How to Make Money With a Log Analyzer (SIEM)

Can you go to the local farmers market and pull out your log analyzer and start selling it? Not quite. What is the overall purpose of the log analyzer and why is it important? And, how can a white label security operations center help me with my SIEM requirements? Most IT firms lack the expertise to implement a SIEM and then have eyes on the monitor 24×7. This is where a white label SOC steps in to fill that gap IT firms have. First, what is SIEM all about and how can my IT firm make money off of it?

The SIEM as it is called, security information and event management application, does several things for you. Primarily it gathers all the logs from log producing entities into one place for you to be able to look at them. Secondarily it uses AI or artificial intelligence module to find patterns in the logs that are like what a hacker, intruder or bad actor may perform. If the system detects these events in the order that are a threat or malicious, it can then notify you about this. Now that you are aware of activity that might be a threat to your organization you can act on it. Without the intelligence module you will have literally thousands of lines of information pouring down on you and you will not be able to keep up with them, nor do you have the capacity to identify patterns in all that code, so you will need to have a SIEM with AI or intelligence in order for you to produce the required results.

The big and tough part of the SIEM is training it or getting it useable, you need to wade through swaths of alerts and discover which ones are relevant and what is noise or a false positive. At the end of this period you will have a highly valuable system that you can charge your customer for on a per user or per IP address basis. These recurring monthly benefits need to be monetized by you. You will need to produce a report that shows all the offensive and threatening behavior that is being directed towards your customer and then show them that there have been on system breaches or issues that you have detected. This will be very valuable to your customer.

Some companies that require ISO, NIST and CMMC will be required to always have a SIEM in place monitoring logs and information. So they don’t have an option and you can charge these companies for this service every month.

You can make money selling this as a service, and if you can provide a SOC (Security Operations Center) on the back end of it you can do several things other than reporting only.

Remediation – You can fix problems that arise or issues that come up.  Patch systems, turn off accounts etc. This can be built into your offering or charged by the hour.

Cause Analysis – Again if you already have this at a fixed cost you may include how these issues happened to the customer as you might not have the role of remediation, you can charge for this by the hour or at a fixed cost.

Preventative Action – if you see patterns and attack surfaces and vectors coming into your customer you may want to advise them to turn off features, upgrade accounts, or turn on additional protection.  This you can bill for hourly and get recurring revenue from stronger agents you may be reselling into your customer.

Gateways to Other Products –  you may need to offer the customer EDR, IDS, IPS, File Integrity monitoring, DLP, etc there are a plethora of things you can upsell to them if they are under attack, a next gen firewall, subnetting their network DNS proxy, compliance monitoring etc.

So, you can turn your SEIM into cash. Use it for reporting or expand it into an offering that allows you to expand support for your customer.

You’re probably thinking, I don’t have the time to wade through all of these logs and alerts and my team lacks experience and the bandwidth to deliver a 24×7 SOC. Not to worry, this is where a white label SOC partner steps in.

Single Point of Contact is a White Label Managed Security Service Provider that provides a wide range of cybersecurity technologies and services. Our job is to keep your clients’ networks safe and secure by responding to potential security threats within minutes. With regular security monitoring and protection against cyber-attacks, we seek to help your clients attain peace of mind. Contact us today to discover more about how we can help protect your client’s network from cyber-attacks.

Subscribe to our Podcast