Security information and event management (SIEM) products are designed to provide enterprises with a central repository for log and alert information collected from various security controls. The consolidation of this data allows administrators and incident responders to search through and visualize security information in near real-time. Current SIEM products can also include third-party threat data, which further enhances an enterprise’s ability to correlate, analyze, and respond to events occurring within its network. Enterprises can use the information in this brief to gain critical insights into the purpose and use of SIEM products. These insights include information on how this security control is being managed within organizations, where it is being deployed, who is responsible for purchasing decisions, and the extent to which API controls are being used for its management.

ABOUT THIS STUDY: Part of a series on security controls deployed by US enterprises, this brief includes current usage statistics for SIEM products within small and medium-sized enterprises (SMEs), large enterprises (LEs), and very large enterprises (VLEs).