Currently Security Engineers/Administrators are usually assigned with LEM Administrator role and responsible for creating and managing those security /correlation rules. LEM Administrator role has the power to create LEM rules with actions like Shutting down or restarting servers. This generates a big issue, actually a show stopper at implementation. Shutting down or restarting servers are really System Administrator's duty, not Security Administrator's. With FISMA, PCI compliance and SANS top 20 security controls, separation of duties is a must requirement. Think if you were Windows Admin who is responsible for Windows Domain controller, you wouldn’t want to be called midnight because a LEM Security Admin's rule that shut down his domain controller.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.