The Total Economic Impact Of SecureWorks Managed Security Services
|
|
- Piers Clarke
- 8 years ago
- Views:
Transcription
1 Prepared for SecureWorks September 2006 The Total Economic Impact Of SecureWorks Managed Security Services Project Director: Jeffrey North, Senior Consultant
2 TABLE OF CONTENTS Executive Summary...4 Purpose...5 Methodology...5 Approach...5 Key Findings...5 Disclosures...6 MSS: Overview...7 Services...7 Infrastructure...8 Analysis...9 Interview Highlights...9 TEI Framework...10 Introduction...10 Framework Assumptions...10 Costs...10 Managed Security Services Fees...10 Internal Labor For MSS Administration...11 Total Costs...11 Benefits...11 Costs Avoided: In-House Security Team...12 Costs Avoided: Security Software And Hardware...12 Lowering The Risk Of Loss From Security Breaches...13 Total Benefits
3 Risk...14 Flexibility...18 TEI Framework: Summary...18 Study Conclusions...19 Appendix A: Total Economic Impact Overview...20 Benefits...20 Costs...20 Risk...20 Flexibility...20 Appendix B: Glossary...21 A Note On Cash Flow Tables...21 Appendix C: About The Project Manager...22 Appendix D: Endnotes , Forrester Research, Inc. All rights reserved. Forrester, Forrester Wave, Forrester's Ultimate Consumer Panel, WholeView 2, Technographics, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. Forrester clients may make one attributed copy or slide of each figure contained herein. Additional reproduction is strictly prohibited. For additional reproduction rights and usage information, go to Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. 3
4 Executive Summary In September 2006, SecureWorks commissioned Forrester Consulting to examine the total economic impact and potential return on investment (ROI) enterprises may realize by engaging SecureWorks Managed Security Services (MSS). SecureWorks, the leading pure-play MSSP with over 1,500 clients and 5,000 devices managed and monitored around the world, enables organizations to protect their critical information assets from digitally borne threats and vulnerabilities through its managed security and consulting services. SecureWorks services deliver an enhanced security program, improved compliance, greater operations efficiency, and reduced security program costs. SecureWorks services include: Security information and event management Security event/log monitoring and analysis Network intrusion prevention Intrusion detection system management Firewall management Host intrusion prevention management Vulnerability assessment Threat intelligence Encrypted Professional services The customer profiled in this case study is a multibillion dollar international media company that owns newspapers, television stations, and Web sites in the United States and abroad. This customer utilizes SecureWorks Intrusion Detection System (IDS) management and security event/ log monitoring and analysis services. In conducting in-depth interviews with the client, Forrester found that this company significantly improved its security posture while avoiding the cost of staffing a full internal security team to provide the necessary defenses and expertise to protect this decentralized group of owned newspapers, television stations, and other media properties. Further, by relying on SecureWorks services, the customer s internal security team has evolved from a largely IT function to being a critical business function, concentrating on security strategy issues and business risk. Forrester calculated that this client achieved a return on investment (ROI) of 267% with a payback period of just several weeks. 4
5 Purpose The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of SecureWorks' MSS on their organizations. Forrester aims to demonstrate all calculations and assumptions used in the analysis. Readers should use this study to better understand and communicate a business case for investing in SecureWorks' MSS. Forrester has constructed a financial framework to examine the benefits, costs, risks, and flexibility options, and Forrester uses the client interviews to validate these elements. The case study contents and analyses are driven by the information provided by SecureWorks client. Methodology SecureWorks selected Forrester for this project because of Forrester s industry expertise in enterprise security technologies and threat management and Forrester s Total Economic Impact (TEI) methodology. TEI not only measures costs and cost reduction (areas that are typically accounted for within IT) but also weighs the enabling value of a technology in increasing the effectiveness of overall business processes. For this study, Forrester employed four fundamental elements of TEI in modeling MSS: 1. Costs 2. Benefits to the entire organization 3. Risk 4. Flexibility Given the increasing sophistication that enterprises have regarding cost analyses related to IT investments, Forrester s TEI methodology serves a useful purpose by providing a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology. Approach Forrester used a four-step approach for this study: 1. Forrester gathered data from existing Forrester research relevant to security and threat management. 2. Forrester interviewed SecureWorks marketing and product development personnel to fully understand the value proposition of MSS solutions. 3. Forrester conducted a series of in-depth interviews with an enterprise client that has engaged MSS. 4. Forrester constructed a financial model representative of the interviews, which are described in the TEI Framework section below. Key Findings Forrester s study yielded the following key findings: 5
