Platforms. Pricing. You kind of expect vendors to have firm thoughts about topics like that. I didn’t realize until recently, though, how opinionated many of them are about SIEM solutions too.

The debate, to be more precise, concerns the relative merits of SIEM solutions on the one hand and XDR/MDR solutions on the other. Huntress, Kaseya, and ConnectWise don’t see this as an either-or question. All three companies have offered some combination of MDR and XDR for a while and SIEM services as well since April (in the case of Huntress and Kaseya) and June (in the case of ConnectWise).

“Some people want to collect all the information that a SIEM provides,” explains ConnectWise CEO Manny Rivelo, and ConnectWise aims to give those mostly larger, more sophisticated buyers exactly what they seek.

Which in most cases is not what they need, according to multiple vendors I’ve spoken with lately, at least if they focus on SMBs. “You can go deploy a SIEM,” says Dor Eisner (pictured), CEO of generously capitalized detection and response specialist Guardz. “You can also take a Ferrari and go around the house. It won’t take you far. That’s my analogy about SIEM. You as an MSP don’t need the Ferrari to drive cybersecurity for a small business organization.”

What’s more, you probably can’t afford either a Ferrari or a SIEM solution, adds Brian Downey, VP of product management at Barracuda Networks, and wouldn’t know what to do with either one if you could.

“Security’s all about consolidating information, and that’s where SIEM is very powerful,” Downey says. How are you going to act on that data once you’ve centralized it though?

“MSPs need solutions not tools, and SIEM in many cases is a tool,” Downey says, which is why Barracuda opted to purchase an XDR vendor rather than a SIEM vendor four years ago. A solution uses SIEM data as a basis for action.

N-able had the same thought in mind when it bought MDR/XDR vendor Adlumin last year. SIEMs can help you detect and assess a threat, but that’s only part of the equation, notes president and CEO John Pagliuca during a recent conversation on MSP Chat, the podcast I co-host.

“The full equation is the response and the remediation, and that’s what the Adlumin solution does,” he says.

N-able, no doubt, would love that assertion to close the book on the SIEM debate. Given the degree to which SIEM turns out to be kind of a Rorschach test for security vendors, though, I doubt it will.