SIEMpocalypse?

3 min read

Did you know that Microsoft is a security vendor? No, it’s true. For years, the company was hammered by negative public perception and the butt of jokes around the 2002 "trustworthy computing" memo. The company has steadily invested in developing a security mindset and the product results are now more visible to the public. Noteworthy announcements include Windows-as-a-service designed to updated the core operating system against ever-evolving threats and more recently, the beta test of Azure Sentinel billed as a cloud-based SIEM (security information and event management) platform.
 
What does it all mean to the buyer of SIEM and EDR (endpoint detection and response) platforms? Well, for one thing, it surely means a significant competitor. Buyers who gravitate towards platform buys and can self-serve their security needs will now have a new option. In the EDR space, this means those considering big-name vendors such as Carbon Black, SentinelOne, Tanium, and the like, will begin evaluating Windows Defender ATP. 
 
In a similar vein, the Azure Sentinel platform takes aim at big-name standalone SIEM vendors such as IBM QRadar, Micro Focus ArcSight, Exabeam, and LogRhythm. If you were able to mount a defense of your network using such high-end solutions, why then there is yet another platform to consider.
 
But wait, is the real problem the lack of a scalable cloud-based platform? Notice platformhas been in italics throughout the article. Is the lack of a scalable, cloud-based platform the main obstacle to better security for the typical business? Not really. If you gave away a free license to any of these big-name products to a typical MSP (managed service provider) or medium-sized enterprise, it still wouldn't improve security much and wouldn't generate the hoped-for outcome. You know why, it’s mad skillz and process discipline along with scalable, preferably hosted technology, that is needed. And of course, the global IT security skill shortage affects everyone, MSP and end-buyer alike.
 
Recognizing this core problem many years back, EventTracker introduced Enterprise for the Enterprise and Essentials for the MSP. This month, we introduced EventTracker EDR, a managed service built on the same technology and services foundation. Hosted in a U.S. datacenter plus mad skillz delivered from a 24/7, ISO 27001 certified SOC (security operations center). Everything we do is based on our core concept that repeatable, consistent, scalable security outcomes are only possible when you meld best-in-class technology with disciplined subject matter experts.
 
So, do you want to buy more technology? Or do you want outcomes?
 
P.S. The recent S-1 filing by Lyft says: "We believe that the world is at the beginning of a shift away from car ownership to Transportation-as-a-Service or TaaS. Lyft is at the forefront of this massive societal change. Car ownership has economically burdened consumers. U.S. households spend more on transportation than on any expenditure, other than housing. On a per household basis, the average annual spend on transportation is over $9,500, with the substantial majority spent on car ownership and operation." 

Now substitute car ownership in the above paragraph with SIEM or EDR ownership. The as-a-service concept is here to stay.

P.P.S. The filing also says: "The average cost of a new vehicle in the United States has increased to over $33,000, which most American households cannot afford."

Is that your situation with SIEM and EDR technology? If so, relief is at hand. Learn more about our Zero to SOC approach to co-managed security.