6 ROI. Based on the interviews with an existing client, Forrester constructed a TEI framework and the associated ROI analysis illustrating the financial impact areas. As seen in Table 1, the risk-adjusted ROI for this company s engagement of MSS is 267% with a breakeven point (payback period) of just weeks after the deployment of SecureWorks' services. Benefits. The main benefit to this client has been the improved security posture and reduction in risk from digital threats resulting from engaging a highly qualified team of certified experts, obviating the cost and hiring and retention challenges of maintaining those capabilities in-house. Forrester conservatively estimated the value of these benefits at $1.2 million per year. Costs. The main costs for this implementation are services fees of approximately $306,000 per year. Table 1 illustrates the risk-adjusted cash flow for the client organization based on data and characteristics obtained during the interview process. Forrester risk-adjusts these values to take into account the potential uncertainty that exists in estimating the costs and benefits of a technology investment. The risk-adjusted value is meant to provide a conservative estimate, incorporating any potential risk factors that may later affect the original cost and benefit estimates. For a more indepth explanation of risk and risk adjustments used in this study, please see the Risk section. Table 1: Three Year ROI, Original And Risk-Adjusted Summary Financial Results Original Estimate Risk- Adjusted ROI 288% 267% Payback period (months) Total costs (PV) $850,495 $850,495 Total benefits (PV) $3,302,292 $3,124,067 Total (NPV) $2,451,796 $2,273,572 Disclosures The reader should be aware of the following: The study is commissioned by SecureWorks and delivered by the Forrester Consulting group. SecureWorks reviewed and provided feedback to Forrester, but Forrester maintained editorial control over the study and its findings. SecureWorks provided the names of customer organizations for the interviews. Forrester makes no assumptions as to the potential return on investment that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the report to determine the ROI of an investment in MSS. This study is not meant to be used as a competitive product analysis. 6
7 MSS: Overview According to SecureWorks, the company s suite of information security services delivers real-time protection and improved compliance to organizations of any size. The company s Managed Security Services (MSS) provides 24x7x365 security expertise, security event/log monitoring and analysis and security reporting. The company s consulting services provide enterprises with expert insight and advice to help them achieve their security objectives and comply with industry regulations. Below is a description of these services. Services Security Event/Log Monitoring and Analysis provides the real-time security event monitoring, correlation, and analysis of the security infrastructure and critical system logs to protect clients from known and unknown threats. Log Monitoring and Analysis enhances the security posture, improves operational efficiency, and reduces the costs associated with implementing a real-time, comprehensive security monitoring strategy. Security Information Event Management is the industry s first on-demand Security Information and Event Management (SIEM) solution. The SIEM service enables enterprises to attain all the benefits of this technology without the drawbacks associated with implementing a software solution. SecureWorks SIEM service is implemented rapidly and is delivered in-the-cloud, allowing enterprises to immediately begin analyzing and reporting on security event activity while eliminating the maintenance burden. Network Intrusion Prevention (IPS) stops targeted and random attacks by inspecting network traffic for malicious code or unusual patterns and blocking attempted attacks in real-time. The service leverages SecureWorks award-winning isensor IPS or other market leading appliances to perform deep packet inspection on all traffic traversing an organization s network. A team of security analysts monitors the IPS infrastructure 24x7 for new attack types, unusual patterns, and configuration changes to prevent malicious activity from harming critical information assets. Intrusion Detection System Management provides around-the-clock monitoring and full life cycle management of intrusion detection systems (IDS). This service provides an organization with increased protection against rapidly emerging threats, insider attacks, and other incidents affecting the environment, while eliminating the maintenance burden associated with implementing IDS technology. Firewall Management provides 24x7x365 total life cycle management and monitoring for optimum firewall security, availability, and performance. This service includes unlimited rule-set changes, expert policy auditing, and monitoring of the firewall logs to detect unknown threats in real-time. Firewall Management, as well as Intrusion Detection/Prevention System (IDS/IPS) Management, is delivered in either a co-managed fashion where clients maintain ownership and administrative privileges across their environment or as a fully managed solution where SecureWorks maintains control over their infrastructure. Host Intrusion Prevention provides an application firewall to ensure that the application is doing only what it is supposed to be doing. When encrypted traffic is received and decrypted by the operating system on the host machine, the HIPS agent intercepts instructions prior to reaching the application to prevent malicious activity. Threat Intelligence provides early warnings to emerging threats and actionable security intelligence tailored to a client s environment. SecureWorks research team is recognized by the industry as being first-to-market with emerging threats. The team leverages SecureWorks global monitoring footprint, as well as external sources to identify emerging threats. The team will then 7
