Security solution providers have a choice when offering security information and event management (SIEM) services to their customers. They can install a SIEM appliance at the customer’s site. This is the traditional approach, and it usually works pretty well.
But, some security solution providers take a different approach, and (like so many things today), it involves the cloud. Or, more specifically, a private cloud of the solution provider’s own making. These solution providers license security event management software from a SIEM vendor, and install the software in two places: some on their own server, and some of the software on a customer’s server. Then they begin to monitor and respond to customer security events, all the while charging on a pay-as-you-go basis. What makes this a cloud-based implementation, or perhaps a “partly cloudy” implementation, is that the customer’s security data lives and stays in the solution provider’s own data center.
As a security solution provider, there are many reasons why you may be considering this MSP cloud approach and plenty of reasons to make you wary, as you will hear in this Patrolling the Channel podcast featuring Dave Nelson, president of Integrity Technology Systems Inc. in Iowa.
In the podcast, Nelson describes his company’s approach to providing managed security services in a private cloud. He compares this approach to a more traditional SIEM implementation, and addresses concerns about uptime in the cloud. Nelson speaks frankly about the security event management software vendors he evaluated, and why he chose AccelOps Inc. over Splunk Inc., NitroSecurity Inc. or ArcSight LLC (owned by Hewlett-Packard Co.). Finally, Nelson talks about how he positions his offering to potential customers who are considering a cloud-based SIEM implementation.
Download for later:
- Internet Explorer: Right Click > Save Target As
- Firefox: Right Click > Save Link As