What features should IT decision makers consider when comparing managed SIEM providers?
Organizations looking to implement managed SIEM providers are going to find a range of different offerings no matter where they go. One of the main things that sets apart the managed SIEM solutions is the surrounding and complimentary offerings from that same provider. Knowing the trajectory of the provider’s product and service offerings is important from the beginning. This allows organizations to start long-term partnerships with providers that will be there for their current and future needs.
As with any product or service provider, organizations should be looking at providers who provide the best solution for their business needs. For SIEM, this includes features like threat detection and response, incident management, event correlation, performance monitoring, log management, integration and automation capabilities. Also important to consider are compliance concerns that need to be addressed (for example, ability to meet and enforce retention requirements). Finally, managed security service providers who can offer complimentary services like penetration testing, secure software development, or forensic and incident response capabilities provide can provide more holistic coverage rather than simply offering a point solution.
Trustwave SIEM
Trustwave is a provider of a comprehensive set of security services aimed at helping organizations who require a high level of security and desire to have it handled externally. Trustwave prides itself on their culture of innovation when new information, practices or policies are established. The managed services provided by Trustwave are backed by SpiderLabs threat hunters to provide top notch detection and response using their proprietary platform.
Trustwave’s managed SIEM is deployed as an on-premise physical appliance, or virtual appliance which can be on-premise or hosted in the cloud. All log sources are integrated using these appliances.
The Trustwave service offering is full of options and solutions for any organization. With so many options, Trustwave is can be an organization’s complete outsourced security operations center (SOC) while also providing preventative and responsive security measures as well as compliance monitoring and reporting.
Cybriant SIEM
Cybriant is a managed security service provider that can handle everything from extended detection and response (XDR) and managed SIEM to mobile and application security. This is a good resource for organizations who have an immediate need for managed XDR or SIEM, but who may later grow into needing a more complete suite of managed security services. Additionally, Cybriant has an in-depth training and education delivery platform that provides easy access to the tools an organization needs to ensure their frontline workforce is capable of maintaining an adequate security posture.
While Cybriant don’t actually have their own SIEM platform, their managed services can manage and monitor a customer’s existing SIEM platform, or they can include deployment of their own.
The managed SIEM services provided by Cybriant are full-featured with capabilities for advanced persistent threat detection and remediation, log and report optimization, and automated periodic health checks. This along with the complete portfolio of service offerings makes Cybriant stand out as a managed services solution any organization can benefit from, especially those looking to learn to take on more security responsibilities themselves as time goes on.
Netsurion SIEM
Netsurion’s EventTracker is the core platform which through which they deliver their managed SIEM services, as well as other managed security services including threat hunting, endpoint security and vulnerability management. Netsurion uses open-source threat intelligence and while this may not sound as ‘sexy’ as an in-house threat intelligence team or subscribing to expensive commercial threat intelligence feeds, open-source intelligence is often the most up-to-date. Open-source intelligence can also be verified independently and more quickly than proprietary counterparts when it matters the most.
Netsurion’s SIEM uses log collection appliances to collect and analyze log sources from inside of your network. Coupled with Netsurion managed secure edge network solutions, Netsurion can be good fit for industries like retail and hospitality where organizations need to scale quickly but don’t have their own technical resources to deploy and manage viable network defenses.
ControlScan/Viking Cloud SIEM
ControlScan’s managed security services are built on Viking Cloud. Viking Cloud offers SIEM-as-a-service along with their suite of managed security offerings. The Viking Cloud solution provides file security (File Integrity Management, FIM) and some more unique offerings like rogue wireless detection that looks for unauthorized access points or even skimmer devices, as well as data loss prevention (DLP) features that scan for unencrypted PII (Personally Identifiable Information). This is all offered on top of endpoint security, threat detection and response, and compliance management and monitoring capabilities.
Viking Cloud’s security solutions are delivered through their ‘cloud-native’ Asgard platform. Although the platform claims to be cloud-native, documentation suggests that log collection is facilitated through agents.
