For many organizations looking to get started with security information and event management (SIEM), when it comes to selecting a platform, price can be the deciding factor. However, it can be difficult to work out exactly what any given solution costs, or how the cost of one solution compares to another. Differences in vendors’ pricing schemes, as well as differences in infrastructure requirements (e.g., storage hardware) are just a few of the things that need to be taken into account here.
So, how much does SIEM cost?
First things first: requirements
Before delving into the factors that affect the total cost of a SIEM solution, consider what you need your solution to do:
- How much security data is produced in your organization every day? Every month? Every year?
- How long do you need to store your data? Is there some data you’ll need to store for longer periods of time (e.g., for regulatory compliance purposes)?
- Is your network complex? Simple? Somewhere in between?
- Do you have particular performance or uptime needs?
- How many users are in your organization? How many of them will be directly using the SIEM platform at any given time?
- What features do you need? Is log analysis the most important feature for you, or do you need automation, reporting, and other “advanced” features?
If you don’t already know the answers to these questions, take some time to consider them. Your answers will help you determine what solution is the best fit for your particular situation.
Hardware
Large volumes of data are central to SIEM, and there’s no getting around the need for somewhere to store all that data. Traditionally, this meant that there was always a hardware cost associated with implementing SIEM. Today, many vendors offer a choice between an on-premise platform and a cloud platform. Since some organizations need to store their data in specific physical locations (whether that’s in a certain country or in a certain building), cloud-based SIEM services aren’t an option for everyone. On the other hand, if your organization does not have such a need, a cloud offering is worth considering — particularly if you don’t already have the hardware you would need for an on-premise platform.
If you do decide to go the on-premise route, you’ll want to consider factors like the amount of data you need to store, as well as performance and uptime requirements, when choosing your hardware. Additionally, some solutions may be incompatible with certain hardware configurations. Be sure to double-check the hardware requirements of the platforms you’re considering.
Software and feature sets
When it comes to the platform itself, comparing the offerings from different vendors can be difficult. Some vendors, for instance, focus on an all-in-one offering. Others divide their offerings into “editions” with different feature sets. Still others offer modular products, consisting of a basic product and add-ons that can be purchased individually. Each model has its advantages:
- All-in-one offerings are the simplest option. You don’t need to compare different editions of the product or figure out which add-ons provide the features you need, since you can only purchase a single, fully-featured product.
- Products that come in different “editions” or “versions” give you a range of pre-selected feature sets to choose from, with higher prices for more extensive feature sets. This pricing scheme can save you some money if you don’t need an extensive feature set. On the other hand, you may find that you want just one feature from the most expensive version, forcing you to either buy many features you don’t care about or live without the feature entirely.
- Modular products are sold as a basic product for which a range of add-ons is available. Modular products can also save you some money if you don’t need a broad range of features. However, the basic product may be highly limited without add-ons — and if you do need lots of features, licensing and managing all of the required add-ons can be difficult.
Subscriptions and one-time licenses
The classic “pay once, use forever” approach to software licensing is available for SIEM platforms, too. While perpetual licenses are convenient, they can be prohibitively expensive for small- and medium-sized businesses. Additionally, subscription pricing is the norm for cloud services, including cloud-based SIEM solutions. For these reasons and others, subscription pricing is gaining popularity in the SIEM market.
Having said that, subscription pricing for a SIEM platform typically works a bit differently than it does for products like smartphone apps or design software. Instead of paying a fixed amount per month or year, the amount you pay may be based on how much data you store on the vendor’s servers. As with other enterprise software, paid monthly or yearly support plans are also common, and one may not be included in your initial purchase.
