Selecting the correct Security Information and Event Management (SIEM) solution for an organization is not an easy task. The purpose of this article is to educate you why you should or should not have a SIEM solution, what key areas to look at when acquiring and SIEM solution and I'll also give you some of my own opinions or certain vendors and options. SIEM is a hybrid of two products SIM (security information management) and SEM (security event management). SEM technology evolves with real-time activities such as real-time correlation, alerting, dashboards, etc. SIM component is responsible for retention of logs for log-term analysis and forensics, reporting, pattern discovery, etc. Most of the leading SIEM vendors now provide ticketing/workflow management systems, integrated knowledge-bases various other components integrated to their SIEM solution.