In an era of digitalisation, where every transaction and signal can be a potential source of threat, security operations centres (SOCs) play a key role in monitoring corporate IT systems. They rely on Security Information and Event Management (SIEM) systems, which, while effective at rapidly detecting and responding to threats through analysis of vast volumes of data from various sources, generate high costs related to data processing and storage. In particular, SAP systems, which are critical components of IT infrastructure for many companies, can significantly increase these costs. A solution that enables effective management of the data stream sent to SIEM and a significant reduction in costs is the use of specialised threat detection systems such as SecurityBridge. Through intelligent data filtering, SecurityBridge identifies and forwards to SIEM only those events that meet specific threat criteria, enabling faster and more effective response to real threats, as well as better resource management and IT expenditure optimisation.
The problem of excessive data costs
In the traditional approach, most Security Information and Event Management (SIEM) systems are not adapted to the specific requirements of SAP systems, which means that their effective use requires forwarding enormous volumes of security-related data. This, in turn, leads to unpredictable and often very high costs associated with analysing and storing this data. The problem is not only the scale of the costs, but also the difficulty of effectively filtering and selecting data, which requires in-depth knowledge of SAP specifics. These challenges pose significant obstacles for organisations that can affect the overall effectiveness of threat monitoring and response, while also placing additional burdens on IT teams, who must manage not only security but also operational costs. This underlines the need for more focused and effective threat detection solutions that can integrate with SAP systems, providing a more tailored and cost-effective approach to security management within corporate IT environments.
What are SIEM solutions?
SIEM, or Security Information and Event Management technology, is an advanced tool that integrates security information management (SIM) and security event management (SEM) into one comprehensive security management system. As Microsoft points out, the primary function of SIEM is to help organisations detect, analyse and respond to security threats before they can negatively affect business operations. SIEM systems effectively aggregate and analyse data from a variety of sources, such as system logs, applications, networks and endpoint devices, enabling them to identify unusual or suspicious activity. Through the use of advanced algorithms and data analysis techniques, SIEM is able not only to detect deviations from the norm, but also to automatically take appropriate action, such as notifying security teams, triggering remediation scripts, or integrating with other security tools. This makes SIEM an invaluable component of IT infrastructure, providing organisations with a tool not only for protection against cyberattacks, but also for monitoring compliance with legal regulations and security standards - which is particularly important given the ever-growing legal requirements and market expectations regarding the protection of personal data and confidential information.
Pricing models of popular SIEM platforms and their impact on operational costs
Various SIEM platforms implement diverse fee models, which are typically based on the volume of data processed or stored, having a direct impact on companies’ operational costs. Let us take a closer look at the pricing models of several popular solutions on the market:
-
IBM QRadar’s licensing model is based on Events Per Second (EPS) and Flows Per Minute (FPM) for hardware, virtual and SaaS appliances, and on the number of managed virtual servers (MVS) for Enterprise, enabling network behaviour analysis and unlimited logging. For on-premise solutions, a subscription or perpetual licence is offered, while for the SaaS model only a subscription is available.
-
Splunk offers a variety of pricing options tailored to business needs, including pay-as-you-go pricing based on the type of workloads processed, as well as a model based on the volume of data ingested into the platform, which is a simple and predictable approach. There is also the option of billing based on the number of hosts using Splunk’s observability products, or directly linked to the activities monitored, such as analysed time-series metrics, traces, sessions or runtime requests.
-
Microsoft Sentinel charges based on the volume of data analysed and stored within the service on the Azure Monitor platform. The service enables full data analysis through analytics logs, which cover all data types, offering alerts and unlimited queries.
These differences in pricing models highlight the importance of choosing the right SIEM solution - one that not only meets security expectations but is also cost-effective in the long term. Implementing tools such as SecurityBridge, which effectively reduce the volume of data sent to SIEM, can significantly cut these expenses, offering strategic value to organisations focused on optimising their security operations.

How to reduce the data stream sent to SIEM solutions?
The ability to reduce the volume of data sent to SIEM systems is key to effective cost management in today’s complex IT environments. One traditional approach is to configure SAP systems to generate less detailed events, which, however, can lead to certain limitations in analysing and responding to security incidents. This method, while potentially reducing data volume, can result in the loss of important information necessary for a thorough understanding and resolution of security issues. A significantly better solution, offered by SecurityBridge, is the selective forwarding to SIEM of only verified threats, together with the relevant contextual events that triggered them. With this approach, action at the SIEM level is taken only on the basis of data that is genuinely relevant and has a direct impact on the organisation’s security. Such selectivity not only drastically reduces the volume of data transmitted, but also significantly lowers the costs associated with its processing and storage, while simultaneously increasing the effectiveness of detecting and responding to potential threats. Implementing such a solution enables better use of SIEM resources, a focus on the most significant threats, and optimisation of security processes - all of which are essential for maintaining a high level of protection in a dynamically changing digital environment.
SecurityBridge: a practical solution
SecurityBridge offers an innovative approach that enables organisations to make effective use of SIEM technology while minimising the associated costs. A key element of this solution is the selective forwarding to SIEM systems of only confirmed threats, together with the precise set of events that triggered them. This strategy allows for a significant reduction in the volume of data sent for SIEM analysis, resulting in reductions of more than 90%. By limiting the data stream to only what is directly relevant to security, SecurityBridge not only reduces the costs associated with data processing and storage, but also significantly increases the effectiveness of the entire security management system. As a result, organisations can concentrate their resources on analysing and responding to the most critical and relevant threats, rather than wasting time and resources handling vast volumes of irrelevant data. Additionally, thanks to precise threat targeting, SecurityBridge enables better integration with other security systems, contributing to a more integrated and resilient IT environment.
SNOK’s role in optimising costs and enhancing SAP system security
SNOK, as a Gold Partner of SAP and Microsoft, plays a key role in delivering advanced SAP security solutions. Thanks to our deep understanding of SAP specifics and experience in IT systems integration, we are able to offer solutions tailored to our clients’ needs. In the context of reducing SAP-SIEM data costs, SNOK uses SecurityBridge to intelligently filter and select the data forwarded to SIEM systems. Our approach allows clients not only to significantly reduce operational costs, but also to increase the effectiveness of monitoring and responding to potential threats. Working with SNOK, organisations can count on support at every stage - from implementation to system maintenance - guaranteeing not only security, but also cost optimisation related to IT infrastructure.
Summary
Integrating advanced threat detection functions with SIEM is a logical and necessary step in ensuring comprehensive security within the SAP ecosystem. Understanding the potential cost increases associated with unfiltered data transmission to SIEM is essential for effective IT security management.
The SecurityBridge solution is an example of a pragmatic approach that significantly reduces costs while providing the tools necessary for effective protection against cyberthreats in SAP systems.
Would you like to find out more? Contact us and we will be happy to provide further information about our SAP security capabilities. Follow us on LinkedIn to stay up to date with the latest news and publications in the field of SAP security!