04-Jun-2018

The modern network can't survive without a security ecosystem. But with multiple complementary services, devices and systems producing millions of log events each month, identifying and acting on security events is a skilled and time-consuming job.

So you have three choices:

  • Do nothing, and risk failing to identify and respond to threats.
  • Implement and self-manage an in-house security operations centre (SOC), providing 24/7 security information and event management (SIEM).
  • Partner with a managed SIEM service provider.

Honestly, if you value your business the first option is a non-starter, so I wanted to explore the differences - and the costs - involved in either setting up your own SIEM service, or partnering with a third party.

Compare and contrast

SIEM isn't an off-the-shelf proposition, so setting up an in-house service is involved, and maintaining it is costly. To even get started you'll need managerial expertise, then you'll need to recruit a team of staff, train them with additional skills, and provide them with the necessary tools and threat intelligence.

With a managed security service provider (MSSP) you pay a fixed fee for agreed services. In a like-for-like comparison, the MSSP will be responsible for setting up and managing the system, and providing the necessary security analysts, researchers, incident response, forensics and compliance audit expertise, along with the ongoing threat intelligence and analysis, incident response, investigation of priority alerts and regulatory reporting.

The MSSP is also responsible for the technology underpinning the service: software and hardware as well as the intrusion, forensics, workflow and reporting tools, and threat intelligence.

What about the costs? Below we've laid out a typical pricing example for a mid-sized organisation setting up its own SOC-managed SIEM service, versus partnering with an MSSP.

 

 

Self-managed SIEM 24/7

Managed SIEM 24/7

SIEM technology (hardware and software)

£60,000

N/A

Implementation

£15,000

£10,000

Product training

£6,000

included in above

Total CapEx year one

£81,000

£10,000

System administrator

£5,280

N/A

Vulnerability scanning

£2,640

N/A

Event monitoring

£52,800

N/A

Incident response

£4,500

N/A

Compliance reporting

£6,000

N/A

24/7 SOC (five staff)

£275,000

N/A

Recruiting

£60,500

N/A

Training and accreditation

£24,500

N/A

24/7 Managed SIEM service including technology

N/A

£92,000

Total OpEx year one

£431,220

£92,000

Total cost year one

£512,220

£102,000

 

As you can see, there's a strong financial argument for partnering with an MSSP - even more so when you take a longer-term view:

 

 

Year 1

Year 2

Year 3

Total cost

Self-managed SIEM 24/7

£512,220

£431,220

£431,220

£1,374,660

Managed SIEM 24/7

£102,000

£92,000

£92,000

£286,000

 

Any business looking to improve its security posture and better protect itself knows it needs 24/7 SIEM coverage. But for many, the costs of running a SOC are just too high. As you can see from the figures above, Managed SIEM makes a compelling alternative: for a fixed fee, it provides established technology and expertise, dependable and consistent action in the face of security events, and standardised reporting that makes it easier to evidence compliance.

 

Want to know how Ideal can help you join the dots on your network? Discover Managed SIEM


Image by Damian Zech/Flickr, Creative Commons

Paul Davies

Written by Paul Davies

Account Director

Subscribe to Blog Notifications