8 issue an analysis of the threat, including remediation instructions, while taking action to protect clients by creating and deploying IDS/IPS signatures. Vulnerability Assessment provides an efficient solution to discover enterprise-wide assets, vulnerabilities (like out-of-date software, misconfigured applications and operating systems) residing on those assets and prioritize remediation efforts. The Vulnerability Assessment service removes the complexity of implementing a software-based solution, enabling organizations to quickly attain the information they need to fortify their environment. Encryption uses sophisticated lexicons to find confidential information or profanity that may not be appropriate for corporate communications. s are then automatically encrypted (or blocked or escalated) and are safely sent on to the intended recipients - with no action required by users. Recipients can easily open and decrypt s without the need for complicated and expensive certificates. Professional Services provide clients with an expert team of consultants to help them meet their security objectives. SecureWorks offers a wide range of services, including network assessments, Web application assessments, penetration tests, anti-phishing and compliance gap analyses. Infrastructure SecureWorks Secure Operation Centers. SecureWorks has Secure Operation Centers (SOC) located in Atlanta, GA, Myrtle Beach, SC., and Chicago, IL. These centers are fully redundant and provide seamless failover in case of emergency. SecureWorks SOCs are staffed by an expert team of Intrusion Analysts, who hold a variety of certifications including the SANS Institute Global Information Assurance Certification (GIAC) Intrusion Analyst and have an average of 3 and a half years experience as analysts. These experts have identified and handled thousands of critical threats for SecureWorks clients. Clients receive unlimited consultation with this team for on-demand security expertise to address any issue clients are facing. Also residing at the SOCs are SecureWorks industry-recognized team of security researchers. This team identifies and analyzes emerging threats to evaluate the risk that they pose to client environments and develop countermeasures to protect clients critical information assets. This team frequently serves as security sources for the media, publishes dozens of technical analyses to the security community, and speaks about emerging threats at many security conferences. SecureWorks Security Event Management Platform. The SecureWorks Security Event Management Platform was purpose-built to deliver superior log monitoring and analysis. The Platform aggregates and correlates alerts and log entries from almost any security device and critical information asset to identify known and unknown threats in real time. The Platform is highly scalable and currently processes billions of alerts and logs daily from SecureWorks clients to present analysts with actionable information they can use to stop attacks before damage is done. The Platform integrates events, scanning, intelligence, and asset criticality information to provide the total attack context. With this information in hand, analysts can quickly begin working with the client to prevent the threat before damage is done. Additionally, SecureWorks is the only provider that can remotely eradicate malware that is identified in a client s environment using its Web-based Paramedic technology. The Platform s advanced analysis and response capabilities enable SecureWorks to handle thousands of incidents on behalf of their clients. SecureWorks Client Interface is the industry s leading client portal and provides security teams with real-time enterprise-wide security and service delivery visibility. This secure, Web-based client 8
9 interface enables clients to measure the effectiveness of their security using robust, asset-based reporting. Using the interface, clients can view high-level and technical reports as well as conduct trending and comparative analyses. Additionally, the Client Interface enables faster remediation of security issues by correlating event, scanning, and intelligence data with asset criticality information to present client security teams with a prioritized view of their security issues. The Interface also provides secure communication between clients and SecureWorks analysts to address any issues. Analysis As stated in the Executive Summary, Forrester took a multi-step approach to evaluate the impact that implementing MSS can have on an organization: Interviews with SecureWorks marketing and technical personnel. In-depth interviews with the client s security executives, managers, and analysts. Review and analysis with a Forrester analyst whose focus includes enterprise security and other relevant technology. Construction of a financial framework around the implementation of SecureWorks' MSS. Interview Highlights The client profiled in this case study is a large, diversified media company based in the US, with operations in half a dozen countries. This multibillion dollar company employs thousands of people worldwide and has an extensive online presence. In 2002, this client engaged SecureWorks MSS for intrusion detection system (IDS) management, which includes security event monitoring for the managed devices and security event/log monitoring and analysis for all firewalls and other non-managed devices. All of SecureWorks services are delivered under one premium SLA level that includes device co-management, unlimited access to SecureWorks analysts, no limits on device changes, and no additional charges beyond the monthly service. The interviews with the client revealed that: The client s operating environment is highly decentralized, encompassing more than 100 locations in most of the United States and abroad. SecureWorks MSS functions like an extension of the client s security team in a comanaged arrangement where SecureWorks operatives perform the 24x7 monitoring, but in the event of an incident, the client retains much of the responsibility for remediation with unlimited assistance from SecureWorks. Prior to engaging SecureWorks' MSS, the client s security program was characterized by: o o o Very little monitoring of an extensive Web environment (scores of sites for their media properties). Little ability to identify where and when security compromises had occurred. Limited ability to either locate the source of attacks or close holes in the company s network and minimal overall visibility. 9
