Many people, when reviewing their security strategy, ask the question “is SIEM suitable for my organization”, or simply “is SIEM right for me?”
And for a long time, the answer was “no unless you are a large multinational”. The price, the complexity and the hard-to-get value made SIEM a category suitable only for the big corporations with large security teams and budgets. And there are three reasons why people think SIEM is not suitable for their organization:
- It’s too expensive – tens or hundreds of thousands of dollars, and that may change significantly when you flip a configuration switch on a couple of your monitored systems or appliances.
- It requires a big, experienced security team – if you are reading the data sheets and watching the demos if there aren’t several people to monitor, respond, hunt threats, configure and reconfigure the SIEM and its rules on a daily basis, you are not using it right. SIEMs are complex and require trained teams.
- We don’t yet have the scale to get value out of SIEM – SIEM brings more value if you connect more systems, across which you can correlate events. Also, having more systems makes it much harder for casual, semi-manual monitoring which is okay if you have a very small number and therefore large organizations are the ones that can extract value.
While these used to be correct, that’s no longer the case. LogSentinel SIEM is one example of a SIEM that’s suitable for organizations of any size
- It’s affordable and tailored to each organization’s size – we price per active user, with no lower bound, which means that any organization will easily get a fair quote. We previously answered the question “Why are SIEMs expensive” and why they no longer have to be – we don’t have to play golf with CISOs to get a deal, nor our salespeople need gold watches, and that’s reflected in the price.
- Simple to use alone or with a managed service – we have customers where only one or two people are responsible for security monitoring. And they are not even security analysts, but rather general sysadmins. Because of the simplicity of our product, they are able to manage it, to monitor it daily, and handle any alerts it generates. Most organizations have that IT person that’s knowledgeable and would like a helping hand with the tools, instead of having to stitch together a security monitoring solution that the next person to join the team will have a hard time getting up to speed with. Even if that person is too busy, a lightweight managed service can be used to outsource some of the work (and we offer one).
- Connecting just a few systems gives value – for security, for visibility, for threat detection and for compliance. Connect your ActiveDirectory, Office365, web server and firewall and you already get good value out of a tool like LogSentinel SIEM. You get notified on brute force login attempts, suspicious file management operations, malicious IPs trying to breach your website and internal network. You get reports of that activity and the ability to proactively find threats in the historical data. And you are almost automatically compliant with several standards and regulations, because “they are said to require a SIEM”. If that doesn’t cost tens of thousands of dollars a year, it’s pretty good value from a security standpoint.
SIEM is no longer the behemoth that your organization is too small for. Especially with the rising number of threats and breaches for SMEs, any organization with “an IT person” can afford and get value out of a SIEM. We at LogSentinel bring those options to the table.
Bozhidar Bozhanov is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency, and information security.