In a world of compliance and disclosure requests, the ability to investigate raw log files whilst shutting out the noise can not only be a time-saving maneuverer in your process but also reduce the risk of mistakes. The ability to analyse large volumes of log files, be it on the cloud, or hidden away in on-prem archives, will make a great difference on how your tech team operates.
Using higher education as an example. Every year, new students join a University and for IT teams, this means new logs. But it also means new devices on the networks, in Europe, this includes Eduroam, a 3rd party network point where logs may not be as easily accessible. On average, a student will bring in a mobile phone & laptop. But in this ever-growing IoT world, students are expected to bring more smart devices as well as devices such as tablets. This increases a student’s footprint on any SIEM solution.