10 The client estimated that MSS serves in place of seven to 10 staff that would otherwise be required to staff a full internal security team to perform the monitoring and device management. The client stated that even with such a team, it would not be able match the level of detail and expertise provided by SecureWorks MSS. The client s environment includes 20 managed IDS devices, six monitored firewalls, and 14 monitored routers and servers. TEI Framework Introduction From the information provided in the in-depth interviews, Forrester has constructed a TEI framework for those organizations considering implementing SecureWorks' MSS. The objective of the framework is to identify the cost, benefit, risk factors, and flexibility associated with the investment. Framework Assumptions Table 2 lists the discount rate used in the present value (PV) and net present value (NPV) calculations and time horizon used for the financial modeling. Table 2: General Assumptions General assumptions Value Discount rate 10% Length of analysis Three years Organizations typically use discount rates between 8% and 16%, based on their current environment. Readers are urged to consult with their finance department to determine the most appropriate discount rate to use within their own organization. Costs The key cost categories associated with SecureWorks' MSS are service fees for: 1) intrusion detection system (IDS) management, and 2) security event/log monitoring and analysis for all firewalls and IDSs, servers, and routers. The project is measured on a three-year basis. The following are the cost inputs to the financial analysis. Managed Security Services Fees The client engaged services from SecureWorks at a cost of $25,500 per month or $306,000 annually. The fees encompassed 20 managed IDS devices, 6 monitored firewalls, and 14 monitored routers and servers. In addition, there is a startup charge equal to one month of services or $25,
11 Internal Labor For MSS Administration The average MSS outsourcing agreement requires 4% to 8% of the total contract value dedicated to management and governance. 1 This requires executives to dedicate people and processes to support a model that meets the aims of the MSS. Using the midpoint of 6%, Forrester assumes that the client s internal labor cost is $18,720 per year. Total Costs Table 3 summarizes the costs of engaging MSS, including internal labor costs. Table 3: Total Costs Costs Initial Year 1 Year 2 Year 3 Total Present value Services fees $25,500 $306,000 $306,000 $306,000 $943,500 $786,477 Administrative costs for MSS 18,360 18,360 18,360 18,360 73,440 64,019 Total $43,860 $324,360 $324,360 $324,360 $1,016,940 $850,495 Benefits What we find most valuable, first and foremost, is the expertise of the SecureWorks staff. They have shown time and again that they are experts in the security space. That kind of capability is something that our company will not go after as a core skill, but we understand that we require that skill within our core. Client s Director of Operations & Infrastructure Services A recent Forrester survey of security decision-makers showed that almost half of the 146 respondents would consider outsourcing at least some of their security functions to a managed security service provider. 2 According to the client interviewed for this case study, the results of engaging with SecureWorks have been improved security posture, at lower cost and with better execution than would be the case with an in-house team. Access to skills. The client cited the expertise of the SecureWorks staff as the top benefit of engaging their MSS. Recruiting and training security staff is challenging and costly and the expertise has a limited shelf life unless it can be reinvigorated by, for example, job rotation and continuous professional development. In particularly specialized areas, like digital forensics, the expertise often simply doesn t exist in-house to perform tasks properly. Retaining full-time employees to perform these services is costly and challenging, yet organizations need to know they can access the expertise when they need it. With MSS, experienced, certified experts conduct the event monitoring instead of lower-level in-house staff. And the client is engaging the services of an organization that stays current on a continuous learning curve. Cost savings. In some cases, like firewall or intrusion detection monitoring or management, the tasks can be laborious and time-consuming, and clients want a service provider to do the job for less than the cost to perform the work in-house. Staying current on new risks and the latest threat research is a challenge for any in-house security team. Information on new threats comes from many disparate sources. Spreading the cost and benefit of this research across multiple clients enables SecureWorks to provide better intelligence at a lower cost compared to the resources that would be required of any single 11
