The most important purchasing criterion for Security Information and Event Management (SIEM) is what features are included in the system, followed by price (27%), out of the box automation (25%) and lightweight implementation (17%), Computer Weekly/TechTarget's security purchasing intentions survey reveals.
A major driver for SIEM is the real-time detection and response to threats, with many respondents citing them as the main reason they use SIEM.
However the types of data fed into the typical SIEM and the challenges to IT managers in launching and maintaining these systems suggest that most deployments are not sophisticated enough to achieve these objectives, said Adrian Wright, vice president of research for ISSA-UK.
"Unless fully integrated and deployed, it's basically a log manager, although some are starting to use SIEM for monitoring higher value applications and databases. Many organisations are still primarily using their SIEM tools to keep a watch on their firewalls.
"SIEM complexity and related deployment costs are the main reasons it hasn't entirely reached the mainstream yet," he said.
Download our complete security survey results here.