sb-au logo
Story image

A better way to budget for SIEM services during times of rapid growth

16 Mar 2020

Article by LogRhythm's APJ vice president of marketing, Joanne Wong.

Ensuring their organisation’s IT infrastructure remains secure at all times is a juggling act for most chief information security officers (CISOs). On one hand they want to invest in the most effective tools, but on the other they recognise a need to keep costs under control.

The challenge is particularly acute when it comes to budgeting for a security information and event management (SIEM) system. Here, the combination of constantly changing data volumes and consumption-based charging can make estimating costs a nightmare.

Things are made even more difficult during periods of rapid growth. Increases in headcount lead to increases in data volumes and network activity. Each new employee also boosts the organisation’s risk exposure as they effectively represent new attack vectors.

Then, there is the associated infrastructure growth. The addition of extra servers, network links and endpoint devices creates a more complex security challenge. Managing this while also keeping a lid on costs is no easy feat.

In these situations, many CISOs may find themselves exceeding their budget for SIEM services. They may think they have little choice but to cap the volume of log data that their SIEM is processing and analysing.

While capping the volume of data being sent to your SIEM may appear a logical way to fix a financial problem, it’s an approach that introduces fresh security risks. Excluding data from a SIEM effectively creates a security blind spot.

The challenge of SIEM pricing models

When it comes to solving this challenge, SIEM vendors certainly don’t help. In fact, the two most common subscription models only make the data-versus-budget problem worse.

In the past, vendors have charged based on capacity, with their customers typically paying an agreed amount per message, gigabyte, or second.

More recently, some SIEM vendors have adopted a user-based pricing model where customers pay a certain amount of money per user, per year. It doesn’t matter how much data each user generates as the organisation will be charged based on the total number of users. This approach is attracting a lot of attention as it offers a more direct, easy-to-understand way to budget for a SIEM.

However, user-based pricing doesn’t necessarily provide any better cost stability than capacity-based pricing, as employee headcounts are likely to increase with any business growth.

In fact, neither of these subscription-based pricing models are conducive to business growth. Under either model, enterprises lose affordability and predictability.

A better approach

Fortunately, there is another, better option for enterprises undergoing rapid growth which involves the concept of unlimited data processing. Such a SIEM license provides an insurance policy against unpredictable or rapid growth and cost blow-outs.

It also removes data ingestion restrictions, giving security vendors the freedom to ingest all data to fully protect the customer no matter what kind of growth the future brings. With this pricing model in place, it doesn’t matter how much data a SIEM processes or whether that data originates from the cloud or on-premises – it’s all included in one pre-set price.
 
Such a SIEM unlimited data processing plan is based on the idea that CISOs shouldn’t have to weigh risk against budget. Nor should they have to make difficult decisions about what data they will and will not protect.

Selecting an unlimited processing plan will allow an organisation to grow while at the same time not compromise its levels of security. Rapid growth can occur, without it resulting in spiralling SIEM costs.

It’s worth spending time to review your current SIEM charging agreement and considering whether shifting to an unlimited processing model might work for your organisation. Predictable costs and better security are within reach.
 

Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More
Story image
Sophos Rapid Response puts out the ransomware fire
“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot."More
Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
A brief history of cyber-threats — from 2000 to 2020
Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.More
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More