Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large enterprises found that half of organizations drop or never collect an average of 86 percent of their logs, even after filtering and aggregation. Many also limit how long they retain the logs they do keep.
That choice carries a security cost of its own.
What logs do for an investigation
Logs are the record of what happened inside an application or a piece of infrastructure. They capture errors, events, and actions in sequence, which makes them the raw material for threat hunting, incident response, and forensics. When an organization conducts cyber forensics or runs a security investigation, log data is among the first things it reaches for. Security investigations rank among the most common uses for logs at the enterprises polled.
A decision to drop the bulk of that material, or to age it out after a short window, lands directly on this work. An intrusion can sit undetected for weeks or months before anyone notices. When the alert finally arrives and an investigator goes looking for the trail,…
