Close this search box.

10 Things To Look For In A Managed SIEM Provider

Business man sitting at desk looking out a window.

As IT systems and security threats become more numerous and complex, smaller organizations struggle to pull together all the information they need to stay secure. There’s just too much data coming from too many systems, and the results of a cybersecurity risk assessment can be overwhelming.

Enter the SIEM solution. It’s the bedrock of cyber security managed services. The good news is that it’s much easier to get a SIEM solution than you might think.

What is a SIEM solution?

Simply put, SIEM (Security Information and Event Management) is all about 1) aggregating as much security information as possible in a single user interface, and 2) empowering administrators to respond to security events from within that interface. 

Organizations can manage their SIEM in-house, or they can work with a managed provider who installs, configures, and monitors the SIEM solution for them. This is the best path for organizations that have limited resources for IT and cybersecurity.

But not all managed SIEM providers are created equal. It takes discernment to get the best value. 

Here are 10 things to look for in a managed SIEM provider. 

1. Real-time human monitoring

2. Notification + remediation

3. Knows your industry

4. Expert rule coverage

5. Can configure SIEM top to bottom

6. Can integrate with your IT practice

7. Predictable costs

8. Transparency + client dashboard

9. Specialists in all disciplines

10. A service guarantee

1. A provider who offers real-time, human monitoring 24x7x365

Having a SIEM solution isn’t enough. You also need people watching it. And if those people are going to make decisions based on what they see, they’d better be cybersecurity experts. 

A good managed SIEM provider will keep eyeballs on your system 24x7x365. This way, nothing slips through the cracks. 

2. A provider who not only notifies, but remediates

24x7x365 monitoring is one thing, but when something happens, who’s going to fix it? You, or the managed SIEM provider? 

Some organizations may have the resources on staff to address a cybersecurity incident, any time of the day or night. However, smaller companies typically can’t respond in real time. Instead, the first person to come into the office the next morning discovers notifications that have been sitting for several hours. 

You don’t want to end up there. The longer a security incident goes on without remediation, the greater the risk to your business. 

This is why the best managed SIEM providers not only notify you of problems—they also remediate them. 

If you have a limited IT team (or no IT team), you definitely need a provider who can fix problems for you. (More on that below—see “A provider with a service guarantee.”)

Also consider whether you need local support. While a managed provider can access your systems remotely, you may want a local presence for regular check-in meetings or onsite assistance if an incident occurs.

3. A provider who’s familiar with SIEM for your industry

Different industries come with unique challenges in cybersecurity. Regulatory compliance, ways of interacting with customers, and work processes all influence the way a SIEM solution should be implemented. 

As you’re evaluating providers, check to see if a given vendor has implemented managed SIEM solutions for other companies in your industry. You’ll want to find a partner who knows the challenges of your industry—and how SIEM can solve them.

4. A provider who can explain their plan for comprehensive rule coverage

When it comes to SIEM configuration, the devil is in the details. 

Your SIEM coverage is only as good as your ruleset. 

A good provider should offer detailed opinions and recommendations for your ruleset—and those opinions should flow from deep experience and data analysis. The more comprehensive the provider’s experience, the better. Ideally, you’ll want to ensure your provider aligns their standard ruleset with a widely accepted framework.

5. A provider who can configure your SIEM solution top-to-bottom

It’s not enough to know what your ruleset should look like. 

Your provider should also be able to configure your SIEM solution, putting that ruleset into practice. You want a partner with both strategic and tactical expertise in managed SIEM solutions. 

6. A provider who can integrate SIEM practice with IT practice

Numerous IT systems feed data to the SIEM, which means your IT practice and your SIEM solution need to work hand-in-glove. 

It’s difficult to get this comprehensive, integrated plan if your SIEM provider doesn’t also offer managed IT services. Ideally, you’ll want to find a partner who’s comfortable consulting on every aspect of your IT practice (and who’s ready to fill in the gaps that your team can’t cover). When you engage this type of relationship, you get a long-term strategic plan for your IT practice—with managed SIEM baked in from the beginning. 

7. A provider who offers predictable costs

Organizations with fewer IT resources (or none at all) tend to operate in “react” mode, rather than planning proactively. Generally, this means the fewer IT resources you have on staff, the greater the uncertainty surrounding your IT and cybersecurity costs. 

