28 Oct We Have to Speak: Breaking apart with Your SIEM Vendor
in Blogs
Listed below are three tricks to make this breakup as painless as potential
– Steve Garrison, Senior Vice President, Advertising, Stellar Cyber
San Jose, Calif. – Oct. 28, 2024
Relationships are difficult at instances.
Consider it like a seesaw. Like in a seesaw, each relationship, be it along with your companion, a member of the family, or a good friend, requires effort from either side to maintain it balanced and wholesome. However what occurs when one particular person pushes whereas the opposite is simply alongside for the experience? That’s when the seesaw suggestions and the connection can flip bitter.
Many safety leaders are presently pushing in an unbalanced relationship, and their SIEM vendor is simply alongside for the experience. Nonetheless, like many private relationships that go on longer than they need to due to the precise or perceived issue in ending it, safety leaders may hesitate to speak with their SIEM vendor.
I get it; you spent months getting the product applied and built-in into your safety ecosystem.
You invested in coaching the group on the product and constructed workflows and playbooks round this product.
You may even like your gross sales rep and buyer help particular person, so you’re okay with the fixed delays in new product options, lack of out-of-the-box integrations, and shortcomings in automation.
However whilst you put up with quite a bit out of your SIEM vendor, your group’s frustration grows with every passing day. Holding out hope that your SIEM vendor, who has allow you to down repeatedly, will all of the sudden change their methods is simply hurting you and your group’s capability to guard your atmosphere. If this sounds such as you, now’s the time to interrupt up along with your SIEM vendor.
Listed below are three tricks to make this breakup as painless as potential and aid you construct a more healthy relationship along with your subsequent safety operations platform vendor.
1. Deliver Receipts
Earlier than initiating your SIEM vendor breakup, collect your “receipts” exhibiting how your vendor failed to satisfy your wants. These receipts may embrace:
Electronic mail conversations the place your vendor promised a characteristic or bug repair that by no means materialized.
Function requests submitted to your vendor left in no-man land.
Open help tickets with little to no motion from the seller.
Integration wants that have been denied or put right into a backlog by no means to be handled.
Whereas it’s your proper to finish your SIEM vendor relationship anytime, bringing receipts to this uncomfortable dialog will present your vendor that you’ve got good causes to depart.
2. They Will Attempt to Win You Over — Bear in mind Why You Have to Depart
Identical to in a private relationship, when the seller realizes that you’re severe about transferring on, they’ll attempt to persuade you that they will change. They could provide conferences with high-level executives, improved help plans, or reductions in your subsequent renewal.
Bear in mind why you determined to maneuver on earlier than being swayed by these last-ditch efforts and play the connection ahead in your thoughts. Whereas issues may enhance within the quick time period, will they modify in the long run? In all probability not, however let’s give them the advantage of the doubt and say they put extra effort into the connection going ahead. Behind their thoughts, every time you make a help name or meet along with your gross sales consultant, they’ll take into consideration the way you threatened your option to extra consideration.
Any vendor value working with wouldn’t be blind-sided by a buyer notifying them they’re leaving. They might have seen warning indicators method prior to now. You’ve determined to maneuver on for good causes, so don’t fall for the “I can do higher” tune and dance.
3. Discover Your New Vendor First
Earlier than kicking your present SIEM vendor to the curb, you could know the place you’ll land. When discovering your new SIEM/Safety Operations Platform vendor, make a brief checklist of must-haves and not-wants. Your checklist may look one thing like this:
Should Haves
Protection for my prime safety use circumstances
Be deployable in my chosen atmosphere (cloud, on-prem, or each)
Use a selected know-how (reminiscent of AI, automation, and many others.)
Helps my safety stack merchandise out-of-the-box
Present on-demand coaching
It doesn’t cost for brand spanking new integrations
And the rest you can’t dwell with out
Not-Needs
Restricted integrations
Tough to make use of interface
Too many handbook processes
Opaque roadmap
And the rest that may be a deal breaker
Given the current tumult within the SIEM market, it’s clever to know the corporate’s strategic imaginative and prescient for the subsequent 3-5 years. Whereas there isn’t a assure any vendor you choose won’t be the subsequent one to announce a merger or acquisition, having a quick dialog on this subject not less than lets the potential new vendor know that you’re taking the method critically.
Closing Ideas
Ending a relationship isn’t simple, particularly if it has gone on for years. That mentioned, simply because one thing is troublesome doesn’t imply it isn’t for the perfect. Do your self and your group a favor; if you’re in a dead-end SIEM vendor relationship, take steps now to take management of your safety future. Contact us to arrange a private session in the present day to see how Stellar Cyber and our Open XDR Platform have helped many safety groups transfer on from a poisonous SIEM vendor relationship.
– Steve Garrison is senior vp of selling at Stellar Cyber.
About Stellar Cyber
Stellar Cyber’s Open XDR Platform delivers complete, unified safety with out complexity, empowering lean safety groups of any ability degree to safe their environments efficiently. With Stellar Cyber, organizations cut back threat with early and exact identification and remediation of threats whereas slashing prices, retaining investments in present instruments, and enhancing analyst productiveness, delivering an 8X enchancment in MTTD and a 20X enchancment in MTTR. The corporate relies in Silicon Valley. For extra data, go to https://stellarcyber.ai.