12 client s in-house efforts to collect, organize, catalog, and understand the relevance of the data. Better execution. Organizations can often benefit from the service provider s investment in shared infrastructure. For example, SecureWorks can invest in developing advanced correlation technology that would be prohibitively expensive for any single-user organization. Moreover, the service provider can use knowledge and experience gained from one client to identify and mitigate prevailing threats at another. Further, security monitoring is continuous rather than periodic. The client receives earlier warnings of emerging threats and faster remediation when attacks do occur. The average time to response (the time from when the first event was detected to analysis completion/incident escalation) is 6 minutes. Average time to remediation (from incident escalation until the threat is eradicated and incident is closed) is 20 minutes. Additionally, with the SecureWorks Client Interface, real-time reports are available on demand (rather than manually generated) for auditing and management reporting. The combination of SecureWorks security monitoring technology, operated by skilled people and supported by mature incident handling processes, will enhance an enterprise's security posture and lead to more effective information security. Effective incident handling processes will limit the amount of exposure time to attacks and resulting damage from those attacks, enable the enterprise to comply with various industry regulations, and lead to more successful audits. Costs Avoided: In-House Security Team Interviews with the client revealed that in order to approximate the security services provided by SecureWorks MSS, the client would need between seven and 10 highly-trained employees (probably closer to 10) to perform the same work. Yet, given the challenges of recruiting and retaining such staff, the client expressed doubt that the full value of MSS could be replicated. Table 4: Costs Avoided: In-House Security Ref. Metric Calculation Per period A1 Number of employees 9 A2 Fully loaded annual compensation per employee $ 125,000 Year 2 Year 3 Total At Cost of internal security team A1*A2 $1,125,000 $1,125,000 $1,125,000 $3,375,000 Costs Avoided: Security Software And Hardware Other assets needed to replicate the security services provided by a managed security service include security information management (SIM) software (and maintenance) and the hardware on which to run it. Forrester estimates the software cost at $80,000. Maintenance, hardware and database server software add $70,000 for a total benefit in avoided cost of $150,
13 Table 5: Software And Hardware Costs Avoided Ref. Metric Calculation Year 1 Year 2 Year 3 Total A1 SIM software $80,000 $16,000 $16,000 $112,000 A2 Servers (2) 2 * $5,000 10,000 10,000 A3 Database (4-processors) 4 * $5,000 20,000 4,000 4,000 28,000 At SIM software and hardware cost avoidance A1+A2+A3 $110,000 $20,000 $20,000 $150,000 Lowering The Risk Of Loss From Security Breaches Risk of losses from external and internal incidents is very significant, as evidenced by several highprofile cases and many smaller ones. SecureWorks' MSS reduces this risk by providing expert services described above. The generally accepted method of valuing this risk is to look at an amount of a potential loss, assume a frequency of a loss, and estimate a probability for incurring the loss. Forrester conservatively estimates that this client could face a $3 million loss annually, a figure that includes not only the cost of information loss and brand equity, but also the time required by the company s staff to remediate the issue and get systems back to fully operational. Further assuming the probability of a loss of that amount is 5%, the resulting avoided cost amount equals $150,000 annually, as shown in Table 6. Users of this study are encouraged to use this method with their own assumptions for potential penalty amounts, frequency, and probability. A more comprehensive, expanded method for this calculation using ranges of probabilities and exposures is described in the Risk section below. Table 6: Lower Risk Of Security Loss Ref. Metric Calculation Per period A1 Potential exposure $3,000,000 Year 2 Year 3 Total A2 Reduced probability of loss 5.0% At Cost avoidance: reduced risk of loss from security breach A1*A2 $150,000 $150,000 $150,000 $450,000 13
14 Total Benefits Table 7 summarizes the benefits described by the client in both the finance and IT departments. Table 7: Total Benefits Benefits Initial Year 1 Year 2 Year 3 Total Cost of internal security team Cost avoidance: Reduced risk of loss from security breach - Orig SIM software and hardware cost avoidance Present Value $1,125,000 $1,125,000 $1,125,000 $3,375,000 $2,797, , , , , , ,000 20,000 20, , ,555 Total $1,385,000 $1,295,000 $1,295,000 $3,975,000 $3,302,292 Risk Risk is the third major component within the TEI model; it is used as a filter to capture the uncertainty surrounding different cost and benefit estimates. If a risk-adjusted ROI demonstrates a compelling business case, it raises confidence that the investment is likely to succeed because the risks that threaten the project have been considered and quantified. The risk-adjusted numbers are the pressure-tested expectations. In general, risks affect costs by raising the original estimates and affect benefits by reducing the original estimates. For the purpose of this analysis, Forrester risk-adjusts cost and benefit estimates to better reflect the level of uncertainty that exists for each estimate. The variability is captured as part of this study. The TEI model uses a triangular distribution method to calculate risk-adjusted values. To construct the distribution, it is necessary