Prosperon Networks Ltd

SolarWinds Security Event Manager (SEM) License

SolarWinds® Event Manager (SEM), formally SolarWinds Log & Event Management is a powerful SIEM solution. Combining log management, correlation, forwarding, reporting, file integrity monitoring, user activity monitoring, USB detection and prevention, threat intelligence, and active response into a virtual appliance, that’s easy to deploy, manage, and use.

Features

• Integrated Compliance Reports
• Event-time Correlation Of Events
• Automated Threat Remediation
• Advanced Search & Forensic Analysis
• File Integrity Monitoring
• USB Device Monitoring

Benefits

• Proactive Threat Detection & Defence
• Increase Security Visibility
• Respond To Treats Faster
• IT Compliance & Reporting
• Resolve Security Issues Faster
• Reduce Data Breaches

£2,837 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at carol.sanchez@prosperon.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

881588227417995

Contact

Carol Sanchez
01903 340993
carol.sanchez@prosperon.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Other SolarWinds Orion Modules
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None.
• System requirements:
  • Microsoft Windows Server
  • Microsoft SQL Server

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Response times vary, but the customer will receive an acknowledgement of the technical case within an hour of raising a support ticket. We do not have set SLA's.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers have access to the SolarWinds Academy: https://support.solarwinds.com/SuccessCenter/s/solarwinds-academy?language=en_US; Customers can also purchase Smart Start services: https://support.solarwinds.com/SuccessCenter/s/smart-start-onboarding-program?language=en_US
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is stored in the customer's environment. Prosperon does not have access to customer's environment.
• End-of-contract process: This depends on whether the license is perpetual or subscription. For perpetual or subscription licenses customer retains any collected data. If customer decides to end a subscription license, no new data will be collected and support and maintenance services would also terminate. If customer terminates the support and maintenance services for perpetual licenses, the product will still operate and new data will be collected but customer will not have access to any future product updates.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: SolarWinds offer a REST API with CRUD operations. https://github.com/solarwinds/OrionSDK
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: SolarWinds' dashboards, reports and alerts can be customized from the web console.

Scaling

• Independence of resources: This question is not applicable as the product is installed in your own environment.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: SolarWinds

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Prosperon as a SolarWinds reseller shares with you SolarWinds Security Statement regarding Data Protection. For further information, please visit this link: https://www.solarwinds.com/security/security-statement; ; SolarWinds continually works to develop products that support the latest recommended secure cipher suites and protocols to encrypt traffic while in transit. We monitor the changing cryptographic landscape closely and work to upgrade our products to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility for older clients.
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users primarily export data using the out of the box reporting features. There is also an API available that can be used for this purpose.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HTML
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HTML
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: This product is installed in customer's own infrastructure and therefore, this question is not applicable.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: This specific product is installed in your own infrastructure, and can also leverage your infrastructure resiliency. This product is installed in many secure and critical government networks.
• Approach to resilience: SolarWinds follow a defined methodology for developing secure software that is designed to increase the resiliency and trustworthiness of their products. Their products are deployed on an iterative, rapid release development lifecycle. Security and security testing are implemented throughout the entire software development methodology. Quality Assurance is involved at each phase of the lifecycle and security best practices are a mandated aspect of all development activities. Their secure development lifecycle follows standard security practices including vulnerability testing, regression testing, penetration testing, and product security assessments. The SolarWinds architecture teams review their development methodology regularly to incorporate evolving security awareness, industry practices and to measure its effectiveness.
• Outage reporting: This question is not applicable as the product is installed in your own environment.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: SolarWinds require that authorized users be provisioned with unique account IDs. Their password policy covers all applicable information systems, applications, and databases. Their password best practices enforce the use of complex passwords which are deployed to protect against unauthorized use of passwords. SolarWinds employees are granted a limited set of default permissions to access company resources and the corporate intranet. Employees are granted access to certain resources based on their job function. Approvals are managed by workflow tools that maintain audit records of changes.
• Access restrictions in management interfaces and support channels: SolarWinds employees are granted a limited set of default permissions to access company resources, such as their email, and the corporate intranet. Employees are granted access to certain additional resources based on their specific job function. Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives, as defined by our security guidelines. Approvals are managed by workflow tools that maintain audit records of changes.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: The solution has been created under the SolarWinds Secure by Design framework, where security is at the forefront of the application design, build and implementation function. The application includes a number of elements associated with security and governance, including user access control, integration to authentication platforms such as AD/SAML, internal auditing and logging. (placeholder)
• Information security policies and processes: Prosperon Networks has company policies in place for Data & Information Loggin, Data Breach, Business Continuity and Disaster Recovery.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Prosperon as a SolarWinds reseller shares with you the SolarWinds Security Statement regarding Change Management, below, which can also be found here:; https://www.solarwinds.com/security/security-statement.; ; SolarWinds maintains a change management process to ensure that all changes made to the production environment are applied in a deliberate manner.; ; Changes to information systems, network devices, and other system components, and physical and environment changes are monitored and controlled through a formal change control process. Changes are reviewed, approved, tested and monitored post-implementation to ensure that the expected changes are operating as intended.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Prosperon as a SolarWinds reseller shares with you the SolarWinds Security Statement regarding Vulnerability Management, below, which can also be found here:; https://www.solarwinds.com/security/security-statement.; ; Security assessments are done to identify vulnerabilities and to determine the effectiveness of the patch management program. Each vulnerability is reviewed to determine if it is applicable, ranked based on risk, and assigned to the appropriate team for remediation.; ; To read more about SolarWinds Vulnerability Disclosure Policy, visit this link: https://www.solarwinds.com/information-security/vulnerability-disclosure-policy
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Prosperon as a SolarWinds reseller shares the below statement regarding protective monitoring, which is defined within their Security Statement, which can be found here: https://www.solarwinds.com/security/security-statement; ; SolarWinds follows the NIST Cybersecurity Framework with layered security controls to help identify, prevent, detect, and respond to security incidents. The information security manager is also responsible for tracking incidents, vulnerability assessments, threat mitigation, and risk management.
• Incident management type: Supplier-defined controls
• Incident management approach: Prosperon as a SolarWinds reseller shares with you the SolarWinds Security Statement regarding Change Management, below, which can also be found here: https://www.solarwinds.com/security/security-statement; ; SolarWinds has a formalized incident response plan (Incident Response Plan) and associated procedures in case of an information security incident. The Incident Response Plan defines the responsibilities of key personnel and identifies processes and procedures for notification. Incident response personnel are trained, and execution of the incident response plan is tested periodically.; ; An incident response team is responsible for providing an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Prosperon Networks we are committed to reducing our impact on the environment. As many of our colleagues work remotely we are able to reduce pollution and emissions from travel in our everyday activities. We have introduced an Electric Car Scheme and a Cycle to Work Scheme employee benefits to encourage employees to make more environmentally sustainable transport choices. We regularly host webinars so that our customers can learn about our latest products, services and industry insights without having to travel by train or flight for an in-person conference – this also makes our updates and industry insights more accessible for all of our customers. For colleagues who work in the office, we engage in car-sharing to minimise our environmental impact. As well as recycling and taking a responsible approach to our use of energy resources, we will also support Environment Day on promote this internally, reinforcing the positive steps we can all take within our organisation to be environmentally responsible. Additionally, we support our employees in taking a day of paid leave to engage in environmentally positive activities; for example litter picking and tree planting in a bid to offset our carbon footprint.

