This resource is no longer available
A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were considered more of a nuisance than a help. There were too many of them, they weren’t easily collected, and there was no easy way to make sense of which were important.
When network administrators had log recording turned on, they were lost in a sea of data, and would have to sift through it all in an attempt at analyzing suspicious activities.
Some organizations deployed early Security Information and Event Management (SIEM) systems to help filter out the noise. The problem, however, is that the industry and government auditors found a gap in what was collected. There was no way to capture the events that those early SIEM solutions weren’t aware of. The auditors said that everything needed to be captured and stored.