Unified SIEM 3.0 is also promoted as a multitenanted MSSP architecture, and AlienVault is pitching it to that market as well as to enterprises. SIEM is a $1billion-plus market. SIEM services can take a variety of forms, starting with essential log management for compliance, probably the most common use case, to around-the-clock monitoring, analysis and incident management.
There are several potential deployment models. If the customer already owns the SIEM product, it may choose to outsource some or all of the management, easing staffing issues. Increasingly, the MSSP often owns the appliance and deploys it on-premise as part of the service. This relieves customers of capital expenses and allows them to implement SIEM as a managed service funded as an operating expense, which is generally easier to budget and offers a more flexible long-term commitment. Unified SIEM is also a cost-effective way for companies to deploy SIEM and other key security tools, including vulnerability assessment and host- and network-based intrusion detection.
Brian Cao, system programmer for the City of Los Angeles, is one of an IT department of two, knocked down from a half-dozen when it was formed several years ago to help city agencies meet Payment Card Industry Data Security Standards (PCI DSS) and local and state privacy requirements, as well as comply with ISO standards.
"We deployed ArcSight for security management, but because of budget constraints, we couldn't cover all the devices we needed to monitor. We started to look for a less expensive option." Cao says he began using OSSIM as a cheap alternative, but found that it didn't scale to meet his requirements.