This was mine, although focused on our needs that I'm sure are different than yours:
Ø Similar to our current product, the LEM enforces security via automated rules and alerts, but with more ease of use allowing the administration of these alerts to be shared among more admins.
Ø LEM is a virtual appliance running on VMWare and conserving resources.
Ø No real limit to data retention. Existing system only holds data for 90 days.
Ø Central repository for IT infrastructure data mining for the entire company providing a single location for troubleshooting and research within Orion.
Ø Infosec has active interest in also using this system for worm detection, “out-of-box” responses, report and data correlating capabilities. This will provide InfoSec with the data needed to research rouge users, VPN usage including contractor’s time in and out along with security features that are not available to us today.
Ø LEM provides “Active Responses” that take actions such as quarantining infected machines, blocking IP addresses. This will take our anti-virus to the next step by preventing an infected machine from infecting others.
Ø Advanced IT search capability makes it easy to discover issues using a drag and drop interface that tracks events instantly.
Ø More than 300 "audit-proven" templates for regulatory compliance including: PCI DSS, GLBA, SOX, NERC CIP, HIPAA. Although this is not needed today, following these procedures can enhance our processes in a similar way that ITIL enhances our procedures.
LEM will eliminate the need for us to spend time creating scripts and queries in order to access the data, as we do today with LogLogic. We have built over 100 custom scripts