COMMENTARY: Can you teach an old dog new tricks? When it comes to security information and event management (SIEM), the answer is a resounding “yes.” While this technology has existed for over 20 years, and many in the industry have been touting its demise, that’s a short-sighted perspective. Today’s next-gen SIEM is an essential component of the security stack. As a managed security service provider (MSSP) trying to ensure you’re offering your customers the best protection and outcomes, you can’t overlook the next evolution of the SIEM.What are your data requirements across your entire customer portfolio? How do you account for every piece of relevant telemetry, and how do you ensure the system will be able to account for any data source in the future? What new service offerings will you gain with this new SIEM? Can it solve for external, insider, and identity threats, or will you need to buy other siloed tools to fill those gaps? How will a new SIEM reduce tool complexity and redundancy? How will it give you better efficiency and reduce maintenance complexity? How will a new SIEM solve your immediate and future needs? What is their innovation track record? There are also several potential “gotchas” to be aware of. Make sure your potential vendor offers multi-tenant abilities and the flexibility to interoperate with your existing solution stack and desired data lake of choice. You also need the ability to easily customize, optimize, and fine-tune to properly support the entire data and Threat Detection, Investigation and Response (TDIR) lifecycle. Based on what data needs to be analyzed, you must be able to easily customize detection models for higher-fidelity alerts and the ability to adjust playbooks.MSSPs and their customers will ultimately benefit from a “true, continuously innovative” Next-Gen SIEM in multiple ways. MSSPs can be more competitive and increase stickiness. They can increase their margins and operational efficiencies while also adding new detection and response capabilities to their portfolio of offerings. Customers will gain comprehensive protection and security. MSSPs gain the ability to optimize data for better cost control, remove tool complexity, and improve SOC efficiency.
MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].
SIEM is still alive and well – and kicking
MSSPs play a crucial role for security teams at small, medium, and, in many instances, large companies. They must offer the most advanced security services in order to maintain customer trust while also preserving profitability. MSSP leaders are under pressure to keep their customers happy and to keep bringing in new business, and all of this rides at least partially on their ability to ensure they’re offering the best and most up-to-date security services.SIEM is a critical asset in the MSSP’s toolbox, despite some lingering misconceptions that this technology is outdated or archaic. Most of these claims stem from frustrations around the limitations of legacy systems. For one thing, old-school SIEMs have traditionally been expensive to purchase, implement, and maintain. Significant tuning and ongoing management have often been needed to deliver worthwhile insights. Alert fatigue, slow detection and response, and other issues have allegedly signaled SIEM’s demise.That may have been true for legacy SIEM, but it’s not the case for the next generation of these solutions. SIEM is like the brain of a security operation, the IBM “Watson” in the data center. Everything feeds into the SIEM. Amid all the noise with new solutions and types, having SIEM remains a key way for MSSPs to deliver to their customers and meet their goals.SIEM solutions can be pivotal in helping companies find, analyze, and address threats as well as assisting with compliance. SIEM remains at the heart of every Security Operations team, but it requires some fundamentally different approaches to deal with today's realities: data overload, cost pressures, analyst complexity, and intensive engineering.As mentioned previously, traditional SIEM solutions come with drawbacks, including data ingestion costs that can quickly escalate, static rule-based detections that provide more alerts than context to actually find what you’re looking for, slow query and search performance, and integration gaps that require custom development and ongoing maintenance.Today’s organizations need something more. When the term “next-gen SIEM” is discussed, providers aren’t just offering a next version/release of the old thing. Next-gen SIEM is SIEM plus User Entity and Behavior Analytics (UEBA); Security Orchestration, Automation and Response (SOAR); and Data Pipeline Management (DPM)—all amplified by agentic AI.Next-gen SIEM incorporates cutting-edge technology, including AI, ML, data cost reduction capabilities, and advanced analytics. This advanced tech empowers companies to more effectively find and address threats, even those within dynamic, complex environments. They also benefit from productivity gains by removing mundane work—as much as 58% time savings for analysts to focus on more important work.How can MSSPs ensure they’ve got what it takes?
There’s a lot of noise, and many vendors are offering different products and making various claims. It’s almost impossible to pinpoint a single definitive number of cybersecurity companies globally, but the Cyber Research Database lists more than 3,500 cybersecurity companies in the U.S. alone. Even within the SIEM space alone, there’s a wide array of vendors to choose from.The sheer volume of solutions can make it extra challenging for MSSPs to decide which offerings are really the best for their customers. Every organization purports to be the best, but how do MSSP decision-makers know which solution really is? There are a few basic questions MSSPs can ask as they evaluate SIEM solutions:Evolve to compete
While “SIEM is dead” is an oft-used phrase, it’s more accurate to say traditional SIEM is evolving into a more modern, intelligent security system. Next-gen SIEMs represent a new era of technology that empowers MSSPs to offer a full security suite to customers. Use the guidelines noted above to choose your partner well.MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].