to first estimate the low, most likely, and high values that could occur within the current environment. The risk-adjusted value is the mean of those points. For example, in the case of the administrative cost or internal labor that needs to be dedicated to managing MSS as described above, Forrester assumes that this cost ranges from 4% to 8% of the overall service contract amount, which is equivalent to a range of $12,240 and $24,480 per year. Forrester assumes that 6%, or $18,360, is the most likely or expected value. On the benefits side, looking at the avoided cost of fielding a full in-house security team, Forrester believes that the number required staff ranges from seven to 10, with nine the most likely number. This range provides the low, high and most likely values, respectively. Forrester then creates a triangular distribution to reflect the range of expected costs, with 8.67 staff as the mean. Forrester multiplies this mean by the fully loaded annual compensation cost of $125,000 to arrive at a risk-adjusted value of $1,083,333 per year or $3,250,000 over three years. This method has the effect of increasing the cost estimates to take into account the fact that original cost estimates are more likely to be revised upward than downward, while it has the opposite effect on benefits risk adjustments for benefits reduce the original benefits estimates resulting in a conservative filter for financial assumptions. Costs The following assumptions have been used to calculate the low, most likely, high, and mean cost and benefit amounts. 14
15 Cost Of MSS Services Forrester assumes this amount has been determined by contract, so no risk adjustment is applied. Administrative Costs The low, most likely, and high estimates for internal labor costs are set at 4%, 6%, and 8%, respectively, producing a mean of 6% of the cost of MSS services. The calculation for the amounts in the table below is: [% of contract cost] * [contract size] * [3 years]; for example the most likely amount is calculated as follows: 6% * $306,000 * 3. Table 8: Risk-Adjusted Administrative Costs Ref. Metric Calculation Per period A1 Professional services fees $306,000 Variable low 4% A2 % of contract value 6% Variable high 8% Equation low 4% * A1 $12,240 Year 1 Year 2 Year 3 Total At Administrative costs 6% * A1 $18,360 Equation high 8% * A1 $24,480 Atr Total (risk-adjusted) $18,360 $18,360 $18,360 $18,360 $73,440 The three-year risk adjusted costs and their present values are summarized in Table 9 below. Table 9: Risk Adjustment Costs Risk adjustment costs Low Most likely High Mean Present value Services fees $943,500 $943,500 $943,500 $943,500 $786,477 Administrative costs 48,960 73,440 97,920 73,440 64,019 Total $992,460 $1,016,940 $1,041,420 $1,016,940 $850,495 Benefits The following assumptions have been used to calculate the low, most likely, high and mean benefits amounts shown in Table 13. Costs Avoided: In-House Security Team The low, most likely, and high estimates for the internal labor costs that would be required to maintain an in-house security team are assumed to be seven, nine, and 10 FTEs, respectively. These assumptions are multiplied by the $125,000 fully-loaded annual compensation cost. The riskadjusted value is the average of these or $1,083,333 per year. The calculations are shown in Table 10 below. 15
16 Table 10: Risk Adjustment Cost Avoided Of In-House Security Ref. Metric Calculation Per period Year 2 Year 3 Total Variable low 7 A1 Number of FTEs 9 Variable high 10 A2 Yearly rate per FTE $125,000 Atl Equation low $875,000 At Cost of internal security team A1 * A2 $1,125,000 Ath Equation high $1,250,000 Atr Total (risk-adjusted) Average (Atl, At, Ath) $1,083,333 $1,083,333 $1,083,333 $3,250,000 Costs Avoided: SIM Software Table 11 presents the low, most likely, and high estimates for the SIM software and hardware. Table 11: Risk Adjustment Cost Avoided Of In-House Security Ref. Metric Calculation Year 1 Year 2 Year 3 Total Variable Low $60,000 $12,000 $12,000 $84,000 A1 SIM software / maintenance 80,000 16,000 16, ,000 Variable High 100,000 20,000 20, ,000 A2 Servers (2) 2 * $5,000 10,000 10,000 A3 Database (4- processors) / 4 * $5,000 20,000 4,000 4,000 28,000 maintenance Equation Low 90,000 16,000 16, ,000 At SIM software, hardware cost avoidance A1+A2+A3 110,000 20,000 20, ,000 Atr Equation High Total (risk adjusted) Average (Atl, At, Ath) 130,000 24,000 24, ,000 $110,000 $20,000 $20,000 $150,000 Lowering The Risk Of Loss Due To Security Breaches Forrester conservatively estimates that this client could face a $3 million loss annually. Further assuming that MSS reduces the probability of a loss of that amount by 5%, the resulting avoided 16
17 cost amount equals $150,000 annually. Expanding on this method, Forrester uses a range of probabilities and exposures as shown in Table 12. For the low assumption, Forrester sets the amount of loss at $100,000, with a reduction in the annual likelihood of loss of 10%. On the high side, the customer could face a loss as large as $10 million, yet the overall probability of a loss this large is lower, and the reduction in that probability is assumed to be 2%. Using the triangular distribution method described above, the risk-adjusted cost avoidance is calculated to be $120,000 annually. Users of this study are encouraged to use this method with their own assumptions for potential penalty amounts, frequency, and probability. Table 12: Risk Adjustment Lower Risk Of Loss Due To Security Breaches Ref. Metric Calculation Per Period Year 2 Year 3 Total Potential exposure - low $100,000 A1 Potential exposure - orig $3,000,000 Potential exposure - high $10,000,000 Reduced probability of losslow 10% A2 Reduced probability of loss - orig 5% Reduced probability of loss - high 2% Equation low $10,000 At Cost avoidance: Reduced risk of loss from security breach - orig A1*A2 $150,000 Atr Equation high $200,000 Total (risk adjusted) Average (Atl, At, Ath) $120,000 $120,000 $120,000 $360,000 The risk-adjusted benefits over three years and their present values are summarized in Table 13 below. Table 13: Risk Adjustment Benefits Risk adjustment benefits Low Most likely High Mean Present value Cost of internal security team $2,625,000 $3,375,000 $3,750,000 $3,250,000 $2,694,090 Cost avoidance: reduced risk of loss from security breach $30,000 $450,000 $600,000 $360,000 $298,422 SIM software and hardware cost avoidance $90,000 $110,000 $130,000 $110,000 $100,000 Total $2,745,000 $3,935,000 $4,480,000 $3,720,000 $3,092,512 17
