Security as a service is becoming a market game-changer

Latest SIEM offerings change way SMBs, others detect, manage increasing cyber risk

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A revolution is happening in digital security. As data breaches continue to become more prevalent—and damaging—vendors focused on Security Information and Event Management (SIEM) are redesigning their solutions to meet the needs of a growing market.

By 2021, the demand for SIEM solutions is set to grow to $5.93 billion, according to research from Technavio. Their report, Global Security Information and Event Management Market 2017-2021, estimates that the SIEM market will grow at an annual rate of more than 12 percent over the next four years.

Related story and podcast: Machine learning underlying SIEM gets smarter at neutralizing threats

For the first time since the term SIEM was coined by Gartner analysts Mark Nicolett and Amrit Williams in 2005, infosec companies are beginning to think of SIEM as a service rather than a product. This is in stark contrast with the earliest visions for SIEM. When solutions were first being launched, forward-thinking enterprises bought the product and were expected to install and manage the entire thing themselves. The result? Too many companies spent money with no measurable results. Unsurprisingly, enterprises were quick to dismiss SIEM offerings.

Previous problems with SIEM solutions

A.N. Ananth, EventTracker CEO

“We think that a lot of the criticism that people had for SIEM in years past was centered around the frustration of getting it to do what people wanted it to do,” says A.N. Ananth, CEO of EventTracker, one of the security companies leading the new charge.

Although compliance remains a relevant selling point for justifying security and risk management budgets the series of high-profile attacks in recent years now is a strong driver.

Gartner’s most recent IT Key Metrics Data pegs company spending on IT security and risk management at between 4 percent and 7 percent of the overall IT budget. However, spending statistics alone do not measure effectiveness and are not a gauge of successful IT within organizations. They simply provide a view of average costs, in general, without regard to complexity or demand.

For SMBs, one way to constrain spending is to consider managed detection and response. This is an effective outcome-based combination of expertise and tools to detect threats, especially targeted advanced and insider threats.

SIEM as a service takes off

In the past year, SIEM as a service is becoming increasingly popular with small- and medium-size businesses (SMBs). As a result, many offerings have emerged.

EventTracker’s solution, SIEMphonic provides everything you would expect from a SIEM product, including vulnerability scanning and intrusion detection, as a managed service.

A Fortinet version called the FortiSIEM platform offers ease of management and provides administration with dashboard views of all information collected and analyzed. FortiSIEM breaks down layers of events into useful and purposeful information, with a distributed real-time event correlation engine that enables organizations to detect complex event patterns in real time.

Splunk’s version stresses flexibility and scalability. The SIEM software quickly indexes massive volumes of original, raw data from any source. Alert Logic, BAE Systems, IBM and Trustwave offer other managed solutions.

The SIEM revival

Although many businesses were disappointed by SIEM offerings pre-2010, they are now coming back to the market thanks to this new managed offering.

According to the Ponemon Institute, 2016 was a record year for data breaches, with 980 incidents costing between $3.8 million and $4 million. Regulatory compliance requires that a solution like SIEM be part of an organization’s online architecture. And because of a combination of fines and public shaming, more and more business are taking these regulations seriously.

That is why for SMBs, a managed SIEM solution is seen as a necessity. Just being compliant isn’t enough. It is not just about the money, either. Any incident of data loss, however small, can be a huge blow to customer confidence.

Any business, regardless of regulatory requirements, should consider a SIEM solution as soon as they have basic security architecture in place.

Ananth says: “Security comes first. If you are secure, then you are compliant. You can be compliant, but you might not be secure.”

More stories related to threat detection:
Automated malware removal fights fire with fire
Machine learning helps detect real-time network threats

Machine learning combined with behavioral analytics can make big impact on security