While SIEM solutions can be great tools for detection of threats, they are not the right fit for everyone, as noted in Dark Reading’s “7 SIEM Situations That Can Sack Security Teams” article.  This is especially true for the SMB and mid-market organizations who don’t have the resources needed for a successful SIEM deployment.

How do you calculate the true cost of a SIEM?  The first step is to realize that it is not simply the price quoted for the solution itself.  This is one of the mistakes that many organizations fall into – they have $50,000 budget and spend it all on a tool.  To calculate the true cost of a SIEM, you must also consider:

  • Implementation – What is the vendor quoting for implementation costs, and does their standard implementation include everything you need to meet your organizations objectives?  Even if you are able to deploy with internal resources, there is still a resource cost to consider.
  • Training – How will your staff be trained to use the tool?  Is the training a one-time project?  What are the costs to retrain as staff changes?
  • Staffing – It takes a minimum of 2 full-time staff to manage and monitor a SIEM tool, typically minimum of 3 to cover monitoring 24/7/365.  What will it cost you to to add resources who know the tool, can investigate and rule out false positives, and can provide at least initial response for incidents?
  • Ongoing costs – These vary by solution, but can include ongoing tuning, licensing, upgrades, increased bandwidth fees, and even depreciation of the asset.

If your organization is not able to commit the resources above, a Managed Security Service Provider (MSSP) may be your answer.  MSSPs offload much of the implementation and ongoing resources needed, and can typically have a solution up and running within 60 days.

Finally, consider the need for security analytics and threat intelligence, and you may indeed find that an MSSP provides better protection.