UMass.

The challenge

UMass needed a SIEM that could properly process and analyze the volume of data it generated — without being prohibitively expensive. The university had tried several Gartner-quadrant-ranked solutions, none of which met its needs at a reasonable price. “In our existing SIEM we couldn’t get all the data we wanted into it, mostly because of licensing costs,” explained the CISO.

“Our events per second were making all of them exorbitantly expensive, because they charge by EPS and tiering. Just four data sources or less would put us in their top tier — our network flow traffic alone tops 200,000 EPS.” UMass faced the same problems as millions of other organizations: EPS limits that left data sources unmonitored and vulnerable; pricing models that forced corners to be cut; installations measured in weeks or months; and cumbersome interfaces that risked missed threats.

The solution

SIEMonster running on AWS managed services gave UMass an affordable, infinitely scalable platform. The university can now manage and secure its data effectively — for a fraction of what it paid a competitor.

Affordable pricing. SIEMonster CISO Chris Rock recounts how customers like UMass approached him time and again, “being penalized by competitors for having large EPS rates without the budgets to match. This is exactly why we built SIEMonster — so it could be used by small, medium and large customers without being penalized on storage or event pricing.”

High EPS rates. SIEMonster doesn’t believe in data caps and comfortably handles 500,000+ EPS, scaling infinitely thanks to AWS managed auto-scaling — OpenSearch, managed Kafka and Kubernetes.

SIEMonster evolves with you. UMass initially signed for one year and has since committed to a three-year contract — and is now considering expanding ingestion to physical door-entry monitoring and extending its behavioral and machine-learning alerting. There is no need for manual upgrades or scaling; it is all automatic, across 20+ AWS regions.