You notice some weird alerts in your environment and start to investigate them. As you’re digging into the myriad of log and monitoring data, you realize that what you’re looking at is a telltale sign of data exfiltration — you’ve had a breach.
You follow the trail and eventually realize that the breach started before the earliest retention date of your log data. You have no way of forensically proving when the breach started or even the true scope of the breach. Adding to your distress is the growing number of data privacy laws that are requiring breach notification – as of this writing, the EU’s General Data Privacy Regulation (GDPR) requires notifications to potential victims of breaches within 72 hours of the discovery of the breach.