We’ve heard it again and again from many organizations that struggle to set up good defensive security tools:
Many organizations that have managed to set up a SIEM aren’t getting a lot of value or visibility into potential security incidents across their environment. A large part of that is due to overall SIEM complexity and the additional effort required on the part of the organization to make up for the lack of SIEM capabilities to detect and respond to common attacks.
As an example, here’s a comparison of a typical Splunk on-premises SIEM deployment vs. Blumira’s cloud SIEM, based on our team’s past experiences and a recently-onboarded customer:
Splunk* | Blumira** | |
---|---|---|
Overall | From 3-6 months with security expertise to 1.5 years for larger companies | Under 5 hours |
Current Team | Varying amounts of time for project management, user feedback, custom playbooks, security architecture and SOC team training (15+ ppl) | 1-2 IT/security resources with access to configure existing systems w/Blumira. |
Additional Consultants | 14+ weeks for setup, pen testing support, architectural planning, and continuous tuning | None |
Additional Costs | $100k+ virtual compute and flash storage; additional licensing for an alerting module | None |
Pricing Model | Difficult to predict - priced by amount of log data consumed - $100-300k/Year | Priced per user starting at $14,400/year for up to 100 users |
* Based on an account of an enterprise-level deployment of their on-premises SIEM offering.
** Based on a recent customer’s mid-sized deployment of Blumira’s cloud SIEM platform.
Ultimately, Blumira’s customer (like many others) was seeking value in a few different areas – from the consolidation of security reporting and the ability to access all reports in one place to detect and block potential security issues, as well as having access to security expertise to understand what their alerts mean and how to respond.
Unfortunately, not every SIEM vendor actually provides much value in these areas. The time, resources and teams of people it takes to implement, configure, and maintain solutions in order to get any security insights out of a typical SIEM add up to many hidden costs explained in more detail below:
Overall, an on-premises Splunk deployment for a large enterprise took one and a half years total. However, with a good managed security services provider (MSSP), it can range anywhere from three to six months.
For a typical mid-sized Blumira customer, it can take under five hours. That includes creating and setting up a sensor and integrating the platform with:
Learn more about Blumira’s integrations >
For the Splunk deployment, the organization required a fair number of resources from their current internal team, including:
It also required two in-house Splunk architects for ongoing maintenance.
The recent Blumira deployment was managed by one network services manager; a common occurrence when it comes to the size of the teams that are often tasked with running both IT and security at mid-sized organizations.
Learn more about configuring Blumira >
In addition to the current team, the Splunk deployment required 3.5 months of consultants to help set up and deploy hardware; normalizing and parsing logs; customizing their dashboards; as well as architectural planning. They also had an on-site Splunk consultant to support their security operations center (SOC) during penetration tests.
They also hired consultants to help install and configure the SIEM, and configure the ES (Enterprise Security) module to set up and enable security alerts (around 40 pre-built alerts included in ES). An additional three months of consultancy support was required for the continuous tuning and creation of rules; a process of rolling out rules, reviewing them, then more allowlisting and configuring.
Blumira did not require additional consultants for deployment.
Aside from the time of internal and external teams to assist with deployment and security configuration, the Splunk SIEM required additional costs for on-premises setup – around $100,000 in virtual compute and flash storage for clusters and fleets (hosting infrastructure).
Blumira did not require any additional costs for deployment.
Splunk’s pricing model is based on the amount of log data sent to their service; around $100-300,000 for an annual data ingestion license. That means the more systems that are sending more logs to their SIEM, the more a customer is charged.
Blumira’s customers are charged by the amount of users, similar to other software-as-a-service (SaaS) pricing models that provide transparency and fixed costs, based on your organization’s specific needs.
Learn more about the cost of SIEM in our upcoming gameshow:
“Blumira takes the frustration out of SIEM and SOC – with simple deployment, relevant and accurate detections, and extremely responsive and knowledgeable support.” – Kevin Hayes, CISO, Merit Network
Learn more about automated threat detection >
Learn more about cloud SIEMs >
Learn more about Blumira’s pricing >
Replace Your SIEM: Traditional vs. Modern SIEM – Legacy SIEMs can be complex, noisy and lack remediation. Replace your SIEM with a modern platform for automated threat detection and response, with lower overhead.
How Much is Your SIEM Solution Costing You? – Legacy SIEM costs can add up. See how Blumira automates threat detection & response for better security value at a reduced total cost of ownership.
How to Replace Your SIEM: Free Guide – Our guide gives you a criterion checklist to help you select a modern security platform that can meet your organization’s needs, without significant overhead.