Back to blog results

July 25, 2019 By Sridhar Karnam

To SIEM or not to SIEM?


Not investing in Security Incident and Event Management solutions means you’re missing out on significant business benefits. SIEM detects and responds to security incidents in real time, which reduces the risk of noncompliance. It also helps realize greater value across all underlying security technology and systems. Reporting with SIEM is more comprehensive and less time-intensive, helping to reduce capital and operational costs through consolidation. These are all important for any business that aims to stay on top of the market game.

Why invest in SIEM?

SIEM systems are not a novelty, but remain one of the most effective security solutions an organization can invest in, especially when looking for new ways to enhance operations and security.

SIEM gives organizations a big picture view of all security events and incidents, dramatically increasing their ability to neutralize or prevent cyber attacks. The system brings together security data logs from enterprise security controls, host operating systems, applications and other software components, then analyzes these to identify threats, compromises and attacks. SIEM can identify malicious activity across an entire organization, which gives it a great advantage over single host solutions.

Once a threat is detected, the system reacts immediately to protect the network from being compromised. In such a case, SIEM communicates with other security controls within the network and flags the threat for them, ensuring it is addressed and neutralized in a timely manner. In this way, not only does SIEM reduce the cost of breaches, but also gives you a chance to prevent damage.

What’s more, SIEM gives you a significant reporting advantage. By collecting and storing logs centrally produces comprehensive reports on the state of the entire network. Security architects would understand how much value it brings, given that individual software tools generate reports on their designated tasks. Collecting logs from multiple devices across different networks gives your staff an opportunity to analyze them and identify potential issues more easily, increasing operational efficiency.

Finally, implementing SIEM will ensure you respect the rules and regulations of IT compliance, which requires monitoring and reporting on threats. There are several federal, state and local regulations dictating how the data is handled and stored, and these vary by industry. Some regulations that require compliance reports are the Sarbanes-Oxley (SOX) Act, the Federal Information Security Modernization Act (FISMA), the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance and Portability Accountability Act (HIPAA), the Family Educational and Rights Privacy Act (FERPA) and ISO 27001.

SIEM systems not only streamline your compliance reporting, but they can also check whether your organization is in compliance with relevant regulations and indicate areas where improvement is needed. SIEM may thus help you avoid fines or other consequences a business may face when failing to comply with these regulations.

What are the risks with SIEM?

With SIEM, you can monitor and report on security threats as they happen and respond to them before they wreak havoc across your clients’ systems and networks. There are several challenges to SIEM that counter these priceless benefits, however. To begin with, the system needs to be implemented and that usually takes a long time. 40% of CIOs interviewed in one study reported that deployment required six months or more.

To make matters worse, deploying SIEM is very expensive; not only does the infrastructure incur significant costs, but it also imposes significant personnel costs before it even starts delivering security. Deploying SIEM means facing a long onboarding process before the system is fully operational. This also means the bill increases.

But it doesn’t end here. There is a substantial risk of deployment failure, and should that happen, it will cost you a lot. A failed enterprise-scale deployment is the second biggest expense out there, right after a major data breach. You need to have a significant financial buffer if you decide to implement this system on your network.

Finally, because of the above reasons, SIEM is not a good fit for every organization and choosing the best solution for your business is a serious challenge. On-site SIEM tools, for instance, are convenient to have as they offer direct control, but they may be difficult to scale as the business continues to expand. SIEM also requires an additional infrastructure investment, which means enterprises would eventually need to update those assets as they become outdated. This solution is thus not the best option for small and medium enterprises with a limited budget and the ambition to scale, unless they want to spend a large portion of their revenue on maintenance and amortization.

Why SIEM-as-a-Service is your best option?

SIEM can be consumed in a number of ways, including as a managed service, co-managed SIEM or managed Detection and Response (MDR) third-party service, so it is likely that any organization will be able to find a good fit for itself. There is also a public cloud-based SIEM service, and at Sumo Logic, we are convinced that this solution is much better than the alternatives and will meet the needs of any business.

Since SIEM can be conveniently accessed as a service via the cloud, it’s a better option than investing in a prolonged and costly installation that does not guarantee the system will be fully operational. With SIEM-as-a-Service you get all the necessary capabilities up and running in a shorter timeframe. Opting for this solution is going to generate financial savings that you will be able to invest in other areas of your business.

What’s more, SIEM-as-a-Service is the perfect solution for MSPs as it offers the possibility to scale conveniently when needed, ensuring they stay on top of their capabilities at all times.

Cloud SIEM with multitenant architecture gives you all the advantages we mentioned earlier: response capabilities, compliance requirements, comprehensive reporting, improved efficiency and a comprehensive view of threats and incidents. It is also the best way to overcome all the challenges of on-site SIEM, including prolonged and risky deployment, costs of installation, maintenance and related personnel cost and challenging scalability.

Cloud SIEM is much faster and easier to deploy, easier to use and much cheaper. Deployment and maintenance are passed onto the third-party vendor and their cybersecurity specialists, which allows you to enjoy significant cost savings.

As a consolidated tool, SIEM-as-a-Service allows you to manage cloud and microservices easily. You can easily tackle new cases and analyze new sources, while third-party security specialists monitor the network 24/7. With this solution, you can finally manage security, not the tool, in a self-service model.

Make sure the SIEM system you’re using has a built-in data lake and you will gain another security advantage. The flat architecture of a data lake will allow for making new data associations, which will provide additional, new insights for your security teams.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sridhar Karnam

Sridhar Karnam

More posts by Sridhar Karnam.

People who read this also enjoyed