18 Flexibility Flexibility, as defined by Forrester s TEI methodology, represents an investment in additional capacity or agility today that can be turned into future business benefits at some additional cost. Flexibility benefits typically increase with the scalability of the technology investment. This provides an organization with the right or the ability to engage in future initiatives but not the obligation to do so. In the case of SecureWorks' MSS, there are multiple scenarios in which a client might choose to implement the one set of services and decide at a later date to engage additional service levels of custom consulting. Quantifying the flexibility in this case, using the financial industry standard Black-Scholes or the binomial option pricing models, would require customer data that is not available at this time. The value of flexibility is unique to each organization, and the willingness to measure its value varies from company to company (see Appendix A for additional information regarding the flexibility calculation). TEI Framework: Summary Considering the financial framework constructed above, the results of the costs, benefits, flexibility, and risk sections using the representative numbers can be used to determine a return on investment, net present value, and payback period. Tables 14 and 15 show the risk-adjusted values, applying the risk adjustment method indicated in the Risk section. It is important to note that values used throughout the TEI Framework are based on in-depth interviews with one customer. Forrester strongly advises that readers use their own estimates within the framework provided in this study to determine the expected financial impact of implementing SecureWorks' MSS. Table 14: Total Risk-Adjusted Costs Costs Initial Year 1 Year 2 Year 3 Total Present value Services fees $25,500 $306,000 $306,000 $306,000 $943,500 $786,477 Administrative costs 18,360 18,360 18,360 18,360 73,440 64,019 Total $43,860 $324,360 $324,360 $324,360 $1,016,940 $850,495 Table 15: Total Risk-Adjusted Benefits Benefits Year 1 Year 2 Year 3 Total Present Value Cost of internal security team $1,083,333 $1,083,333 $1,083,333 $3,250,000 $2,694,090 Cost avoidance: reduced risk of loss from security breach 120, , , , ,422 SIM software and hardware cost avoidance 110,000 20,000 20, , ,555 Total $1,313,333 $1,223,333 $1,223,333 $3,760,000 $3,124,067 18
19 Study Conclusions Forrester s in-depth interviews with this MSS client indicated that the client achieved better security posture for a lower cost than if it attempted to create the same security capabilities in-house. The study uncovered a number of other important observations, including: By relying on SecureWorks services, the customer s internal security team has evolved from a largely IT function to being a critical business function, concentrating on security strategy issues and business risk. Engaging a managed security service such as SecureWorks MSS provides the capabilities of highly skilled security analysts who are able to stay very current on threats and security practices by engaging in multiple client environments. In-house security staff focused on a single corporate environment does not gain the same level of experience or exposure. Clients will benefit from the service provider s investment in shared infrastructure. SecureWorks has invested in technology that would be prohibitively expensive for most client organizations. Fast, effective incident-handling processes, tested and honed across a wide client base, will limit the amount of exposure time to attacks and any resulting damage. The financial analysis provided in this study illustrates the process for an organization to evaluate the value proposition of Managed Security Services in its environment. Based on information collected in client interviews, Forrester calculated a three-year risk-adjusted ROI of 267% for this client s organization with a very short payback period. All final estimates are risk-adjusted to incorporate potential uncertainty in the calculation of costs and benefits. Based on these findings, companies looking to implement MSS can see cost savings and security benefits around a broad range of initiatives. Using the TEI framework, many companies may find the potential for a compelling business case to make such an investment. Table 1: Three Year ROI, Original And Risk-Adjusted Summary Financial Results Original Estimate Risk- Adjusted ROI 288% 267% Payback period (months) Total costs (PV) $850,495 $850,495 Total benefits (PV) $3,302,292 $3,124,067 Total (NPV) $2,451,796 $2,273,572 19
