5 Questions to Ask Before Selecting an SIEM Vendor

5 Questions to Ask Before Selection an SIEM Vendor

Solutions Review lists the five questions you need to ask of your business when you’re evaluating an SIEM solution.

Security information and event management (SIEM) products were once only considered a solution for large enterprises worried about fulfilling their compliance reporting. The technology category has since shifted, both in terms of enterprise perception and common capabilities to emphasize log management and threat detection. SIEM solutions allow IT security teams to find dwelling threats and mitigate them optimally and with speed.

When adopting an SIEM solution, make sure to ask these five questions of your business.

How will we support our SIEM Solution?

SIEM is not a substitute for a human IT security department. It’s a tool, and it needs good technical expertise to work properly and optimally. A typical SIEM deployment can require a team of up to eight full-time employees to properly manage it. Do you have the resources and personnel to effectively manage SIEM? Can you hire and train the staff necessary to support SIEM? And if not, how will you work with a managed SIEM solution offer to obtain the capabilities you need?

What does my organization want to get out of SIEM?

This single question contains innumerable subquestions: What data sources do you need to log? Do you need real-time collection? Do you need to collect all of the security data you generate or just a subset? What do you need to archive to achieve adequate compliance? For how long? How will you use the data once collected? For forensics? Detecting threats? Auditing and Compliance? It’s important to understand your use case in detail before implementing an SIEM solution.

Do we need a full SIEM solution? Or is log management sufficient?

SIEM systems are highly capable, but they’re also costly and complex. If your organization is window shopping for complex SIEM solutions without a complex use case, you may want to reconsider. Many regulatory compliance requirements can be met with traditional log management solutions. If you find yourself more concerned with log management than with correlation, SEM, or SIM, this may be the right move for you.

Do we need Security Analytics or traditional SIEM?

Security Analytics solutions leverage big data technologies and new analytic algorithms. They are extremely effective solutions, but they can prove complicated to stretched-thin IT teams. Organizations with well-funded and dedicated security operations teams should investigate security analytics solutions, which can recognize security threats better and reduce the workload on the analysts. If your current SIEM solution isn’t up to par then it’s doubtful that you could handle a big data security analytics system.

How much are we willing to spend?

Enterprise-grade SIEM systems can cost your business hundreds of thousands of dollars. Enterprise SIEM requires initial license costs, often arranged as base price plus user or node, database costs for servers, hiring and training personnel, and costs of additional external storage. Not all businesses can afford it. Some SIEM vendors offer a lightweight version with basic log management and reporting capabilities without advanced analytis, a good alternative for businesses looking to save money.


Our Buyer’s Guide for SIEM helps you evaluate the best systems for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace, questions you need to ask your organization and your potential SIEM providers, and a Bottom Line Analysis for each vendor profile.

Daniel Hein