Making Sense of SIEM Pricing: The Top Four Options

As the SIEM market continues to grow, organizations have more options than ever to decide which SIEM is right for them. While SIEM vendors continue to innovate, sometimes it comes down to price. In the first of this five-part series on SIEM pricing, we investigate the different pricing options on the market and what these mean for organizations looking to invest in a SIEM.

The four options that are currently at play in today’s market are as follows:

  • Data volume
  • User base
  • Asset base
  • Platform modules

Traditionally, SIEM pricing models forced organizations to invest in a large up-front capital expenditure for both hardware and software in order to install the solution on-premises. Add on top of this, sizeable operating expenses that depended on how much data the SIEM could collect and the SIEM quickly becomes a large expenditure for any organization. To support the OpEx calculation, IT teams were required to determine the amount and kinds of data that would be fed into the SIEM; a project unto itself.

This traditional model was adopted by many SIEM vendors such as McAfee, SolarWinds, and Splunk, and as such, organizations had no other options for how they priced the operational expenses of their SIEM. New vendors to the market saw this lack of optional pricing as an opportunity in what seemed to be a consolidated market and came in fast with new pricing models aimed at different-sized organizations. With this, the market changed, and IT teams no longer had to determine the amount of data they would be feeding into the SIEM, instead, they simply needed to know how many users or how many assets would be part of their services.

But the story does not end there. Throughout the remaining pieces in this series on SIEM pricing models, we will explore the advantages and disadvantages of each offering. In the second of these five briefs, we will discuss why data volume’s perceived restrictive model may in fact save organizations money and help mature their overall security. Stay tuned for our next piece.

Source: Security Incident and Event Management at SoftwareReviews, Report Published October 2019

Our Take

With so many SIEM vendors out there, it becomes increasingly challenging to distinguish which one is right for your organization. While the price tag is a key consideration in any IT team’s decision, how the price is calculated plays an equally important role in helping to determine which SIEM is chosen. If your organization is worried about racking up its SIEM bill because its data surpasses its contractually limited data volumes, perhaps this is because your organization didn’t quantify how much data it was producing in the first place. In the SIEM selection game, it is critical to make an informed decision that is tailored to the needs of your organization, versus one based on a pricing model that is easier to calculate.


Want to Know More?

Develop Foundational Security Operations Processes