LOG EVERYTHING, LEAVE NOTHING: A Classy Security Imperative

Thank you to DNIF HYPERCLOUD for sharing their white paper in our knowledge base and not asking for personal information to read.

The 90/10 Rule of Logging: Focusing on the Critical 10%

The 90/10 rule of logging is a widely recognized phenomenon in the cybersecurity domain. It suggests that a significant portion of actionable security insights and

alerts originate from a relatively small subset of log sources. As a result, organizations face pressure to prioritize these critical log sources and invest their

resources accordingly.

While this approach may seem logical from a resource optimization standpoint, it also poses potential risks. By emphasizing only a limited number of log sources,

organizations might miss crucial context and valuable insights that could have been gleaned from comprehensive logging.

Efficient Log Reduction and Cost-Effective Solutions

Efficiency and cost-effectiveness are paramount concerns for organizations in managing log data. In response, SIEM providers often encourage customers to

streamline their logging practices, focusing on critical log sources that are most relevant to their specific security needs. By reducing the volume of collected logs,

organizations can mitigate the costs associated with log storage, processing, and analysis. Similarly, log retention timeframes also come under scrutiny to optimize costs.

Vendors may propose limited or reduced retention periods to minimize storage expenses, especially for organizations facing stringent budget constraints.