Overview
After sustained growth, IBM Business Partner SecurityHQ needed to update the security information and event management (SIEM) platform that backed its managed detection response services. Relying on IBM Security™ software delivered under an IBM Embedded Solution Agreement (ESA), the firm can now readily scale its monitoring to match user demand.
Solution: Security
Industry: Information Technology

Business Challenge
After experiencing downtime with its existing SIEM tool, SecurityHQ needed a more reliable security platform.
Transformation
The business deployed IBM® QRadar® SIEM software under an IBM Embedded Solution Agreement.
Results
30% – 40% cheaper than the previous SIEM platform
Reduces downtime improving overall system availability and reliability
Supports >40 independent networks through a single contract
Business Challenge Story
Risk is on the rise
Data has become the currency of the modern age, and keeping it safe is only growing more challenging. Hospitals held hostage by ransomware, banks robbed of personal customer data, small business sites hacked and loaded with malware – there seems to be an ever-shrinking window between each new headline recounting the latest cyberattack.
These assaults are only growing more frequent and more bold.
“I don’t think people realize what we’ve been seeing in the last year,” notes Feras Tappuni, Founder and Chief Executive Officer at IBM Business Partner SecurityHQ, a managed security services provider. “The number of attacks – of incidents – that we’ve observed from our offices around the world is up. The alarm count has gone through the roof.”
Trying to determine what measures SecurityHQ should take going forward, Tappuni pursued an unconventional approach. He talked to his competitors.
“We’re all engineers,” explains Tappuni, “so they were more than willing to discuss and troubleshoot the mechanics of the problem. I spoke to the head of infrastructure of a service provider out of the US who had gone through the same issues that we had. He used some of the exact phrases to describe their past issues as I had been using to describe our problem.”
Tappuni continues the story: “I asked him what they had done, and he told me that they moved to IBM. The migration had taken some work, but when it was finished, he was able to sleep at night. That’s what I wanted too – I wanted to be able to sleep at night.”
“Once you model the cost of the ESA, it’s actually very well priced. Over the first three years, I’ve saved 30% – 40% on my cost of SIEM.”
“Once you model the cost of the ESA, it’s actually very well priced. Over the first three years, I’ve saved 30% – 40% on my cost of SIEM.”
“With the ESA, we had something that was tailored for us. That gave us the right commercial model to rapidly scale up our business.”
Transformation Story
One contract, one console
To better avoid potential service interruptions, SecurityHQ standardized its managed detection and response operations on IBM QRadar SIEM software. Now, when customers send in security logs for processing, SecurityHQ analysts – from within the IBM tool – can review any related events, report on what happened and recommend next steps. And the business can extend this insight to users of its SecurityHQ Response App, which delivers mobile access to the partner’s security platform and offers the ability to respond quickly to an incident, even when not in the office.
“QRadar is the cornerstone of our solution,” notes Tappuni. “When a user logs in, they’re now seeing all the tickets, all the reports generated regarding the infrastructure. All of them correlated correctly. All of them given an alarm sequence and the name of the analyst that worked on it.” And with this insight, analysts can then properly prioritize and manage responses.
“Our previous SIEM contract model was very limiting,” Tappuni adds. “If we overused it, there were additional costs. It was very difficult to narrow down what our spend should be. I’d dedicate hours trying to calculate how much we would need for the upcoming year, and I would always be off by 20% – 30%.”
He continues: “The challenge is we don’t have one client and one network. We’re monitoring 40 to 60 networks, and they’re constantly changing. But with the ESA, we had something that was tailored for us. That gave us the right commercial model to rapidly scale up our business.”
“With the ESA, we had something that was tailored for us. That gave us the right commercial model to rapidly scale up our business.”
Results Story
Lower cost, greater reliability
With the new IBM software in place, SecurityHQ quickly resolved the availability challenges that the business had been facing. The flexible, scalable IBM QRadar platform can readily accommodate the company’s shifting workloads and support the high volume of messages and reports that SecurityHQ works with for its day-to-day tasks.
In addition, the IBM solution helped to rein in related spending. “Once you model the cost of the ESA, it’s actually very well priced,” notes Tappuni. “Over the first three years, I’ve saved 30% – 40% on my cost of SIEM. And because of the contract structure, it will continue to go down going forward.”
“The support I’m getting from IBM is on a whole other level. It’s been a fantastic relationship.”
“The support I’m getting from IBM is on a whole other level. It’s been a fantastic relationship.”