The Trouble with SIEM – Truth or Myth?

From our Preferred Partner, Foresite

SIEM, which stands for Security Incident and Event Management, is a toolset that has roots in log management but has since evolved to become smarter and more nuanced. Because of its evolution over time, there are some misunderstandings about what SIEM truly does and how it affects customers. We separate the beliefs from the truths here:

 

Belief: SIEM expenses are more than expected due to the cost of implementation, ongoing resources, and billing by usage.

Truth: Foresite and Ingram Micro’s quotes include licensing of the SIEM tool, onboarding, and ongoing support and tuning with no usage, per event, or change request fees charged. Annual service cost is consistent throughout the term of the agreement.

 

Belief: Configuration is Complex. Implementation often costs as much as the solution.

Truth: Foresite and Ingram Micro’s ability to leverage a client’s virtual machines, minimal licensing costs, and very competitive onboarding feeds make our solution a much lower cost of entry.

 

Belief: Staffing costs are higher than expected. SIEM requires at least one dedicated person with the skills to manage.

Truth: Foresite’s SOC team assigns a Technical Account Manager (TAM) who handles ongoing management and tuning of the SIEM tool, which takes the burden off of the client.

 

Belief: SIEMs generate noise. More than half of users complain about too much noise from the SIEM.

Truth: Foresite’s SIEM tool includes their SOC team, which reviews all events generated by the logs and business rules to eliminate noise. The TAM then makes sure that rules are updated to tune out false positives.

 

Interested in learning more?

Contact Ingram Micro’s Professional Services team at proservices@ingrammicro.com to learn how Foresite and Ingram Micro can deliver on all your security needs!