5 Questions to Ask SIEM Solution Providers

5 Questions to Ask SIEM Solution Providers

Solutions Review lists the five questions you need to ask SIEM solutions providers when you’re evaluating tools.

Security information and event management (SIEM) products were once only considered a solution for large enterprises worried about fulfilling their compliance reporting. The technology category has since shifted, both in terms of enterprise perception and common capabilities to emphasize log management and threat detection. SIEM solutions allow IT security teams to find dwelling threats and mitigate them optimally and with speed.

When adopting an SIEM solution, make sure to ask these five questions to any SIEM provider you’re evaluating.

How does your product meet our auditing and regulatory compliance needs?

Although it has been supplanted by threat detection, compliance management is still one of the most frequent use cases for SIEM solutions. It can provide coverage for HIPAA, PCI DSS, and SOX, among many others. You need to make sure that a potential solution is compatible with your specific industry regulations. Ask your potential vendor to demonstrate a clear relationship between your industry compliance needs and their policies.

Do you offer assistance with deployment or training for personnel?

ASDFIn a 2014 Report, Gartner analyst Oliver Rochford estimated that between 20 percent and 30 percent of SIEM deployments among his client base fail. While that percentage has improved somewhat in the intervening years, the issue persists. Once successfully deployed, a SIEM solution requires a dedicated team of skilled analysts and technicians to manage and ensure effective use. You should inquire with any potential SIEM vendors about what they can offer to offset the stress of deployment.

Do you support public and private cloud platforms and big data environments?

Public cloud computing and big data solutions will play a prominent role in the future of your organization’s IT environment — a strong chance which continues to grow stronger into 2019. If you’re spending top dollar on an SIEM solution today, you’ll want to know that it will integrate with the cybersecurity, data management, and business intelligence systems you will use tomorrow.

How well does your SIEM tool handle log sources?

Your SIEM tool isn’t worth much if it can’t understand the log data from important log-generating sources in your organization. Make sure your potential SIEM solution supports your organization’s firewalls, intrusion prevention systems, VPNs, email gateways, and antimalware products. Any prospective SIEM solution worth its salt should support log files from the operating system (both type and version) that your organization uses.

What features does your product provide for data analysis?

SIEM solutions are used for incident detection and response, and therefore should provide features that help your security analysts review and analyze log data. Even the best-configured SIEM is worse than the best analyst; a highly accurate tool can still misinterpret events, so make sure your team can vet the SIEM’s results. Strong search and data visualization capabilities can also help facilitate the investigation of incidents.


Our Buyer’s Guide for SIEM helps you evaluate the best systems for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace, questions you need to ask your organization and your potential SIEM providers, and a Bottom Line Analysis for each vendor profile.

Daniel Hein