Viking Cloud is a great solution for an organization that needs a managed SIEM solution with a variety of security features and straight forward pricing plan. The services are offered in bundles which further emphasizes their dedication to simplifying the security needs for organizations.
NTT Security Services SIEM
NTT is offering all the features of a managed SIEM, but do not clearly state that themselves (“SOC-as-a-service” is as close as it gets). With this in mind, their portfolio is larger than most on this list as it includes offerings blended with 3rd party products and services like managed cloud solutions, infrastructure solutions, global datacenter solutions, collaboration solutions as well as security solutions that include SOC-as-a-Service, threat detection and response, threat intelligence, and application security. Their breadth of their portfolio make them a formidable player in the managed security game.
NTT’s managed SIEM is deployed using log collection appliances, and managed in their customer portal. While this means that on-premise log collection may make compliance requirements like log retention a bit simpler, the solution’s position within their global customer portal likely means it isn’t going to be as flexible as other more tailored SIEM solutions.
NTT Security Services is known for being customer-focused. Customers report their needs being met effectively and with the minimal headache. As an example, they insist on providing no-downtime release processes. The breadth of their managed service portfolio combined with their personalized and consultative approach makes them great for organizations that need a lot of help to fully understand where they currently stand and how to get to where they’d like to be.
Cipher Security SIEM
Cipher Security offers a comprehensive cybersecurity portfolio including managed SIEM. While their global SOCs have experience integrating with a customer’s existing SIEM solutions or deploying their managed services using industry-leading SIEM platforms like Splunk, the security services offered by Cipher go far beyond managed SIEM and go into a full suite of cybersecurity services offered by Cipher as well as physical security services offered by their parent organization, Prosegur. Cipher’s cybersecurity solutions include their “Red Team Services (RTS)” which allow for deep investigation, threat research, penetration testing, forensic analysis, incident response, and secure code review. Cipher’s position as both a security consultant and security systems integrator allows them to offer a comprehensive managed SIEM solution with unlimited scalability to support growth of an organization’s security posture and meeting all their security needs including governance, risk, and compliance (GRC) management, incident response, threat intelligence, and more.
As an overall provider, Cipher (and Prosegur) offers one of broadest ranges of security services (both cyber and physical) in one provider. This makes them a great place for security departments to turn for a one-stop-shop.
ArmorPoint SIEM
ArmorPoint is a managed SIEM provider that touts its simplification of the organization's procedures and processes as well as unifying the NOC and SOC with its next generation solutions. One of the highlights of ArmorPoint is their ability to stay up-to-date with the latest technology and security stacks while they focus on new intelligence, detection, and remediation methods for customer organizations. This allows ArmorPoint to future-proof their customer’s monitoring and detection capabilities in a way which would be difficult with a smaller in-house team managing their own SIEM. While ArmorPoint are well-known for their SIEM solution, they are an MSSP who are capable of providing a range of managed security services.
ArmorPoint’s SIEM platform is cloud-native and can facilitate log collection with cloud-native integrations or on-premise agents and collection appliances.
ArmorPoint provides some of the most advanced technologies in managed SIEM, so they may be a good choice for organizations who want to retain managed security services while staying ahead of the curve when it comes to security monitoring and threat detection.
BlueVoyant SIEM
BlueVoyant is another MSSP who are most well-known for their managed SIEM solution. Their platform includes a combination of some of the world’s leading security technologies which use artificial intelligence and machine learning to enhance threat detection and response. BlueVoyant’s team includes industry experts with many years of experience in dealing with real world threats, and they can apply this knowledge to managing their customers’ cybersecurity and compliance. BlueVoyant’s SIEM and automated threat detection combined with their team of security experts deliver a level of security automation and intelligence which would be difficult to match – even for organizations with a mature in-house SOC.
BlueVoyant uses a 3rd party SIEM platform (Azure Sentinel or Splunk) integrated with their managed detection and response capabilities. Both Azure Sentinel and Splunk can facilitate log collection with cloud-native integrations or on-premise agents and collection appliances.
