Hey everyone! I'm curious if anyone here has experience with outsourcing their Security Operations Center (SOC) and Security Information and Event Management (SIEM) operations to a third-party vendor while still using Azure Sentinel as their SIEM. Since we're a Microsoft E5 customer, it makes more sense for us to handle the SIEM hosting ourselves but have the third party manage it. I'm finding the pricing and budgeting for Sentinel quite confusing, especially with a third party involved. If anyone has done this, how does it work for you? Do you end up covering the entire cost of hosting the SIEM?
4 Answers
LOL, the drama of SOC and SIEM! Sentinel can feel like a rollercoaster ride, right? Some folks are super frustrated while others find it useful. It's definitely chaotic over here!
Yeah, the main headache with Sentinel is that pricing is based on data ingestion, which can lead to unexpected costs. If you're thinking of working with a managed service provider (MSP) that offers a flat monthly rate, keep in mind they might have built in a lot of extra costs to cover potential overage. It's tricky!
In our case, we handle all the costs associated with Sentinel, like ingestion and storage. What this means is that we’ve had to become smarter about what we log and how we manage that data. It takes some time to get used to, but there are great resources out there to help with cost management without sacrificing security value. Just a heads up, check the discussions on common forums for tips!
That’s good to hear! I hope the third party can guide us on efficient log ingestion too. There's a lot to learn with all the options available, so any recommendations are welcome!
We currently outsource to a company named Cybriant, and I have to say, we’re pretty satisfied with their service! They’ve made the process much easier for us.
Also, their pricing usually covers storage, which can add up. If the MSP is offering you a flat rate, they might be spreading the costs across multiple clients. So if you end up sending more data than others, you might actually be getting a decent deal.