I've talked with hundreds of companies across all business sectors who have deployed, or are thinking of deploying, a network/system monitoring solution of some kind. The majority of the teams I've spoken with have very similar requirements, which typically boil down to one or more of the following:

Companies of all shapes and sizes are under enormous pressure to document (and regularly audit) various types of network events and system/security logs. Public companies in particular have seen a significant change in their regulatory burdens, and are now required to retain reams of data that can be used to perform forensic audits.

Having an audit-friendly network infrastructure can go a long way toward simplifying the process of documenting and auditing network activities.This article discusses network design approaches which can significantly reduce headaches when performing audits.

Wide Area Networks (WANs) are commonly used to connect businesses and institutions with remote branches and field sites. One of the chief advantages of WAN connectivity is the ability to locate key services at a central location, and share those resources with many other geographically-disbursed sites. Technical staffing requirements can be significantly reduced by allowing remote administration and systems management to take place entirely from the main site.

Virtually any business/enterprise network is likely to see situations in which network utilization spikes unexpectedly, resulting in congestion, 'slow access' and other types of interruption.

This pain is most commonly experienced at the Internet gateway. Someone discovers it's not really a good idea to send a 53MB video file to 107 of his closest friends, or a malware outbreak saturates the connection with spam relays or 'warez' downloads.