  Covid-19 recovery

  Throughout the peak of the Covid-19 pandemic, our teams had been working remotely to keep them safe and avoid spreading the virus unnecessarily. Our office has now reopened in Worthing with a hybrid structure (between onsite and remotely). Onsite, our employees' working areas have been fitted with Acrylic protective screens between desks, and sanitising stations have been set up around the office.

  Tackling economic inequality

  We are committed to working with small, diverse, high-quality suppliers is an important aspect of our procurement vision. Prosperon Networks is a member of Worthing Chambers of Commerce that works with and develops small, minority-owned businesses. Our team is always looking for small and diverse suppliers that can deliver creative, high-quality products and services. Prosperon Networks offers a growing number of local apprenticeship opportunities to sharpen their skills and find their place in the professional world. We are an accredited Living Wage Employer, and as part of that commitment we ensure that our suppliers meet this standard too. We have policies on anti-modern slavery in order to raise awareness of socio-economic inequalities.

  Equal opportunity

  Prosperon Networks are committed to treating all its employees and job applicants equally, and an equal opportunity policy is in place. The Policy aims to avoid unlawful discrimination in all aspects of employment including; recruitment and selection, promotion, transfer, opportunities for training, pay and benefits, other terms of employment, discipline, selection for redundancy and dismissal. At Prosperon Networks, we champion diversity and inclusion. We embrace different perspectives and give everyone the chance to be the best that they can be, enabling us to think and operate in new, creative ways that grow and enhance our business. We are committed to raising the profile of diversity in our workplace. We are an accredited Disability Confident Employer, and we are part of the Mindful Employer Network. We hold annual Diversity Training for our team to raise the profile of diversity issues and specific non bias training for people managers and recruiters. Prosperon employees have boundless opportunities to learn, develop, succeed and thrive in a culture that cherishes individuality, regardless of race, gender, sexual orientation, disability or age. We champion teamwork and collaboration and support enablement and inclusivity across our team.

  Wellbeing

  We prioritise employee wellness through a comprehensive support system. We provide private medical insurance to ensure our team members have access to quality healthcare when needed. Additionally, our employee assistance program offers confidential counselling and support for personal and professional challenges. A wellness platform is available, offering guidance on nutrition, stress management, and access to valuable resources. We have two trained Mental Health First Aiders on staff to provide immediate support and guidance in mental health crises. Annually, we engage in a wellbeing initiative, such as a walking challenge, to promote physical activity and team camaraderie. As a mindful employer, we are committed to addressing stress in the workplace and fostering a culture of support. We offer flexible working arrangements to promote a healthy work-life balance for our employees. Through these initiatives, we aim to create a workplace environment where employees can thrive both personally and professionally.

Pricing

• Price: £2,837 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Fully functional license with a 30 day trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at carol.sanchez@prosperon.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.