What SIEM Managers Can Learn from the Taylor Swift Ticketmaster Fiasco

Ticketmaster and Taylor Swift’s Verified Fan status is a brilliant idea — in theory. The Verified Fan program is designed to combat bot activity by verifying fans through a registration process. The program aims to ensure that tickets are only sold to fans who intend on actually attending the event. The recent sales for Swift’s upcoming Era’s Tour has not gone “all too well,” showcasing the very real consequences of improper capacity planning. Temporary outages and long wait times left many fans in the Verified program frustrated and empty-handed. Ticketmaster announced on Thursday that the sale had been canceled due to “extraordinarily high demands on ticketing systems and insufficient remaining ticket inventory to meet that demand.”

Now, what does this have to do with cybersecurity and SIEM management?

While estimating how many fans would want to attend Swift’s concert is certainly a different prediction than firewall, endpoint, and PaaS/IaaS log volume, there is a lot to take away from Ticketmaster. The capacity issue that Ticketmaster faced this week has likely happened to most who have tried to run a SIEM in the last 15 years. Those who have experienced capacity planning failures, and infrastructure sending 400 and 500 errors, can understand the frustration Swift’s fans had late last week. As technology users and managers, we want our tools to work when we need it and have the flexibility to scale our needs up and down based on what’s happening in our environment right now.

BlueVoyant’s content engineering, 24x7 monitoring, as well as health alerts and health monitoring, have a helpful place in these kinds of scenarios because: 1) you’re not on your own kid, and 2) we partner with cloud-native SIEMs and build experiences that scale up and scale down with you as you need it.

So the next time you have your own version of a Taylor Swift concert ticket sale, we’ve got you covered.

Good health monitoring should be glamorous and make the whole room shimmer. Volume anomalies, missing (or extra) data, heartbeats. Tracking errors, buffers, losing track of time (NTP) — they do really deserve more of the limelight than they received last Tuesday. Will extraordinarily high demand impact the performance of any system? It’s more than just a question.

And in case you were wondering, while capacity failed me the first time, as we say in cybersecurity, persistence pays off! I am happily attending one of Swift’s June 2023 shows.

Mona Ghadiri serves as BlueVoyant’s ebullient Director of Product Management.