Managed Security Add-on: SIEM

Written by John Moore 1
June 11, 2009

Looking to differentiate your managed security services? One potential way to do so is to evaluate security information and event management (SIEM) appliances. Here’s what they do.

SIEM products gather and analyze the security log data generated by a range of devices. Pam Casale, chief marketing officer at Intellitactics said she sees interest in an MSSP (managed security service provider) model in which “more companies are choosing to co-opt monitoring and reporting.”

Casale sees the approach unfolding as follows: An MSSP’s customer agrees to have the service provider deploy a SIEM appliance at the client site. The MSSP then remotely manages the appliance, analyzes security events, responds to notifications, schedules reports, and interprets results.

“In effect, the MSSP is the security staff,” she said.

Intellitactics markets SIEM products and targets MSSPs as a key customer segment. Casale said the company expects its revenue from MSSPs to double in 2009. The company’s newly launched ClientVue product was specifically designed for MSSPs. The software lets service providers create dashboards for clients, providing information on antivirus performance and compliance status, for example.

Intellitactics cites Perimeter eSecurity (ranked No. 2 on the MSPmentor 100 for 2008-2009) and Telus among its MSSP customers.

Gartner, in an April report, noted that several MSSPs now offer security information management services. Those offerings, the market researcher said, “are being driven by clients that must meet compliance requirements and are seeking an alternative to buying and implementing a [SIEM] product.”

Casale said she believes the economy is driving customers to MSSP-managed SIEM appliances. That and the need to quickly meet security compliance objectives.

So who might tap an MSSP for managed SIEM? Casale pointed to retail as an industry sector that faces security duties — specifically, the Payment Card Industry Data Security Standard — but may lack the depth of security expertise to comply as rapidly as they would like.

But essentially, any organization light on security talent and weighted down with security obligations could become a SIEM service customer.

Contributing blogger John Moore covers Master MSPs, Web hosts and emerging opportunities. Follow MSPmentor via RSS; Facebook; Identi.ca; and Twitter. And sign up for our Enewsletter; Webcasts and Resource Center.