Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


June 4, 2024 | Brandon Dobrec

MSPs Need Innovation, not SIEM

There’s a disconnect between how deeply SIEMs are embedded into MSPs — and how unhappy people are with the value the technology provides.

Over the past decade, I have repeatedly seen articles titled, “SIEM is dead. Long live the SIEM.”

Unfortunately, that title still rings true today. Why is that? Curious by nature, I asked a group of MSPs their thoughts by asking two simple questions:

  • On a scale of one to five, how useful is your SIEM?
  • On a scale of one to five, how likely are you to get rid of your SIEM?

The majority’s answer to both questions without hesitation: One.

These two unsatisfactory answers highlight the disconnect between how deeply SIEMs are embedded into and considered necessary for MSPs — and how utterly unhappy people are with the value the technology provides.

A Case for SIEM?

Why keep investing in SIEM tech even though it’s outdated? According to a Gartner report from last summer, the top five reasons for a SIEM were:

  1. Incident detection.
  2. Compliance and reporting.
  3. Log management.
  4. Incident investigation/forensics.
  5. Event correlation.

But, as reflected in that room full of MSPs, it doesn’t work.

SIEM High-cost Shortcomings

Brandon Dobrec of Blackpoint Cyber on innovation

Brandon Dobrec

SIEM was neither built for the needs of the MSP nor appropriately priced for MSPs. It is the last generation’s technology, and ultimately, it isn’t great at catching the bad guys.

When it comes to incident detection, it’s no wonder people are dissatisfied. SIEMs traditionally require a large degree of configuration and ongoing management before seeing any value. The nature of SIEM itself gets in the way of incident detection.

First, you need all the log sources configured and stored for analysis, for which costs can skyrocket. Second, once all the data is flowing, you need the right rules in place. Otherwise, vital data may be overlooked, leading to substantial business consequences. Lastly, postprocessing this large volume of data is both expensive and time-consuming.

By the time you catch anything — presuming you can in the deluge of high-noise, low-value alerts — it’s probably too late to stop the bad guys.

Stuck in the Tech Stack

When dealing with this series of issues, it typically is filtered to the MSP through the proliferation of SIEM-based MDR providers. Yet, MSPs keep investing because they’re told SIEMs are key to compliance.

That’s frustrating. It’s the largest expense for a security team, yet it doesn’t really provide much security. Ultimately, it’s overengineered for what is necessary.

However, companies don’t remove it from their stack. They’re terrified that an incident will occur, and they won’t be able to fall back on the data for reporting and investigative purposes. You’ve probably all thought, “If the ‘I have a SIEM’ box isn’t checked, will I get my insurance payout?”

The way companies get around the inadequacies of data volume, low-fidelity alerts, and timeliness is to layer other point solutions in front of the SIEM. These additive solutions can perhaps make up for the SIEM shortcomings, handle the identification of critical alerts, and filter out alert noise.

As you can imagine, this causes costs to balloon even more. Ultimately, these SIEM-based MDR providers often nullify your SIEM-based headaches less than you think.

Choose Innovation

The disconnect between SIEMs’ perceived importance and actual utility highlights the need for innovation in cybersecurity solutions within the MSP industry.

The current cybersecurity landscape has outgrown what SIEM technology was built to do for one’s stack. Beyond that, it was designed for large enterprises, not MSPs. The band-aid that MSPs have applied — SIEM-based MDRs — isn’t working. They’re stuck suffering from all the existing issues, just with additional costs layered on top.

Looking ahead, MSPs must step out of their comfort zones and pursue cutting-edge solutions that deliver tangible security performance.

Are you ready to leave behind the tech and associated costs of yesteryear?

Brandon Dobrec is head of product for Blackpoint Cyber. He began his career as a technical practitioner before leading and driving product initiatives for several security companies.

Image: iStock

Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience