Security Controls in the US Enterprise: Security Information and Event Management (SIEM)

Security Controls in the US Enterprise: Security Information and Event Management (SIEM)


Jason Pappalexis, John Whetstone, Will Fisher, Mike Spanbauer



Security information and event management (SIEM) products are designed to provide enterprises with a central repository for log and alert information collected from various security controls. The consolidation of this data allows administrators and incident responders to search through and visualize security information in near real-time. Current SIEM products can also include third-party threat data, which further enhances an enterprise’s ability to correlate, analyze, and respond to events occurring within its network.

Enterprises can use this information to gain critical insights into the purpose and use of SIEM products. These insights include information on how this security control is being managed within organizations, where it is being deployed, who is responsible for purchasing decisions, and the extent to which API controls are being used for its management.



  • Product scope, alternatives, deployment, and purchase authority
  • Metrics on product use within the enterprise
  • Who manages SIEMs? (breakdown by organization size)
  • Who uses API controls? (breakdown by organization size)
  • Enterprise challenges



Part of a series on security controls deployed by US enterprises, this brief includes current usage statistics for SIEM products within small and medium-sized enterprises (SMEs), large enterprises (LEs), and very large enterprises (VLEs).

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.