Guest blog courtesy of Stellar Cyber and written by Steve Garrison.Relationships are challenging at times. They’re like a seesaw – every relationship requires effort from both sides to keep it balanced and healthy. But what happens when one person pushes while the other is just along for the ride? That’s when the seesaw tips, and the relationship can turn sour.Many MSSPs are currently in an unbalanced relationship, and their SIEM vendor is just along for the ride. However, like many personal relationships that go on longer than they should because of the actual or perceived difficulty in ending it, MSSPs might hesitate to talk with their SIEM vendor.I get it – you spent months getting the product implemented and integrated into your security ecosystem. You invested in training the team on the product and built workflows and playbooks around this product. You might even like your sales rep and customer support person, so you are okay with the constant delays in new product features, lack of out-of-the-box integrations, and shortcomings in automation.But while you put up with a lot from your SIEM vendor, your team’s frustration grows with each passing day. Holding out hope that your SIEM vendor – who has repeatedly let you down, will suddenly change its ways is only hurting you and your team’s ability to protect your environment.If this sounds like you, now is the time to break up with your SIEM vendor. Here are three tips to make this breakup as painless as possible and help you build a healthier relationship with your next SecOps platform vendor.Email conversations where your vendor promised a feature or bug fix that never materialized Feature requests submitted to your vendor and left in no man's land Open support tickets with little to no movement from the vendor Integration needs that were denied or put into a backlog; never handled. While it’s your right to end your SIEM vendor relationship anytime, bringing receipts to this uncomfortable conversation will show that you have good reasons to leave.Must Haves Coverage for my top security use cases Be deployable in my chosen environment (cloud, on-prem, or both) Use a specific technology (such as AI, automation, etc.) Supports my security stack products out-of-the-box Provide on-demand training It doesn’t charge for new integrations And anything else you cannot live without Not-Wants Limited integrations Difficult to use interface Too many manual processes Opaque roadmap And anything else that would be a deal breaker Given the recent tumult in the SIEM market, it’s wise to understand the company’s strategic vision for the next 3-5 years. While there is no guarantee any vendor you select won’t be the next one to announce a merger or acquisition, having a brief conversation on the topic at least lets the potential new vendor know that you are taking the process seriously.
