Skip to content
    July 25, 2024

    SIEM Pricing Models for SMBs

    Flat Monthly Rate Per Seat vs. Paying by Data Ingestion or Endpoint: Blumira Offers Unlimited Data for Greater Visibility

    SIEM is so hot right now (see: the hype of next-gen, AI-enhanced, and tech acquisitions abound), but with the vast number of vendors crowding the space, how can small and medium-sized businesses choose? 

    Often it can all come down to pricing; not just the initial upfront capital costs including setup, implementation, configuration, tuning, maintenance and infrastructure, but also the ongoing operational costs associated with data volume. It’s important to consider the pricing model as you evaluate security vendors to partner with for the long haul.

    The amount of data logged, or sent to a vendor’s solution, and analyzed for anomalies is often used to determine pricing. Many SIEM providers may charge you by the amount of data you send to their service per time period (also known as ‘pay-as-you-go,’ data volume, or consumption), which can be problematic for a few reasons:

    It’s Costly

    Charging by data ingestion can really add up over time as your environment grows. Microsoft’s pricing calculator for 500GB/day amounts to $43,824 for 30 days or $525,888 a year (and that’s at a discounted rate). 

    Others charge by endpoint for XDR capabilities, in addition to the data volume associated with sending your logs to a SIEM – at the higher end, a well-known enterprise vendor will run you upwards of $100,000 a year for 500 endpoints to start, in addition to an unknown and fluctuating amount based on data ingestion. Elastic’s SIEM calculator estimates $333,576 annual cost for 450 endpoints (roughly 500GB) and one year of data retention.

    This often does not include long-term data retention, which is required by many compliance frameworks and to be approved for cyber insurance (see Azure pricing by log type, search capabilities, and retention).

    Higher TCO

    It’s not just more expensive for the ongoing ingestion costs alone; most vendors also charge for add-ons (that’s how they getcha). Want 24/7 security support, onboarding, configuration, technical assistance or custom detection rules? Proactive threat hunting and outreach for emerging threats? Managed and tuned detection rules? Parsing or additional integrations? External threat scanning to identify unknown open ports? Ongoing security assessments and recommendations? Pre-built reports or the ability to access and/or search all of your raw logs? That’ll be extra, or you’ll need to outsource or do all of the development in-house, which means hiring and training additional costly security staff.

    Unpredictable

    It’s hard to budget in advance as your data needs fluctuate from month to month based on user, network and app activity or unforeseen changes in your tech stack. These are all variables that can result in data increases and cost surges that may push you over budget.

    Limits Visibility

    Without analyzing your full dataset (and having to make financial decisions about limiting your data based on costs), you may miss critical indicators of a compromise – meaning, you may not catch an attack in progress until the damage is already done. That can include customer data loss, reputational damage, operational downtime, compliance violations, legal fees and more.

    Holes in Data Retention

    To reduce costs, some SIEM, MDR and/or XDR vendors may talk up their approach to dropping many of your logs while keeping some of your data history in cold storage in order to check a compliance box. But compliance does not always equal security (especially in this scenario), and this approach can result in holes in your complete log history and frustration for forensic investigation after an incident occurs.

    Transparent, Easy SIEM Pricing for SMBs

    Blumira’s pricing model is fixed at a flat monthly rate per seat at your organization to help SMBs predictably budget for their security costs. That means by the total number of knowledge workers/employees at your organization that have a corporate email address (excluding any factory workers or students, in the case of manufacturing companies or education). We do this in order to more accurately approximate the amount of data each employee is generating and sending to our platform. Additional agents are available for a low monthly fee for organizations with more endpoints than seats.

    The great part about this for our customers is there’s no limit on the amount of data you can send to Blumira’s platform for analysis, detection and response to give you the greatest visibility across your entire environment. That means you don’t need to worry about making tough decisions around which application you want to collect data from, or how much data you can afford to send each day; you can just hook them all up and continually ship logs over to us at no additional cost. Our around-the-clock streaming and analysis gives you peace of mind and 24/7 monitoring, without any disruption. 

    As for long-term data retention, we’re not in the business of ‘thinning out’ your log history or making it difficult or slow to access your logs. Blumira holds a year of all of your logs in hot storage so it’s readily available when you need them – crucial in the time-pressed aftermath of an incident when you need to verify how an attacker got in and if they still have access to your systems. A year of data retention is included in the flat rate for our editions and even longer retention options are available too. 

    What else do you get for the flat XDR rate? 

    • A dedicated Solutions Architect (SA) to provide guided onboarding and configuration sessions, give you recommendations based on best practices, and ongoing consultations throughout your entire partnership with Blumira. 
    • 24/7 Security Operations (SecOps) support for critical priority issues that you can reach out to directly in-app, messaging a real person for responsive help when you need it
    • Proactive threat hunting, emerging threats security bulletins, and managed detection rules by an experienced incident detection engineering (IDE) team that updates the cloud platform every week to keep you both aware of and protected from the latest vulnerabilities and exploits
    • A team of engineers running the infrastructure behind the cloud platform to ensure high availability, reliability, and ongoing adherence to security standards like SOC 2

    Blumira’s value is not just in the automation, ease of use and advanced security technology built into our platform, but also in the teams of people on the ready to back you up during stressful security scenarios. That value is like adding another security team member to your team, or being able to tap us if your small IT team is short on resources or expertise.

    Tag(s): SIEM XDR , Blog

    Thu Pham

    Thu has over 15 years of experience in the information security and technology industries. Prior to joining Blumira, she held both content and product marketing roles at Duo Security, leading go-to-market (GTM) and messaging for the portfolio solution Cisco Zero Trust. She holds a bachelor of science degree in...

    More from the blog

    View All Posts