Vensure CISO Tackles Data Sprawl with AI-Driven Log Filtering
Vensure Employer Solutions' CISO implemented an AI-powered solution to drastically reduce firewall log ingestion, cutting costs and improving security posture by filtering out low-value data.

For years, the prevailing wisdom in cybersecurity operations was to collect every piece of available data, assuming that more logs meant better detection and forensics. However, as organizations scale, this approach can quickly become unsustainable, leading to significant financial and operational burdens. Vensure Employer Solutions, a large HR services and payroll provider, experienced this challenge firsthand as rapid growth, acquisitions, and an expanding customer base led to an explosion in telemetry volume.
Dwayne Smith, SVP of Information Security and Global CISO at Vensure, described the situation as "ingesting everything," with routine firewall traffic and benign system events comprising the bulk of the data. This massive influx of logs, while seemingly a safeguard, began to strain the company's security information and event management (SIEM) environment. The breaking point wasn't a security breach, but rather the escalating costs associated with data ingestion and storage, which nearly tripled over two years.
Beyond the financial implications, the sheer volume of low-value data made it increasingly difficult for security analysts to identify genuine threats. Alerts were frequently buried in noise, leading to longer investigation times and a creeping mean time to respond. Smith recognized that the status quo was "not sustainable" and that a fundamental rethinking of data management was necessary.
Instead of cutting back on essential security tools or personnel, Smith's team focused on optimizing the security data pipeline. They adopted a strategy of filtering data *before* it reached the SIEM, leveraging machine learning and large language models to automate the process. This allowed them to identify and discard high-volume, low-value data, such as routine firewall "allow" logs, without compromising the ingestion of critical security events.
The initial test case was firewall telemetry. While intrusion and authentication alerts were deemed essential, the vast majority of connection logs were rarely used for daily operations and were kept primarily for "just in case" scenarios. By filtering these logs, Vensure achieved an 83% reduction in firewall log ingestion, significantly cutting costs and noise while retaining crucial security signals.
To validate this approach and ensure no critical detection gaps were created, Smith's team conducted rigorous side-by-side comparisons. They used native firewall metrics, historical data, and simulated attack traffic, employing AI models aligned with frameworks like MITRE ATT&CK to maintain threat context. This validation confirmed that the filtered data still provided a clear and accurate view of the security environment.
The results were substantial. Vensure realized approximately $250,000 in annual savings directly attributed to reduced ingestion and storage costs. More importantly, operational efficiency improved dramatically, with mean time to respond dropping by about 50% as analysts spent less time triaging false positives. Detection accuracy also improved, and compliance reporting became more streamlined.
Smith emphasizes that the benefit of AI in security isn't solely about autonomous response or predictive analytics; it's also about cost discipline. By controlling runaway spending on data, AI can alleviate significant pressure on security budgets. The core lesson for Vensure, and the broader industry, is the need to question long-held assumptions, particularly the idea that more data always equates to better security.