How Traditional SIEM Pricing Models Hamper Security

Written by

Depending on your role in a company, the thought of business growth may elicit a very different response from you. While CEOs are gladdened by the prospect of burgeoning operations and hopefully profits too, the same scenario may leave the CISO in a cold sweat.

The reason for this is that business expansion leads to increased threat exposure to data breaches through several intertwined causes. 

The answer to mounting threats is, of course, speedy and effective detection and remediation through solutions such as SIEM. However, traditional SIEM pricing models often inflate massively as the data volumes they analyze increase, whilst security budgets may only increase incrementally.

This leaves CISOs with the dilemma of how to ensure critical data is secure whilst keeping within budget. Inevitably, CISOs end up sacrificing at least some level of visibility and data security to ensure they remain within budget. If businesses are to remain safe throughout periods of rapid growth, a rethinking of modern SIEM pricing models is necessary. 

Increased business growth means increased threat 
This is an age of GDPR fines and an ever-present threat of cyber-attack. Recent Ponemon Institute research found that businesses of all sizes are increasingly under threat, with 65% of SMBs in the UK reporting being targeted by a cyber-attack this year alone.

Considering these circumstances, businesses need to understand that whatever wealth earned through growth can be jeopardized through a data breach and the resulting fine. The first step to navigating growth from a security standpoint is in analyzing how business expansion creates risk. 

The simplest reason for increased risk is that, in the calculating eyes of a cyber-criminal, a company that is expanding is a more lucrative target. The larger the company, the more data there is to be accessed – it follows that the greater volume of data stolen, the more it can be sold for on the black market. Organized criminal hacking groups follow business news as keenly as anyone in the industry; a surging company will pique their interest.

Beyond data volume growth being the reason for targeting, the nature of company expansion creates other threat vectors that give CISOs reason to worry. An expanding business will likely be taking on more personnel, and each additional team member will bring with them numerous network-connected devices, representing a host of potential new vulnerabilities. Each new employee could be an unwitting insider threat. Either way, it is up to the security team to monitor their access to systems and use of sensitive data. 

As businesses grow, they’ll inevitably expand their network of third-party suppliers to meet larger business aims. The central security and analytics platform (SIEM) for the modern security operations center (SOC) is not just protecting one’s own network, but ensuring the security of all third parties that connect into it. Transitioning companies with broad and complex networks face added risk as each third party represents another point of unauthorized access to the network. 

Growth for modern enterprises inevitably leads to infrastructure growth as well; for example, increased business may lead to increased web traffic, or a demand for new and efficient online services to better fulfil a company’s purpose.

With this new infrastructure comes more data and new systems, all of which must be monitored and secured by the security team to defend against hostile activity. The general modernization of IT also adds to the data load, as legacy software and hardware is replaced by solutions such as cloud, which require more data and further systems for SIEM to monitor. 

Whatever the type of growth an enterprise is experiencing, it is likely that expansion calls for multiple new areas of potential risk to be immediately monitored and responded to through a SIEM. As well as being a more valuable target, a growing business is an enterprise in transition and cyber-criminals will be watchful for any lapses in the changing security situation.  

Traditional SIEM pricing models prevent security scalability 
To meet threats presented through growth, a fluid and holistic SIEM is necessary to cover these many areas of developing exposure. However, traditional pricing models have so far been restrictive to security scalability, especially in instances where company growth cannot be predicted with time to plan accordingly. 

The two most common pricing models used by SIEM vendors are the capacity-based model and the user-based model. Neither of these models offer easy scalability and can leave business leaders in a difficult bind as to whether to pursue growth at the expense of security. The capacity model is based upon a set cost per a certain amount of data, while the user-based model is a set cost based upon the headcount of your organization.

Crucially, these solutions do not allow for the anticipatory handling of rapid growth, as businesses cannot perfectly predict expansion. This leaves CISOs facing growth with a SIEM model that has not been adequately funded to monitor the data and systems needed to ensure business security. 

Traditional pricing models are now leaving CEOs and CISOs in a difficult situation – should business growth be tempered at the expense of pursuing opportunity, or should companies forge ahead and jeopardize their data security? Security vendors have to meet the needs of their customers and find a more versatile approach to SIEM pricing, as existing models act as a restraint on companies that want to be both dynamic and secure. 

What’s hot on Infosecurity Magazine?