Breaches fall roughly into three categories: perimeter, or hacking through external protections such as firewalls; internal, which primarily means insider theft or error; and compliance/corporate policy-people getting into applications they're not supposed to or violating policies.

To use the event data to protect your assets and achieve compliance, you need to get it all in one physical location and have a way to understand which events matter to the protection of your business. Log management tools can pull all the logs from hundreds of sources generated by devices and applications from different vendors, as well as home-grown ones, into one central location. They can then coordinate all this data and store it for as long as you specify.