onboarding should also be quick and hiccup-free. The SolarWinds Threat Monitor was built to be easy for Managed Security Service Providers of all sizes to set up and to scale. In a nutshell, the tool is automated threat hunting that’s designed to accommodate both your and your customers’ growth.
Licensing and Pricing
Pricing for the SolarWinds Threat Monitor starts at $4 500 for up to 25 nodes with 10 days of index and goes up from there based on the number of nodes and retention period. You can contact SolarWinds for a detailed quote customized to your specific needs. And if you prefer to see the product in action, you can also request a free demo from SolarWinds.
The SolarWinds Threat Monitor was designed to hunt threats and automatically correlate logs in real time from your customers’ ecosystems, analyzing them against multiple sources of continuously updated threat intelligence. It was created by a Managed Security Service Provider for Managed Security Service Providers and for any security-minded service providers.
The platform was built from the ground up to be fast, scalable, flexible, and most of all, to deliver efficiency when dealing with security events. Threat intelligence, alarms, and log correlation work, via a set of multi-conditional rules, helping remove noise and providing actionable notifications in real time. Extensive alerting keeps you ahead of threats and comprehensive reporting helps meet compliance requirements.
For a Managed Security Service Provider or a Managed Service Provider looking to grow their business, SolarWinds Threat Monitor is the cloud-based platform that can help you detect, respond to, and report on security events for your customers’ networks. In simpler terms, it gets the job done and this is what is most important.
Read SolarWinds Threat Monitor – REVIEW 2019 (Advanced Threat Detection and Monitoring) by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter