AlienVault Unified SIEM 3.0 is an integrated package of tools presented as an attractive way for managed service providers to extend their security capabilities, including a full enterprise security information and event management offering. The latest version of Unified SIEM, announced at the RSA Conference, provides tight integration of the company's Open Source SIEM (OSSIM) with a fistful of security tools available for deployment, making it well-suited for MSPs.
Unified SIEM 3.0 is also promoted as a multitenanted MSSP architecture, and AlienVault is pitching it to that market as well as to enterprises. SIEM is a $1billion-plus market. SIEM services can take a variety of forms, starting with essential log management for compliance, probably the most common use case, to around-the-clock monitoring, analysis and incident management.
There are several potential deployment models. If the customer already owns the SIEM product, it may choose to outsource some or all of the management, easing staffing issues. Increasingly, the MSSP often owns the appliance and deploys it on-premise as part of the service. This relieves customers of capital expenses and allows them to implement SIEM as a managed service funded as an operating expense, which is generally easier to budget and offers a more flexible long-term commitment. Unified SIEM is also a cost-effective way for companies to deploy SIEM and other key security tools, including vulnerability assessment and host- and network-based intrusion detection.
Brian Cao, system programmer for the City of Los Angeles, is one of an IT department of two, knocked down from a half-dozen when it was formed several years ago to help city agencies meet Payment Card Industry Data Security Standards (PCI DSS) and local and state privacy requirements, as well as comply with ISO standards.
"We deployed ArcSight for security management, but because of budget constraints, we couldn't cover all the devices we needed to monitor. We started to look for a less expensive option." Cao says he began using OSSIM as a cheap alternative, but found that it didn't scale to meet his requirements.