BlueVoyant is known to have some of the best analytics in the industry, and aims to use them to combine external security monitoring and internal security management into a single unified solution. Additionally, BlueVoyant’s global team of cybersecurity experts and worldwide partner network allow them to provide a high level of service for customers with a global footprint.
Bulletproof SIEM
Bulletproof’s S.W.A.T. Defence product is their managed SIEM solution which provides world-class threat detection and response while supporting compliance programs. The product is backed up by S.W.A.T. SpecialOps, which is Bulletproof’s threat intelligence research team and security lab. SpecialOps also drives Bulletproof’s innovation in their offerings, including their S.W.A.T. Defence managed SIEM product. This solution is one of many in a portfolio of managed services provided by Bulletproof, making them another great choice for any organization with growing security needs who are willing to transfer responsibility to a group of experts as the world of cybersecurity continues to evolve into a more complex situation.
Bulletproof’s SIEM platform is cloud-native and can facilitate log collection with cloud-native integrations or on-premise agents and collection appliances.
Bulletproof’s solution aims to detect threats and anomalies while also assessing vulnerabilities and security posture by targeting the known flow of a current cyber threat (which they call “kill chain protection”). This means that they have tools and procedures for all the stages of an incident, allowing them to ensure there aren’t any holes in the defenses.
Corserva SIEM
Corserva’s goal is to provide the most comprehensive cybersecurity solutions possible. The Corserva suite of services is there for organizations that need any number of cybersecurity services, including SIEM. Specifically, their Managed SIEM service aims to be the most complete solution available. The solution is built to leave no stone unturned, with its implementation taking a ‘zero trust’ approach to ensure the most complete coverage. This means their monitoring and threat detection coverage will include endpoint security or systems with integrated third party products, and their automation capabilities for workflow customization are robust.
Corserva utilizes AT&T Cybersecurity’s AlienVault SIEM platform, which collects logs using sensors that can be cloud-native integrations, on-premise, or agents deployed on physical or virtual machines.
While their managed SIEM service offering is attractive, they also offer a huge range of solutions from physical access control to desktop support services to disaster recovery planning. This type of coverage is great for organizations who may have plans which could further utilize some of their other managed security and IT services, and would prefer to deal with one vendor.
Dimension Data SIEM
Dimension Data offers everything from private 5G networks for global private cloud connectivity to application development. They are both a managed IT services provider (MSP) and MSSP. Their managed security services include threat detection and response, device security management and compliance reporting and monitoring. While they don’t have a SIEM offering themselves, they offer integration with leading SIEM solutions. And with NTT being its parent company, this may be a good choice for companies with a global footprint who like the idea of getting voice, data, and security services from one global vendor. Dimension Data has a global network that provides a range of services and is filling a large gap in services in some under-serviced areas around the world as they bring connectivity and security to the globe.
While Dimension Data don’t actually have their own SIEM platform, their managed services can manage and monitor a customer’s existing SIEM platform, or they can include deployment of their own.
Dimension Data intends to bring intelligence and reach to every organization with fair and flexible pricing. Their range of services outside of managed security is too large to mention here but include business intelligence solutions, infrastructure solutions, connectivity solutions, and more.
DXC Technology SIEM
DXC Technology is a world class provider of engineering services, outsourced IT services, and managed security services. Their approach is meant to cover the organization with innovative technology solutions that see, report and integrate to each other providing cutting edge analytics, data management, and compliance monitoring and reporting. Included in their managed security services portfolio is, indeed, a managed SIEM service that provides an innovative approach to incident and event management. The DXC Technology team of engineers and analysts has built an ecosystem of services provided by their platform to make any organization's security posture some of the best in class.
DXC Technology also boasts a wide range of services and offerings including some that are industry specific (for example, they have services which are specific to financial services organizations or insurance provides). These offerings range from analytics and automation to business intelligence and cloud offerings. DXC is great for an organization looking for a partner who can meet security needs but also help them improve their returns on technology investments and keep current with standards, regulations and best-practices. DXC Technology use Splunk to deliver managed SIEM services.
