Why a Co-Managed SIEM?

In simpler times (2010?!), security technology approaches were clearly defined and primarily based on prevention with things like firewalls, antivirus, web and email gateways. There were relatively few available technology segments and a relatively clear distinction between buying security technology purchases and outsourcing engagements.

Organizations invested in the few well-known, broadly used security technologies themselves, and if outsourcing the management of these technologies was needed, be reasonably confident that all major security outsourcing providers would be able to support their choice of technology.

As observed by this Gartner paper (subscription required), this was a market truth for both on-premises management of security technologies and remote monitoring/management of the network security perimeter (managed security services).

So what has changed? It’s the increasing complexity of the threat landscape that has spawned more complex security technologies to combat those threats.

Net result? The “human element” is back into the forefront of security management discussions. This is the security analyst and Subject Matter Expert for the technology in use. The market agrees: The security gear is only as good as the people manning it.

With the threat landscape of today, the focus is squarely on detection, response, prediction, continuous monitoring and analytics. This means a successful outcome is critically dependent on the “human element.” So the choices are to procure security technology and:

  • Deploy adequate internal resources to use them effectively, or
  • Co-source the staffing who already has experience with the selected technology (for instance, using our co-managed SIEM)

If co-sourcing is a thought, then selection criteria must consider the expertise of the provider with the selected security technology. Our SIEM Simplified offering bundles comprehensive technology with expertise in its use.

Technology represents 20% or less of the overall challenges to better security outcomes. The “human element” coupled with mature processes are the rest of the iceberg, hiding beneath the waterline.