A security information and event management (SIEM) system is an essential part of any security strategy and can help you pass a compliance audit (think ISO 27001, which requires event data to be aggregated from multiple systems). But SIEMs can be expensive, time-consuming, and hard work, especially for smaller, resource-constrained government IT departments, which often puts this essential tool out of their reach.
There are a number of reasons for this. First, SIEMs often require consulting support for deployment. Then, once operational, SIEMs may require a DBA to configure the system since they lack self-managing databases. They also put immense pressure on any database. Huge real-time insertion rates and simultaneous analysis and retrieval of data make it a performance-heavy application. Of course, more users require more hardware. But what’s often forgotten is that more features also require more hardware.
Support costs are also high. According to DLT partner, SolarWinds, the average purchase price of a SIEM is $50,000+. Add to that the high maintenance bills that must be renewed each year. Plus, most license costs are based on “events per-second”. One alternative, is to license them based on “Mb indexed per day”. But with data volumes doubling annually (per Gartner), license costs, storage costs, add-on components, and consequently, support costs will also expand.
Buying the Right SIEM for your Size and Needs
So how do resource-constrained security departments deal with, or even change, the economics of SIEM. Many of the negatives above happen because a security organization buys the wrong SIEM for its size and needs.
SolarWinds offers a lighter and lower cost SIEM that does away with enterprise SIEM complexity and cost issues. It’s specifically developed for the resource-constrained security pro and includes many of the critical capabilities of SIEM, but without the bells and whistles that are rarely used and that cause the most complexity.
Check out this whitepaper and read more about how SolarWinds is changing the economics of SIEM and demonstrates how SolarWinds Log & Event Manager helps organizations get the power of SIEM without the cost.