Woman standing in the middle of virtual SIEM metrics and dashboards

43% Of Security Practitioners Believe They Are Overpaying for Their SIEM

Anyone that spends much time talking with security professionals about what keeps them up at night soon learns that one of those things is the spiraling costs of implementing and supporting their SIEM solution. The initial acquisition costs are high, the ongoing costs are high, and they are too expensive to swap out once invested in a solution.

Reflecting this growing concern, the State of SIEM 2021 from Panther Labs reports that 43% of IT security professionals surveyed believe they are paying too much for their current SIEM solution relative to the system’s capabilities and the value it brings the organization. No one appreciates paying too much, and when nearly half of the users of a given technology feel taken advantage of by their providers, it’s time for a change.

The traditional SIEM model is ripe for a makeover. Data volumes have increased exponentially, yet antiquated pricing models remain the same. The limitation of using an outdated cost structure applied to cloud-scale data volumes creates a situation where security teams are under pressure to stay below price plan limits by picking and choosing the log data they will monitor. This is called guessing. Guessing what data will contain indications to warn against the threats they face—guessing is not acceptable with security.

Another way businesses are paying too much for their SIEM solution stems from the lack of flexibility and customization afforded by traditional SIEMs. When it is challenging to write custom detections, teams find it nearly impossible to reduce noise and are left to manage what can feel like a tsunami of alerts. Noise is expensive.

Teams faced with too many spurious alerts suffer from alert fatigue, and their effectiveness falls dramatically. The organization can either hire more personnel to validate signals, accept the additional risk created by alert fatigue, or redirect professionals that should be investigating validated alerts. Hiring more people to manually verify false alerts or endure additional risks are unacceptable and unnecessary solutions.

The Panther report found that less than 20% of IT security professionals believe their current SIEM solution provides value that exceeds the cost. This fact is a strong indication that traditional SIEM solutions no longer meet their intended purpose. While these on-prem log monitoring platforms of yesteryear were the best we could do as an industry when they were devised, they are not sufficient for the speed and scale of cloud-native infrastructure.

Today’s modern computing environments require a SIEM solution that provides detection-as-code to enable teams to quickly and efficiently deploy detections to address their ever-changing threatscape. The flexibility to easily customize alert parameters means that a smaller security team can accomplish much more without compromising security.

Analysts need visibility into all the relevant data to eliminate guessing where clues to current threats are hiding. A robust security data lake enables this 360° view of relevant data and facilitates meaningful investigations.

Scalability without operational overhead is critical for the demands of protecting cloud-based infrastructures. Whether your business is somewhere along the digital transformation path or was born into a cloud-native environment, find a SIEM solution that does not limit your detection and remediation abilities.

 

Staff Correspondent at CPO Magazine