Dark Reading published the 7 SIEM Situations That Can Sack Security Teams, and it highlights many of the reasons why we developed our ProVision solution as another option to address these challenges.
#1 – SIEM expenses are more than expected. As noted in the article, many teams budget for the cost of the solution, but greatly underestimate the cost of the implementation and ongoing resources. In other cases, billing by usage (bandwidth, events per second, change requests) can also be major budget-busters.
Solution: Foresite’s quotes include licensing of our proprietary tool, onboarding, and ongoing support and tuning. No usage or per event or change request fees. The annual service cost is consistent throughout the term of the agreement.
#2 – Configuration is complex. Organizations typically spend as much on the implementation as the cost of the solution.
Solution: Our ability to leverage a client’s virtual machines, minimal licensing costs, and very competitive onboarding fees make ProVision a much lower cost of entry.
#3 – Staffing costs are higher than expected. Now that you have a SIEM solution, you need add least one dedicated person with the skills to manage it.
Solution: Foresite’s SOC team assigns a Technical Account Manager (TAM) who handles ongoing management and tuning of ProVision, taking this burden off the client.
#4 – SIEMs Generate Noise – More than half of users complain about too much noise from the SIEM.
Solution: ProVision is not only a tool, but a solution that includes our Security Operations Center (SOC) team. The SOC team reviews all events generated by the logs and business rules to eliminate the noise for the client. The TAM makes sure the rules are updated to tune out false positives where appropriate.
#5 – Lack of Visibility. It’s important to include the logs where critical data is handled, such as servers, firewalls, and endpoints. This can be difficult with manufacturer’s solutions that only accept feeds from their own devices.
Solution: ProVision is vendor agnostic. We help clients determine which feeds we need during scoping, and can include feeds from a variety of leading manufacturer’s devices and endpoint solutions.
#6 – More Long-Term Storage Needed. Compliances may require logs to be stored for years. SIEM solutions often can only store 30-60 days worth.
Solution: ProVision can be configured to store logs for any amount of time, either locally or in our secure cloud archives.
#7 – Task Automation is Often Missing. While most users would love to leverage the SIEM to automate responses to events and for event correlation, it’s not included in most SIEM solutions today.
Solution: When automation is not practical, Foresite’s SOC team is providing responses for managed clients and event correlation is handled by a combination of our customized parsers and our threat intelligence team.