SIEM Deployment Architectures

There are many different SIEM deployment architectures, which have different challenges and limitations [1]. The choice of architecture is impacted by factors like the number of log sources, amount of data, network topology, and regulatory compliance issues [1]. Some common SIEM deployment architectures include:

Self-Hosted, Self-Managed: The organization manages all aspects of the SIEM, from visualization and alerting to data retention [2].
Self-Hosted, MSSP Managed: The organization is responsible for data collection, while an MSSP (Managed Security Service Provider) handles the rest of the SIEM functions [3].
Self-Hosted, Jointly Managed: The organization and MSSP share responsibility for managing the SIEM [4]. The organization handles data collection and aggregation, while the MSSP handles correlation, analytics, reporting, and retention.
Cloud, MSSP Managed: The MSSP manages the SIEM, which is hosted in the cloud [5].
Cloud, Jointly Managed: The organization and the MSSP share responsibility for managing the SIEM, which is hosted in the cloud [6].
Cloud, Self-Managed: The organization manages all aspects of the SIEM, which is hosted in the cloud [7].
Hybrid Module, Jointly Managed: The organization and the MSSP share responsibility for managing the SIEM, which uses a hybrid of on-premises and cloud resources [8].