The Ashimmy Blog

Image via CrunchBase

Last week I wrote a post about a managed SIEM service from FishNet Security that Larry Walsh over on channel insider reported on.  Larry had made it out that the FishNet offering solved many of the biggest problems facing SIEM usage - cost, complexity and flexibility. I called bull on that. If there is one thing I have learned in my years in security, it is that there are no magic buttons and no easy shortcuts. There is also just no way of making SIEM easy. Just ask my friend Mike Rothman.

As a result of my article I had a chance to reconnect with Gary Fish. I had not spoken to Gary in a while, so it was good to catch up. Gary is still as busy as ever evangelizing and growing FishNet into new markets and products all over the country.  Of course Gary sold a controlling stake in FishNet to Lake Capital last year for north of 100 million. Gary is still the CEO and prime mover at FishNet.

I spoke today with Gary and Tom Schmatz, VP of managed services and support at FishNet. I have much better understanding of the FishNet SEIM managed service and what is driving the market adoption of it.

The bottom line is what FishNet is offering is a hybrid model of managed service. Customer buys the software and license for the SIEM. There is also a charge for implementation. Gary and Tom estimate that for a 2500 user shop, this could cost about 150k. They want people to use the managed service, so they will discount this down to around 125k or so.

Now 25k is not chicken feed, but in terms of the total cost of ownership for a SIEM solution that is small potatoes. The real cost of the SIEM is running the thing 24x7. Creating custom views and reports is an on going and sizeable task. 

The FishNet guys estimate that the real total cost of operating the SIEM is closer to 550k. Of that over 400k is for operators. FishNet estimates you need 5 people to man a SIEM around the clock. Now to be fair and I brought this up to Gary, you don’t need 5 full time people to manage SIEM. They will spend a small portion of their time on SIEM management. But conversely, you can’t hire people for just 1 hour or so out of every 8.

This is where the FishNet model pays for itself. For a cost of around 100k annually, they manage the entire SIEM process. Customer can be as active or passive in participating in the management as they like. They can log into the FishNet portal and never even have to log into the SIEM if they like.

This outsourcing of the day to day management is a great way for a medium sized business to get the SIEM they need. BTW, Gary and Tom say that compliance is the biggest driver for this service.

The bottom line is that with any security solution, open source, commercial, hardware or software – you must take into account the total cost of ownership of the solution.  Too many folks figure license and implementation without the cost of actually using this product. Outsourcing the management of it is a way to shave some cost out, but more importantly also give you the expertise you might not otherwise have.