The SIEM Cost Problem is Getting Worse – Why Does a SIEM Cost So Much?

Providing real-time analysis of security events generated by network assets like servers, network devices, and domain controllers, security information and event management (SIEM) tools enable companies to detect threats that may otherwise slip through the cracks. But ask a security manager what they most dislike about SIEM tools, and they will probably respond with “cost.”

SIEMs have always come with a steep price tag. What’s changed lately is that SIEM costs are coming into sharper focus. In a recent survey of 248 tech decision-makers, the security firm Lokker discovered that over two-thirds of respondents now perceive SIEM pricing as a serious issue. Even so, SIEM is still popular and is seen by many firms as a “crucial” technology for “managing cyber threats.” In that same Lokker survey, almost two-thirds of companies said they have a SIEM and use it mostly for faster threat detection.

Paying an exorbitant price for a SIEM—even a so-called next-gen one—is making less and less sense. In a 2021 study by Panther Labs, more than 40% of IT security professionals said they’re overpaying for their SIEM with respect to its capabilities.

Finding ways to overcome SIEM limitations by improving mean time to detect (MTTD) and mean time to respond (MTTR) is becoming a priority for companies and is where solutions like SenseOn excel. Suitable for both SMBs and large enterprises, SenseOn uses AI to deliver a lower cost and more effective SIEM alternative.

Next-Gen SIEMs Are Not Cutting Costs

Security has never been more important, but with the economic environment getting more volatile, no firm can sustain investments that don’t make financial sense. Unfortunately, with SIEMs, many have no choice. Over a quarter of decision-makers in the Lokker survey said they are spending significantly more on their SIEM than they would like to. Compare that to the less than 1 in 10 (6%) decision-makers who think that the price their SIEM provider is charging them is fair.

Surely next-gen, cloud-based SIEMs should be more affordable? After all, solutions in this category promise to reduce many of the costs associated with a traditional SIEM, i.e., support, threat intelligence feeds, training, and staff time. Unfortunately, that is not the case.

The Panther Labs study, which found that nearly 1 in 2 IT professionals feel like they’re overpaying for their SIEM product, shows that although most respondents have moved on from legacy SIEMs, they’re still struggling to get value for money. While just over 20% of companies surveyed said they use commercial on-premises SIEMs like Splunk, 30% said they use SaaS SIEMs such as Sumo Logic, and nearly 15% use cloud provider solutions like Azure Sentinel or Chronicle.

Cloud-based and/or SaaS SIEMs can come with significant cost savings. For example, organisations that deploy these types of SIEMs can reduce expenses associated with infrastructure (servers, storage, physical space for data centres, energy, etc.), software maintenance, upgrading, patching, and downtime.

However, when you take into account subscription fees plus cloud storage and vendor-based SIEM management, i.e., costs associated with next-gen SIEMs, the overall cost of cloud SIEM deployment can be very similar to that of on-premise solutions.

Why SIEM Fails to Deliver Cybersecurity ROI

SIEM solutions may be expensive, but this would not be as much of a problem if they delivered the kind of protection they promised. As evidenced by the soaring number of successful cyber attacks impacting organisations, many of which have SIEM solutions in place, that is not so. Even next-gen SIEM tools that can correlate disparate events across an organisation’s environment and use automation to immediately respond to security incidents suffer from a lack of visibility, absence of effective rules, and too many alerts.

For instance, recent research by CardinalOps found that:

The vast majority of out-of-the-box default rules (78%) provided by SIEM vendors are disabled by organisations that don’t have the time to tune and customise them to stay abreast with emerging cyber threats.
One-quarter of the rules in a typical SIEM are broken and will never fire, but security professionals are unaware of this.
The average SIEM has rules associated with just 16% of MITRE ATT&CK techniques. This means that most SIEM configurations miss 84% of the techniques associated with ATT&CK, a framework that documents the latest attack techniques used by cybercriminals in the wild.

These and other SIEM shortcomings don’t just lead to security professionals feeling increasingly frustrated. They are also putting organisations at serious risk. With the average cyber attack now costing companies £4,200, firms that gain a false sense of security from their SIEM can end up paying more than just the cost of SIEM deployment if their defences are breached.

Improving SIEM Threat Detection and Response Without SIEM Costs

There is a growing discrepancy between SIEM costs and outcomes. Although advanced SIEM systems may include security orchestration, automation and remediation (SOAR) and user and entity behaviour analytics (UEBA) functionalities, they are still struggling to provide real value to organisations operating in an ever-evolving threat landscape.

The main reason why is that SIEM software can’t fix the inherent problem facing modern companies: tool sprawl. As long as SIEMs rely on siloed security products, defenders will continue to be overwhelmed with false alerts that stem from poorly correlated or incomplete information, regardless of whether they’re using a traditional or next-gen SIEM.

Rather than a tool that links disparate security controls together, what organisations need instead is a platform that consolidates multiple security solutions into one cohesive security operations system. This is what SenseOn sets out to do.

Displacing the need for EDR, NDR, UEBA, IDS/IPS, SIEM, and SOAR, SenseOn’s unified threat detection and response platform saves organisations hundreds of thousands of pounds not only in implementation costs but also in cloud monitoring, security engineering, and other expenses that come from a noisy environment, reducing the total cost of ownership.

Just as importantly, SenseOn minimises the risk of cyber attacks and their associated costs by significantly reducing the number of false positives that security teams are exposed to daily. Using proprietary threat triangulation technology that thinks and acts like a human security analyst (and learns from experience), SenseOn correlates alerts with other event data to flag only genuinely malicious security threats. It can also automate incident response when a critical attack (i.e., ransomware) is in progress.

Resources

Explore our collection of eBooks, webinars, articles, and more to help you maximize your understanding of emerging threats, adversary techniques and how to detect cyber attacks.

Visit resource hub