How One HR Giant Cut Its Security Bill by $250,000 — by Deleting Data It Never Needed

Vensure Employer Solutions was drowning in its own security logs. An AI-powered clean-up cut costs, halved response times, and proved that more data isn't always safer.

ThreatVectr Newsdesk· 3 min read
Photoreal news-editorial photograph, 16:9 framing, full-frame edge-to-edge composition
Share

Key points

  • Vensure Employer Solutions, an HR and payroll company serving more than 95,000 businesses, watched its security-log storage costs nearly triple over two years.
  • By filtering out low-value firewall logs using AI tools, Vensure cut the volume of data it collected by 83% without losing a single meaningful security alert.
  • The changes saved approximately $250,000 per year in storage and processing costs.
  • The time it took analysts to respond to real threats dropped by roughly 50% after the noise was removed.

Vensure Employer Solutions handles payroll and HR administration for more than 95,000 businesses. That is a lot of sensitive data — wages, tax records, personal details for millions of workers. So when Dwayne Smith, the company's top security officer, says his biggest headache wasn't hackers, it's worth listening.

It was his own security system eating itself alive.

The log pile that broke the budget

Every company running a serious security operation uses something called a SIEM — a Security Information and Event Management system, which is essentially a giant digital inbox that collects records of everything happening across a company's computers and networks. The idea is simple: the more activity you record, the better you can spot something suspicious.

For years, that logic held. Storage was cheap. So teams collected everything: every time a firewall — the digital boundary wall between a company's internal systems and the wider internet — approved a routine connection, that got logged. Every normal server heartbeat. Every benign background process. All of it, pouring in.

As Vensure grew through acquisitions, buying up other companies and absorbing their infrastructure, the data volume didn't creep up. It detonated. Smith estimates ingestion costs nearly tripled in two years.

"We were ingesting everything," he told Dark Reading. "People would shove everything they could in there."

Did throwing away data make Vensure less secure?

No — and that's the counterintuitive finding at the heart of this story.

Smith's team didn't delete security-relevant records. They used AI models — software trained to recognize patterns across millions of examples — to sort incoming data before it ever hit permanent storage. The system learned to identify high-volume, low-value events: a firewall waving through a routine connection, a server confirming it was still online. Those got dropped. Genuine threat alerts, authentication records, and anything flagged as unusual got kept.

Firewall logs were the first test. Raw connection records made up the majority of events but were almost never used in real investigations. After filtering, firewall log ingestion fell by 83%. No threat alerts were lost. The team ran side-by-side comparisons against historical data and simulated attack traffic to confirm nothing important had disappeared.

The result was cleaner dashboards. Analysts who had spent hours wading through meaningless entries could suddenly see scanning activity and genuine anomalies clearly.

"When we filtered those logs, we were actually able to understand our environment better," Smith says.

What changed in practice

The financial impact was direct: roughly $250,000 saved annually. Response times fell by around 50%. Detection became more precise. Compliance reporting — tracking which data is stored where, a real obligation for companies handling payroll across different regions — got easier.

The failure mode the industry keeps repeating is treating data volume as a proxy for security maturity. It isn't. A warehouse full of irrelevant records doesn't catch criminals; it just buries the signal that would.

Smith's operational takeaway is blunt: question every log source before you ingest it, not after you've paid three years of storage bills to find out it was useless.

© 2026 Threat Vectr