A managed SIEM partner helps solve this problem—provided they also offer managed IT services and strategic IT roadmap development. 

Simply put, you need someone in the driver’s seat who can align your technology roadmap with your overall business goals. Once you and your managed provider have a plan in place, including a SIEM solution, you can control your IT costs proactively rather than reacting to emergency situations. 

8. A provider who offers total transparency (PLUS a client dashboard)

When it comes to managed IT and cybersecurity, some providers don’t like to offer total transparency. Whether they’ve made mistakes in the backend, or they’re afraid they will, they prefer to withhold some information from clients. 

When it comes to a managed SIEM solution, your provider should let you see everything. If they’re doing their job, they have nothing to hide. Even if they make a mistake, you want a partner who will own up to it. 

This is why the best managed SIEM providers practice total transparency with clients. Look for a partner who offers a real-time client dashboard for all things cybersecurity. That way, you have access to the same information that your managed provider uses. 

(Hint: That’s what we offer here at Corsica Technologies.) 

9. A provider with specialists in all relevant disciplines

A SIEM solution provides a comprehensive view of your cybersecurity landscape. 

Just how comprehensive? 

A typical SIEM solution reads data from sources as diverse as network logs, workstation logs, web application logs, firewall logs… the list goes on. 

That’s why a good managed provider will support your SIEM solution with specialists in every relevant discipline. When you’re evaluating providers, make sure you get: 

  • Virtual CIO
  • Virtual CISO
  • Security Architects
  • Systems Architects
  • Network Architects
  • Network Engineers
  • Security Analysts
  • Business Analysts
  • End User Support Team 

The more disciplines your SIEM provider covers, the more value you get out of the relationship. These specialists will help you keep up with the latest trends and security risks in technology. They’ll also help determine the best solutions to support, protect, and grow your business. 

10. A provider with a service guarantee

A managed SIEM solution is only as good as the people responding to incidents. So, who’s going to fix things when the unthinkable happens? 

The best managed SIEM providers offer a service guarantee. This spells out exactly what you can expect of them when an incident occurs. Specifically, a good provider should offer services for containment, eradication, and recovery following a cybersecurity incident, all at no additional cost. With clearly-defined cost limits, the best service guarantees should cover:

  • Ransomware infection
  • Business email compromise
  • Regulatory or compliance fines
  • Business income loss
  • Legal liability

The takeaway: Ask A LOT of your managed SIEM provider

Not all providers are created equal. When you’re evaluating a managed SIEM solution, look for a partner who goes above and beyond. They should offer total transparency, showing you the same information they work with. They should also offer a service guarantee—and they should know SIEM inside and out, particularly in the context of your industry. 

Keep these things in mind, and you’ll easily find the right provider for your organization. 

Want to learn more about managed SIEM solutions?

Reach out to schedule a consultation with our specialists.
Free Audit
Ross Filipek
Ross Filipek is Corsica Technologies’ CISO. He has more than 20 years’ experience in the cybersecurity industry as both an engineer and a consultant. In addition to leading Corsica’s efforts to manage cyber risk, he provides vCISO consulting services for many of Corsica’s clients. Ross has achieved recognition as a Cisco Certified Internetwork Expert (CCIE #18994; Security track) and an ISC2 Certified Information Systems Security Professional (CISSP). He has also earned an MBA degree from the University of Notre Dame.

Related Reads

EDI Transactions and Document Types - Corsica Technologies

EDI Transactions: What It Takes To Win

EDI transactions are the lifeblood of processes like order placement, shipping, receiving, claims processing, and more. Across numerous industries, these transactions keep things moving in a way that no other technology can. In fact, you could say EDI solutions make

Read more
EDI 856 - Advance shipment notice - Corsica Technologies

EDI 856: Getting Your Advance Shipment Notices Right

Shipping and logistics get complicated when you have sensitive products and limited warehouse space. How do you ensure the warehouse is ready to receive a shipment—and ready to handle time-sensitive products appropriately? An EDI 856 document solves this problem. This

Read more
Cloud Data Integratoin: Power vs. ease of support - Corsica Technologies

Cloud Data Integration: Power vs Ease Of Support

It’s essential for cloud systems to talk to each other. If they don’t, data can become siloed, without widespread availability across the organization. But cloud systems introduce their own complexities that are different from on-premises systems. How do you choose

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.