Questions to Ask
Ask vendors the questions that matter.
In addition to asking about specific features, there are several questions that are worth asking vendors. The following questions help in understanding the maturity of products and focus on potential breakpoints of projects.
Will integrating your I-SIEM solution require extensive changes to our existing infrastructure?
Leading I-SIEM solutions are designed to work with existing IT environments. It is worth finding out how well the solution you are considering will integrate with our existing environment because not all I-SIEMs offer the same level or ease of integration with other security systems.
How does your I-SIEM solution address compliance requirements and regulatory standards?
Leading I-SIEM solutions tend to offer support for compliance with things like automatic compliance reporting for the main regulations like GDPR, HIPAA, and PCI-DSS, but it varies from vendor to vendor. Be clear what your organization’s regulatory requirements are and ensure that the vendor you are considering can meet those needs such as restricting access on a need-to-know basis, on a departmental basis, and on a geographical basis or offering guaranteed data and metadata residency for your region if that is a requirement.
What are the licensing models and pricing structures for your I-SIEM solution?
Predictability of costs for an intelligent SIEM solution varies depending on the selected pricing model and the dynamics of your organization's data production.
Find out how predictable the cost will be by ascertaining what pricing model is in use. Models based on the number of managed assets, users, and/or storage requirements are more predictable than models based on data ingestion and server counts. There may be charges for any consumption above a certain threshold and for log retention periods, enhanced analytical functions, or adding supplementary connectors. There can also be additional charges for appliances, behavior analytics, threat intelligence, and support services.
What is the roadmap for future development and innovation of your I-SIEM solution?
If your organization has a good idea of future SIEM requirements, find out what a prospective vendor’s plans are for future versions of their I-SIEM solution to ensure that your organization’s expected future needs will be met.
How does your SIEM solution handle scalability and performance, especially with large volumes of data and diverse data sources?
Traditional SIEM solutions struggle to cope with the volume of security data being generated by modern organizations with rapidly expanding attack surfaces. It is important to know how a prospective SIEM solution addresses these challenges.
Can you explain how your SIEM solution leverages machine learning, other forms of artificial intelligence, and advanced analytics for threat detection and response?
I-SIEM solutions typically use AI and are likely to increasingly do so. It is therefore important to understand how these technologies are applied and what guardrails the solution vendor has included to ensure the solution performs as expected and is not vulnerable to attack.
Does your solution prioritize alerts for investigation, include workflow automation capabilities, and support two-way integration with security tools to support forensic investigations?
These are some of the hallmarks of I-SIEM solutions that are a necessity for organizations to be able to meet the security needs of modern business IT environments.
How do you handle software updates, patches, and maintenance for your SIEM solution, and what is the process for upgrading to new versions?
It is important to know how quickly any prospective vendor is able to adapt to changing needs and threats and how likely it is that any updates will impact business continuity.
Do you specialize in serving specific industries or use cases?
This is an important question to ask if your organization is in a regulated industry or has any particular needs because not all I-SIEM solutions cater for all use cases. Finding out whether a prospective vendor offers specialized support you need can help identify the I-SIEM solution that is best suited to your needs.
Can you provide case studies or references from organizations that have successfully implemented your I-SIEM solution?
This is particularly useful if you can speak to a reference customer where the organization is of a similar size or in a similar industry vertical. Reference customers will be able to answer questions on ROI, support services, and hidden costs.
These are a sampling of the many possible questions to ask vendors. For further assistance, KuppingerCole Advisory Services helps clients in the vendor selection process. KuppingerCole Research Services provides additional information on vendors, such as in Market and Leadership Compass documents.