[waihtis]

> Logging is critical to detecting attacks and intrusions.

Yes, but not universally - and just collecting logs will not take you far. Logging everything and trying to approach security via the ’collect all data’ is both expensive and inaccurate, and one of the major inefficiencies in modern cyber.

[onefuncman]

This is done efficiently at scale by both Cylance and Crowdstrike, but is certainly only one part of a defense in depth strategy.

There are viable products around human threat hunting which would be impossible without a 'collect all the data' component.

[waihtis]

You are correct, and this is the key part - what % of organizations have money, skills and people to build a robust enough capability around threat hunting, for example?

I’ve been super lucky to meet various orgs and their security in all geographies and many industries and my gut feeling is 1 out of 10 teams.

[EricE]

Security Onion does an amazing job at collecting and correlating, especially for an open source product. The traditional trade of with Open Source is there - a bit of up front effort for longer term value.