The Ashimmy Blog

I had to wonder reading Larry Walsh’s post today in Secure Channel. He is reporting on a new managed SIEM offering by FishNet Security. I am not sure what flavor Kool Aid Gary Fish fed Larry, but whatever it was it sure must have tasted good.  Gary Fish has Larry reporting that Fishnet’s new SIEM managed service solves the three hurdles to SIEM – cost, complexity and flexibility.

I say bull! Lets look at what is really going on here and what Larry is reporting. First off, unlike many managed services offering SIEM, in the FishNet model the customer has to actually buy the SIEM application that they are going to use. I assume that means hardware as well as software licensing.  I am sure that FishNet loves this. If you were a SIEM reseller, you would too. In most other SIEM models the cost of the application is subsumed in the cost of the managed service. As a matter of fact that is one of the advantages of the MSSP, you don’t have to buy the applications.

Gary Fish spins this saying that this gives the customer the flexibility to go use another SIEM product without being locked in. Again I say bull.  Going to use another SIEM product means walking away from the cap ex investment in the application itself. As they say it would be easier to take the management back in house from FishNet if you really wanted to invest that kind resources, but you could do that with a traditional MSSP offering as well.

Also because each customers SIEM is an individually managed, non-centralized instance, I question the true scalability of the service.  SIEMs are hard to manage to begin with.  Managing multiple SIEMs individually would seem to be like herding cats.

Unless FishNet has a behind the scenes multiple SIEM manager similar to what they did with FireMon for firewalls.  Anyway, I wish Larry would be a little more questioning of what FishNet put out here.