Top Reasons Why SIEMs Are Considered Expensive
SIEM (Security Information and Event Management) systems have a reputation for being expensive. And that’s generally correct – they can cost hundreds of thousands per year or have huge upfront costs. But why is that? There are several main reasons:
- They used to be sold to large enterprises. If the sales cycle of a SIEM provider is two years and involves many touchpoints with dozens of departments, lengthy meetings, multi-level approvals, and security screenings, this cost has to be added to the price of the solution. Add to that the complexity of deployment and support for a large organization – the cost of all pre-sales, sales, and customer success employees has to be covered by the deal.
- Sales used to be done with “playing golf and lobster lunches”. That’s in part a function of the first point, but it’s a separate point. Vendors and their large partners had to have a personal connection with the buyer. When that’s the case, and the buyer is large enough, the “tiny details” of getting value, covering actual use-cases and needs, and being useful to the tech teams comes second. When a sale is done this way, the price tag matters less, and so vendors and their partners pushed as high as they can.
- They used to be priced by unpredictable metrics. Log volume sounds logical at first, but when you hit the reality, it’s really unpredictable. Getting a quote is a small project itself, requiring estimation from multiple teams. Then this figure changes gradually or dramatically due to increased load or configuration changes. At some point managers realize their SIEM is costing much more than initially planned.
- They require large security teams. Having a SIEM is one thing, but the cost of people using it is a separate story – security analysts are hard to find and expensive. That’s why the total cost of ownership goes beyond the license or subscription fees. If internal resources are scarce, and they often are, companies turn to managed security service providers (MSSPs) that have years of experience with a particular SIEM, but their costs are often premium as well.
All of this is changing. According to Gartner, SIEMs are going to the mid-market and these things don’t hold true there. Budget and value-conscious buyers won’t just pour money into a solution if they don’t fully understand it, and once they have realized the need, they don’t want it to be a two-year (or worse – never-ending) project. Smaller companies (below a few thousand employees) are more flexible and therefore vendors have to offer more predictable and affordable pricing.
Vendors also have to offer technical excellence, not just flashy datasheets. In many cases, it may boil down to a few essential features that allow the enterprise to get the most value out of the SIEM. It could be support for a particular application or set of applications, cloud support, or the ability to protect the secrecy of the logs using end-to-end encryption.
The problem with the total cost of ownership and the shortage of security analysts must also be addressed by vendors by a combination of approaches – predictable pricing models, simple to use the tool, few false positives, and a managed service option.
How To Have a SIEM Solution at Affordable Cost?
We at LogSentinel offer all of the above in a serious attempt to bring SIEM to every organization out there. Information security is no longer just for the large enterprise that can afford six-digit deals after a day on the golf course.
With LogSentinel, you will be able to unlock the following capabilities:
- Collect logs and events
- Real-time correlation rules
- Real-time analytics and machine learning
- Historical analytics and machine learning
- Long-term event storage
- Search and reporting on normalized data
- Search and reporting on raw data
- Investion of context and application data
- Log integrity and non-repudiation
- End-to-end log searchable encryption
- Open APIs and extensibility
- Attack vector-specific alerting
We believe that SIEM doesn’t have to be the big, scary project that you pour money into just to get a few forensic investigations a year – it should match an organization’s security budget and provide value, not a burden.
Interested in a SIEM Solution that combines log management, behavior analytics (UEBA), threat detection, and incident response into a complete security monitoring platform? Talk to us today!
Bozhidar Bozhanov is co-founder and the CEO at LogSentinel. He is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency and information security.