A recent paper by Gartner mentions how, "Resource-challenged security and risk management leaders at midsize enterprises (MSEs) are increasingly concerned about detecting threats and complying with regulatory mandates. Selecting the proper technologies and services will improve security event monitoring capabilities when facing staff and budget constraints."
Gartner recommends MSEs, "Outsource security services to a MSS or MDR provider if the IT team does not have enough staff to dedicate to running and using the necessary security monitoring tools, especially if 24/7 monitoring is required."
Download this report for Gartner's assessment of what MSEs should consider for security event monitoring:
- Initially consider central log management (CLM) if their organization has constrained resources, less complex use cases and a higher risk tolerance
- Use security services before buying more technology and attempting to "do it yourself"
- Use co-managed technology services when control over technology selection and use is required, but resources are constrained to operate and provide 24/7 monitoring
- Purchase a SIEM solution and build a security operations center (SOC) only when they have use cases that are too complex to outsource to a provider