Budgeting for SIEM solutions

It is an unfortunate fact that the more an organization is worth, the greater a target it becomes for cybercriminals. Shrewd cyber adversaries focus on what is happening in the business world and often target companies with growing revenue, positive net income, and a large number of employees. Prospering organizations are at greater risk of facing a cyberattack; so they need to deploy the right security solutions.

Chief information security officers face the challenge of defending their organization against cyberattacks. When it comes time to select a security solution, they have the added difficulty of keeping an eye on their budget. Many organizations deploy security information and event management (SIEM) solutions to protect themselves from attacks. These tools are usually priced based on the volume of log data, which is one reason why IT security expenses often exceed their budgets. To stay within budget, some companies cap the volume of log data that is processed and analyzed by their SIEM tool; however, this isn’t a good strategy because an organization could unknowingly leave out important data. During a security breach, the very data that an organization chose to exclude from its SIEM tool could be the only clue available for finding a strategy to defend against the cyberattack. Organizations need to process and analyze all their log data through SIEM tool for optimal incident management and detection, as well as to meet compliance regulations.

The market for SIEM has two subscription models. For a long time, vendors have offered the usage-based model. Clients pay based on the number of alerts or reports, log storage size, or speed of log analysis. There is also a special usage-based pricing model that only takes into account the number of log sources. The usage-based model makes the cost of operating a SIEM solution highly unpredictable each year; however, the special usage-based model is very cost-effective. The second type of pricing model is the user-based model under which clients pay according to the number of users every year.

User-based pricing does not guarantee any more predictability than usage-based pricing, since employee head count is likely to increase with the growth of the business. It is better to choose special usage-based pricing because it allows an organization to ingest logs from disparate sources while keeping costs down. Furthermore, it is preferred over the usage-based model since it is unaffected by any increase in the number of users as an organization grows.

How does an organization budget for a SIEM solution? The first step is to understand that it is not just the expense of the software itself. There are other factors for determining the true cost of a SIEM solution:

  1. Installation and implementation costs:

    Organizations should gain clarity on the vendor’s installation costs and make sure the vendor's standards meet all their requirements. If the organization ends up deploying internal resources during implementation, it should ensure these are accounted for as a resource cost.

  2. People:

    Organizations need to also calculate the possible additional personnel cost for one or more employees dedicated to monitoring the SIEM tool.

  3. Training:

    Before selecting a SIEM tool, organizations need to consider the amount of training required. Training may be required on a regular basis for both existing and new employees.

  4. Miscellaneous:

    Other factors could add to the cost of a SIEM tool, like upgrades, increased data usage fees, and licenses.

Depending on the size and nature of the data an organization deals with, in-house security facilities might be ntsufficie for storing data. Organizations also need to evaluate the pros and cons of going with a managed security services provider (MSSP) versus handling security themselves. To make this decision, a few other factors need to be considered:

  1. Cost distribution: Most organizations choose strategies that are tax-friendly and value operating expenses over capital expenses.

  2. Control: An organization should choose service providers that provide transparent SIEM operations, plus clearly defined roles and processes.

These factors are not exhaustive; an organization may need to consider other criteria while calculating the cost of deploying a SIEM solution or choosing to go with an MSSP.

An organization's decision should not be based on costs alone. Improving the security posture of the organization must be the top priority. At the end of the day, it is not just financial loss that’s at stake, but also the company’s reputation, customer trust, and market value.

Related infographics

 
×

Thank you. A copy of the infographic will be sent to your inbox.

  • Please enter your name.
  • Please enter business email only.
    Please enter business email address
  • By clicking 'Download Infographic', you agree to processing of personal data according to the Privacy Policy.

Change the way you manage security.

Defend against sophisticated threats.

Get started with Log360 UEBA.

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.