When I first started my IT career I worked at IBM on mainframes. Back in those days we backed up every transaction to large tape reels. My customers would keep 7 days of data on site and seven years of data in controlled locations that would protect the tapes against fire, water and temperature damage. The creation of the tape reels and storage was relatively straightforward; however what we feared was a request to search these historical backups. In the four years I worked on mainframes it only happened once. Not only was it physically exhausting to load the tape files, it took us days to find the requested transactions.
Today we have the ability to log everything that is happening, including the data that traverses every node in the network, the transactions of every computer and the activities of every computer user. This data is no longer just meaningful to the IT staff that maintains the systems, it is increasing important to the entire organization. Businesses are increasingly analyzing this raw data turning it into meaningful information and drawing conclusions that helps them to make better business decisions.
The amount of data collected can be overwhelming, but I always say “start with a solid foundation”. In other words start with who is changing your Active Directory system and how, and then who is accessing or attempting to access your network, and what are they assessing. Read this article, Find the Who, What, Where and When of Your Active Directory, by Dr. Avril Salter to find out how to do this.