LogRhythm -Why Managed SIEM is the Way to Go

I recently received an update from LogRhythm.  LogRhythm released its 6.0 version a couple of months ago and now was a good time to get an update on the progress of that deployment.  Version 6.0 was an important update for LogRhythm as it added the following features:

• Accelerated Detection of Threats and Breaches
• Automated Intelligent Response
• Expanded Embedded Expertise
• Accelerated Performance and Extended Support for Big Data

Overall, we like the direction LogRhythm is taking with their product and feel like it’s a good fit for the current SIEM environment.  The company’s record YoY growth in Q4 2011 alone, 75%, truly represents the company’s aggressive efforts in channel expansion and overall development of their SIEM. The company also has recently joined Sourcefire Technology Partner Program, giving customers expanded coverage with Sourcefire’s Next-Generation Intrusion Prevention Systems (IPS) and LogRhythm’s latest SIEM features. LogRhythm recognizes the constant pressure organizations face warding off persistent threats and other cyber attacks. This latest move not only builds upon their product but also further validates the power behind their technology.

Given the many SIEM acquisitions that occurred just in 2011, I feel like SIEM-as-a-managed-service is the most viable product direction for SIEM vendors.  Look again at last year’s acquiring companies – Solar Winds, IBM, and McAfee – and two things immediately become clear.  First, the stand alone SIEM field has become very narrow and second, most of the vendors that were acquired appear to be getting the integration treatment.  While this is fine for enterprises building a holistic solution with a single, there’s still going to be many organizations that have existing pieces in place and would prefer to just buy the SIEM from a separate provider. 

Martha Vazquez just published her annual North America MSSP research and for the second year in a row, managed SIEM was the fastest growing service in the market.  I believe this really speaks to the love/hate relationship that most organizations have with SIEM.  They want the detail, the alerts, the data.  The problem is that they want someone else to find that needle in the haystack, to tune the data, to create the reports, to send the alerts.

The reporting and the effectiveness of a managed/SaaS SIEM is what will differentiate vendors like LogRhythm from the other many large SIEM players.  There’s always going to be a play for an ArcSight, but increasingly I just don’t believe companies want to deal with the beast that is SIEM.

You can email Research Analyst Richard Martinez here.