Since its inception, SIEM has been something for the well-to-do IT Department; the one that can spend tens or hundreds of thousands of dollars on a capital acquisition of the technology and then afford the luxury of qualified staff to use it in the intended manner. In some cases, they hire experts from the SIEM vendor to “man the barricades.”
In the real world of a typical IT Department in the Medium Enterprise or Small Business, this is a ride in Fantasy Land. Budgets simply do not allow capital expenditures of multiple six or even five figures; expert staff, to the extent they exist, are hardly idling and available to work the SIEM console; and hiring outside experts – the less said, the better. And so, SIEM has remained the in the province of the well heeled.
In the meantime, the security and compliance pressures continue to mount. PCI-DSS compliance in particular, but also HIPAA-HiTech, continues to drive to smaller organizations.
Question: How do we square this circle where budgets are tight and IT Security expertise is rare?
Answer: By delivering value as a service, that is, as a MSP/MSSP.
At EventTracker, we’ve obsessed on this problem for a dozen years; powering and then simplifying the implementation, and with v7.5 that trend continues. Let me count the ways:
- EventTracker is implemented as a virtual appliance. This means it can be right-sized for the environment. Scale up to very large networks of tens of thousands nodes; scale down to a site with only handful of sources.
- The Collection Point/Master model allows you to “divide and conquer.” Locate a Collection Point per a geographic or logical group; roll up to a single pane of glass at a central Collection Master. Enjoy local control with global oversight.
- Consolidate all incident data, prioritized by risk, at both the Collection Point and Master. An MSP SOC operator can now watch for incidents at a Connection Master, being fed from any number of underlying Collection Points. After-hours coverage at a single pane of glass? No problem.
- Archive data at either Collection Point or Collection Master or both with different retention periods. Don’t want data replication? Not interested in operating a SAS-70 or FISMA certified datacenter? No problem. Retain data at customer premises, subject to their access control.
- Aggregated licensing – enjoy the best possible price point by rolling up all log sources or volume.
- Flexible licensing models – buy by the node with unlimited log volume or by log volume with unlimited nodes
For MSPs and MSSPs looking to drive greater revenue or customer loyalty, EventTracker 7.5 helps with both by satisfying the customer’s compliance and security needs. For the medium enterprise or small business looking to meet these needs without breaking the bank – now there is a way.
SIEM Simplified, it’s what we do.