For years now, compliance has been the primary reason why small and midsize businesses (SMBs) buy security information and event management (SIEM) tools. According to a study published today by the SANS Institute, SIEM and log management tools are becoming increasingly popular as a method for tracking down and diagnosing security problems, rather than serving primarily as tools for proving security compliance. That premise is supported by a separate study published simultaneously by security tool vendor RSA, which offers SIEM software.