Why MSPs need to Reconsider SIEM for Office 365 Security

In 2005, a new market emerged when Gartner coined the term "SIEM" OR Security and Information Event Management. Back then, it was a legacy system aggregating event data produced by security devices, systems, network infrastructures and applications. However, it lacked monitoring functionality and was limited to vertical scalability.

Since then, SIEM transformed itself, moving from legacy to SaaS and moving from basic abilities like log management, rule-based alerting, and compliance reporting to next-gen platforms with dashboard visualisations, alert prioritisation, embedded workflows, ML anomaly detection etc. This is why today, it is generously used for Office 365 security management by major MSPs.  

However, the implementation reality of SIEMs is tainted with a long list of challenges that bring more hindrances for security teams than the actual benefit they do. Let us quickly give you a reality check for SIEMs in Office 365 security.

Common SIEM Challenges for Office 365 Security

SIEM Operational Cost

Whether a large or medium-sized organisation, SIEM is a hefty investment. Roughly speaking, 25% of total SIEM costs go into the initial software purchase. The remaining 75% goes into deployment, staffing, training, and maintenance. To add a cherry on top, many SIEM solutions bill according to the number of events per second. This means you end up paying even for the lowest priority risks. Here is a cost summary table to give you some understanding of the expenses incurred by SIEM.

‍

Handling Noisy Data

Deploying SIEM is just the start. At this point, it doesn't even begin to work on the security posture. The data breathes life into the SIEM, so naturally, a SIEM is as good as the fed data. For example, a Windows system does not log all the events that normally matter. Process and command line logging, PowerShell logs, etc., are not enabled by default.

Nevertheless, simply enabling these also does not work. These logs contain volumes of worthless data. Without fine-tuning, a lot of worthless data can overload the SIEM. Log collection, parsing, and filtering requires time, patience and continuous validation. All of which are scarce for security teams.

Time Constraints

On average, an organisation's network generates 10,000 alerts in the SIEM daily. Not to forget, it includes false positives, which lead to truly critical alerts falling through the cracks. So instead of helping the security teams, this creates more nuisance when dealt with on a day-to-day basis.

Weak Alert Contexts

In essence, SIEMs are designed for analysts. They gather system logs and merely alert the analysts when something goes wrong. What they lack is, the relevant context and the actionable insights that should follow the alert. Unfortunately, most SIEM operations give precedence to data collection over contextual log enrichment.

Configuration Nightmare

Nothing about SIEM is 'out of the box. Surely one can get them pre-configured at additional cost, but they are still short of context & cannot be tailored to fit your organisation's unique needs, especially when you have multiple clients with different needs.

Expert Staff Requirements

On the pretext of undeniable maintenance necessities, SIEM needs tremendous labour commitment. As an organisation, you need to hire dedicated staff or borrow some time from your existing security team. As a result, you consume so many person-hours and effort that could have been spent on growing profits for your business or, better yet, strengthening client relationships.

The Tedious Reporting

SIEM reporting is known for being notoriously inflexible. A survey report suggests that 65% of respondents face issues finding critical audit data upon request undergoing compliance audits or, validation of internal security policies. Another 63% of respondents find difficulties in comprehending the reports, and 57% of respondents manually modify report data to make it more understandable to non-tech stakeholders.

‍

SIEM solutions come with many great promises of top-notch security for enterprises yet still are infamously tricky to set up, scale, and tailor. Organisations can use SOAR (Security, Orchestration, Automation and Response) to fill the gaps created by SIEMs (which would also require additional cost). The need of the hour is software that covers these pitfalls and gives MSPs the confidence that their clients are secured continuously and coherently.

A Office 365 SIEM Alternative PLUS More (MINUS Pitfalls)

Here at Octiga, we provide everything a SIEM does for Office 365 PLUS more MINUS the drawbacks. All that with in-built remediation helps orchestrate the security automation and brings the security lifecycle to complete circle. It is also available at super cost-effective pricing and a promise of serving undivided attention, expertise and ease that your security team needs. Additionally, we provide-

If you want to see how it works towards strengthening your security posture in a matter of clicks, schedule a no-strings-attached chat session with our representative today!