Top Reasons Why SIEMs Are Considered Expensive
SIEM (Security Information and Event Management) systems have a reputation for being expensive. And that’s generally correct – they can cost hundreds of thousands per year or have huge upfront costs. But why is that? There are several main reasons:
SIEMs used to be sold to large enterprises
If the sales cycle of a SIEM provider is two years and involves many touchpoints with dozens of departments, lengthy meetings, multi-level approvals, and security screenings, this cost has to be added to the price of the solution. Add to that the complexity of deployment and support for a large organization – the cost of all pre-sales, sales, and customer success employees has to be covered by the deal.
SIEM Sales used to be done with “playing golf and lobster lunches”
That’s in part a function of the first point, but it’s a separate point. Vendors and their large partners had to have a personal connection with the buyer. When that’s the case, and the buyer is large enough, the “tiny details” of getting value, covering actual use-cases and needs, and being useful to the tech teams comes second. When a sale is done this way, the price tag matters less, and so vendors and their partners pushed as high as they can.
SIEMs used to be priced by unpredictable metrics
Log volume sounds logical at first, but when you hit reality, it’s really unpredictable. Getting a quote is a small project itself, requiring estimation from multiple teams. Then this figure changes gradually or dramatically due to increased load or configuration changes. At some point managers realize their SIEM is costing much more than initially planned.
SIEMs require large security teams
Having a SIEM is one thing, but the cost of people using it is a separate story – security analysts are hard to find and expensive. That’s why the total cost of ownership goes beyond the license or subscription fees. If internal resources are scarce, and they often are, companies turn to managed security service providers (MSSPs) that have years of experience with a particular SIEM, but their costs are often premium as well.
All of this is changing. According to Gartner, SIEMs are going to the mid-market and these things don’t hold true there. Budget and value-conscious buyers won’t just pour money into a solution if they don’t fully understand it, and once they have realized the need, they don’t want it to be a two-year (or worse – never-ending) project. Smaller companies (below a few thousand employees) are more flexible and therefore vendors have to offer more predictable and affordable pricing.
Vendors also have to offer technical excellence, not just flashy datasheets. In many cases, it may boil down to a few essential features that allow the enterprise to get the most value out of the SIEM. It could be support for a particular application or set of applications, cloud support, or the ability to protect the secrecy of the logs using end-to-end encryption.
How To Have a SIEM Solution at Affordable Cost?
The problem with the total cost of ownership and the shortage of security analysts must also be addressed by vendors by a combination of approaches – predictable pricing models, simple to use the tool, few false positives, and a managed service option.
Is LogSentinel SIEM Affordable?
We at LogSentinel offer all of the above in a serious attempt to bring SIEM to every organization out there. Information security is no longer just for the large enterprise that can afford six-digit deals after a day on the golf course.
LogSentinel’s SIEM Pricing Model is based solely on the number of active users, which makes the price predictable and affordable for any organization.
With LogSentinel, you will be able to unlock the following capabilities, regardless of the plan you pay for:
- Collect logs and events
- Real-time correlation rules
- Real-time analytics and machine learning
- Historical analytics and machine learning
- Long-term event storage
- Search and reporting on normalized data
- Search and reporting on raw data
- Investion of context and application data
- Log integrity and non-repudiation
- End-to-end log searchable encryption
- Open APIs and extensibility
- Attack vector-specific alerting
Learn more about how we differ from other offerings here.
We believe that SIEM doesn’t have to be the big, scary project that you pour money into just to get a few forensic investigations a year – it should match an organization’s security budget and provide value, not a burden.
Interested in a SIEM Solution that combines log management, behaviour analytics (UEBA), threat detection, and incident response into a complete security monitoring platform? Talk to us today!


Bozhidar Bozhanov is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency, and information security.