What I'm planning to do about this situation is to offload some of the traffic from the routers and switches onto a specialized data delivery device. The device I'm looking at is designed to sit on the network and mirror the network traffic to my SIEM, so the routers and switches don't have to. It can also take log and alert data from some of my other sources and carry them directly to my SIEM, cutting down on network bandwidth.
So while I now have too much of a good thing, fortunately the state of security technology has caught up to the problem. If all goes as planned, I can simply drop in the new device and hook it up to my SIEM without any trouble. Then I can add even more data to what I'm already monitoring.
Sign up for MIS Asia eNewsletters.