Next-Generation Security Information and Event Management (NGS)

Minnesota IT Services (MNIT) offers a Next-Generation Security Information and Event Management (Next-Gen SIEM or NGS) solution through a trusted vendor partner. This solution collects and aggregates log data from multiple sources, centralizing information for faster detection, analysis, and response. 

By uniting data across the enterprise, NGS creates a more complete and connected view of an organization’s IT environment. This holistic visibility empowers security teams to act more quickly, strengthen their defenses, and support more informed decision-making.

View a PDF Summary of NGS

Compliance

MNIT’s NGS solution is designed to simplify compliance for Minnesota’s state, local, and tribal partners by aligning with some of the most stringent security standards in the country. MNIT's NGS solution:

  • Is fully compliant with Criminal Justice Information Services (CJIS) and Minnesota Justice Information Services (MNJIS) controls, enabling law enforcement and justice partners to securely log and access critical data. MNIT worked closely with the Minnesota Bureau of Criminal Apprehension (BCA) and local partners to ensure the NGS module can confidently be used as a CJIS-compliant logging solution.
  • Meets Federal Risk and Authorization Management Program (FedRAMP) High controls, the most rigorous FedRAMP baseline, ensuring strong protections for systems where the loss of confidentiality, integrity, or availability could have severe or catastrophic consequences. This makes NGS well-suited for handling the most sensitive, unclassified data in cloud environments.
  • Supports compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS), giving organizations that manage health information or payment data confidence that they can meet their regulatory obligations without adding operational complexity.

Note: Compliance is a shared responsibility. While the technology supports CJIS compliance requirements, customer entities are responsible for identifying and configuring log sources, access controls, and retention in alignment with relevant compliance standards in place.

Data ingest and retention

To support partners in getting started, each NGS participant receives 10GB of third-party data ingest at no cost. 

  • This allows organizations to begin sending their most critical log sources into the platform right away without worrying about initial costs. 
  • Vendor-provided endpoint data is not counted toward this allowance, ensuring partners get the full benefit of the free allocation.
  • There is no cap on the amount of third-party data that can be ingested. Instead, billing is based on each organization’s average daily ingest volume and endpoint counts, providing flexibility to scale usage as security and operational needs grow.

All data ingested into the platform is retained for 365 days, supporting deeper investigations, compliance obligations, and long-term visibility.

Endpoint data is fully managed through MNIT’s Managed Detection and Response (MDR) service, ensuring strong oversight of security telemetry. However, MDR Complete services are not included with the NGS module, providing a clear distinction between what MNIT manages centrally and what remains the responsibility of the partner organization.

Key benefits at a glance

  • Centralized security visibility across endpoints and third-party sources
  • CJIS, MNJIS, FedRAMP High, HIPAA, and PCI-DSS compliance support
  • Flexible and scalable ingest model with a 10 GB free allowance
  • 365-day data retention for investigations and compliance
  • MDR-managed endpoint data, with partner control of third-party data

Billing and pricing

Eligible entities must be enrolled in the MNIT’s MDR program prior to using NGS. This allows all data to be processed and avoids duplication of efforts and cost.

NGS pricing is based on the amount of third-party data ingest (external sources) and number of endpoints. MNIT's vendor for MDR and NGS dashboard provides daily ingest data. MNIT and the vendor use this data to determine an average daily ingest each month for billing purposes. The annual and monthly rates associated with that ingest pricing are shown below.

Billing 

  • You will be invoiced monthly based on your average daily data ingest (the amount of external log data you send into the SIEM).
  • Each partner receives 10 GB of external ingest free each month.
    • Endpoint data does not count toward this total.
  • All ingested data is stored for 365 days.
  • There’s no cap on how much data you can send. You only pay for what you use above the free 10 GB.

Pricing

  • Data ingest: $26.67 per GB (billed monthly, based on your average daily ingest).
  • Endpoint search retention: $0.417 per endpoint per month.
  • Example: If you ingest 50 GB per day on average, you’ll be billed for 40 GB (since the first 10 GB is free). At $26.67/GB, that equals $1,066.80 per month. If you have 100 endpoints, you’ll also be billed $41.70 per month for retention.

Pricing table (FY2025-FY2027)

Item Monthly Cost
Data Ingest $26.67 per GB (after 10 GB free)
Endpoint Search Retention $0.417 per endpoint

Example pricing calculation

Usage Calculation Monthly Cost
50 GB average daily ingest 40 GB billable (50 GB - 10 GB free) x $26.67 $1,066.80
100 endpoints
100 x $0.417 $41.70
Total Monthly Cost Data Ingest + Endpoint Retention $1,108.50

Refer to MNIT’s Whole-of-State participant page for more .

Training

  • MNIT’s Cyber Navigator team supports the enrollment and onboarding process to ensure partners are comfortable with the initial implementation process.
  • All users have access to the vendor’s training portal and the SIEM-100 course.

Email the Cyber Navigator team if you have questions: CN.MNIT@state.mn.us.