Today, cyber security professionals are fighting on multiple fronts. This has in turn engendered a marketplace full of hundreds of point products, each aimed at fulfilling different security objectives.
Once deployed, security products create enormous swathes of data about what is happening around them. However, because they are often not interoperable, the upshot is that security professionals find themselves switching from one solution to the other to analyse, troubleshoot and patch their IT infrastructure. On a day-to-day basis this is a far from ideal situation, in the midst of an attack it is a nightmare.
Cyber threats are also becoming far more sophisticated. Social engineering techniques and Zero Day vulnerabilities have complicated the job of cyber security professionals even further.
Security Information and Event Management (SIEM) tools were created to try to rectify some of these problems by creating a single pane of glass view of a company’s IT infrastructure. The benefits are clear, by aggregating all of the data created by the solutions in a business’ security stack, SIEM expediates the detection of anomalies and response to them.
Counting the costs
However, aggregating data will only get businesses so far if they don’t have access to the specialist security expertise needed to act upon the insights. This is a major challenge, given that security skills are some of the most sought after across the technology industry, driving wages up and pricing many businesses out of being able to afford them.
The cost of deploying SIEM solutions has also been a barrier to entry. In order to work, SIEM solutions need to be configured. Doing so is time consuming, making it a costly undertaking regardless of whether a business is doing it in house or if a Managed Service Provider (MSP) is doing it for them.
Finally, consumption-rate-based pricing models, such as events per second, have also meant that the cost of running SIEM solutions can spiral if a business comes under a sustained attack. Faced with this dilemma, CEOs, finance and IT decision makers have to choose between only protecting specific parts of their infrastructure, take the risk that it won’t happen to them and hope they avoid a colossal bill, or simply not deploy SIEM even though they may need it.
This is the modern world
Thanks to the factors above, SIEM has largely been the preserve of the enterprise; even as many small and medium size businesses find themselves in the crosshairs of cybercriminals looking to exploit digitally transformed businesses with larger attack surfaces.
Fortunately, this is beginning to change thanks to a new generation of feature rich modern SIEM products that have opened up these capabilities to SMBs. Solutions such as LogPoint have come onto the market with predictable pricing dictated by node-based licenses, making them far more affordable for businesses of all sizes. Coupled with detection and response features powered by machine learning, the alert prioritisation offered by this new breed of SIEM solutions also helps smaller businesses’ limited IT / security personnel prioritise the anomalies they deal with first.
The benefits of such features also carry over into opportunities for the channel. Predictable costs mean that Managed Service Providers can be consistent in their billing of customers month-by-month, removing complexity and uncertainty from the process. Market support provided by the new SIEM vendors means that MSPs have access to the resources they need to train their security and sales staff. Finally, features such as intelligent threat alert prioritisation mean that MSP’s security analysts can service their customer’s needs as efficiently as possible, ensuring that everyone gets the greatest return on their investment.
With the availability of these features, MSPs and MSSPs are now beginning to leverage these new solutions for SIEM-as-a-Service offerings, with an emphasis on targeting the SMB market.
We are beginning to see some of the MSP community add SIEM-as-a-Service to their portfolio to take advantage of the opportunities and certainly expect this trend to continue. After all, the demand for such an offer is certainly there when you consider the increased threat to SMBs and the shortage of affordable security skills in the marketplace. For those considering leveraging these capabilities, my advice would be to join the race before it has been run.