The average organisation produces about 10 to 50 gigabytes of logs per day. For an organisation with 100 employees and a reasonable IT stack, that's about 18 terabytes per year. The organisation pays to store those logs. It pays to index them. It pays to keep them available for compliance purposes. It pays for a SIEM licence into which the logs are pumped. It pays for a security analyst who in theory should be looking at the logs.
The logs nobody reads, and why you still need them
Premium member benefits
Enjoyed this essay? There are more where it came from.
Members get the complete premium library — templates, runbooks, threat briefings and long-form essays — plus one free premium assessment every month.