20 Flexibility Flexibility, as defined by Forrester s TEI methodology, represents an investment in additional capacity or agility today that can be turned into future business benefits at some additional cost. Flexibility benefits typically increase with the scalability of the technology investment. This provides an organization with the right or the ability to engage in future initiatives but not the obligation to do so. In the case of SecureWorks' MSS, there are multiple scenarios in which a client might choose to implement the one set of services and decide at a later date to engage additional service levels of custom consulting. Quantifying the flexibility in this case, using the financial industry standard Black-Scholes or the binomial option pricing models, would require customer data that is not available at this time. The value of flexibility is unique to each organization, and the willingness to measure its value varies from company to company (see Appendix A for additional information regarding the flexibility calculation). TEI Framework: Summary Considering the financial framework constructed above, the results of the costs, benefits, flexibility, and risk sections using the representative numbers can be used to determine a return on investment, net present value, and payback period. Tables 14 and 15 show the risk-adjusted values, applying the risk adjustment method indicated in the Risk section. It is important to note that values used throughout the TEI Framework are based on in-depth interviews with one customer. Forrester strongly advises that readers use their own estimates within the framework provided in this study to determine the expected financial impact of implementing SecureWorks' MSS. Table 14: Total Risk-Adjusted Costs Costs Initial Year 1 Year 2 Year 3 Total Present value Services fees $25,500 $306,000 $306,000 $306,000 $943,500 $786,477 Administrative costs 18,360 18,360 18,360 18,360 73,440 64,019 Total $43,860 $324,360 $324,360 $324,360 $1,016,940 $850,495 Table 15: Total Risk-Adjusted Benefits Benefits Year 1 Year 2 Year 3 Total Present Value Cost of internal security team $1,083,333 $1,083,333 $1,083,333 $3,250,000 $2,694,090 Cost avoidance: reduced risk of loss from security breach 120, , , , ,422 SIM software and hardware cost avoidance 110,000 20,000 20, , ,555 Total $1,313,333 $1,223,333 $1,223,333 $3,760,000 $3,124,067 18
21 Appendix B: Glossary Discount rate: The interest rate used in cash flow analysis to take into account the time value of money. Although the Federal Reserve Bank sets a discount rate, companies often set a discount rate based on their business and investment environment. Forrester assumes a yearly discount rate of 10% for this analysis. Organizations typically use discount rates between 8% and 16% based on their current environment. Readers are urged to consult their organization to determine the most appropriate discount rate to use in their own environment. Net present value (NPV): The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made, unless other projects have higher NPVs. Present value (PV): The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total net present value of cash flows. Payback period: The breakeven point for an investment. The payback period is the point in time at which net benefits (benefits minus costs) equal initial investment or cost. Return on investment (ROI): A measure of a project expected return in percentage terms. ROI is calculated by dividing net benefits (benefits minus costs) by costs. A Note On Cash Flow Tables The following is a note on the cash flow tables used in this study (see the Example Table below). The initial investment column contains costs incurred at time 0 or at the beginning of Year 1. Those costs are not discounted. All other cash flows in Years 1 through 3 are discounted using the discount rate shown in Table 2 at the end of the year. Present value (PV) calculations are calculated for each total cost and benefit estimate. Net present value (NPV) calculations are not calculated until the summary tables and are the sum of the initial investment and the discounted cash flows in each year. Example Table Ref. Category Calculation Initial cost Year 1 Year 2 Year 3 Total 21
22 Appendix C: About The Project Manager Jeffrey North, Senior Consultant Jeffrey North is a senior consultant with Forrester's Total Economic Impact (TEI) consulting practice. The TEI methodology focuses on measuring and communicating the value of IT and business decisions and solutions, as well as providing an ROI business case based on the costs, benefits, flexibility, and risk of investments. Jeff came to Forrester with consulting and operating experience, notably working with fast-growth companies. He was a founding member of the digital strategy practice at Cambridge Technology Partners, where he specialized in business-value justification of technology investments and client advocacy. As a director in the international and catalog business units at Staples, Jeff built and managed metrics and reporting programs in North America and Europe as the company experienced significant growth. He has also consulted in a business-it capacity to retailers and life sciences companies. Jeff holds a B.A. from St. Lawrence University and an M.B.A. with a concentration in international management and finance from Thunderbird, the Garvin School of International Management. 22
23 Appendix D: Endnotes 1 An analysis of more than 300 outsourcing contracts conducted by the Warwick Business School in the United Kingdom found that internal management accounts for between 4% and 8% of the overall cost of outsourcing. Source: Leslie Willcocks and Geraldine Fox, The Three-Year Itch: Adjusting Outsourcing Relationships to a New Economic Reality, Compass Publishing white paper, 2003 ( 2 Paul Stamp, Peer Practices, Security & Risk Management Peer Practices For Sourcing MSSP. July 6,
The Total Economic Impact Of SecureWorks Security Information And Event Management Service
Prepared for SecureWorks March 2008 The Total Economic Impact Of SecureWorks Security Information And Event Management Service Project Director: Michelle Salazar, Consultant Contributors: Jeffrey North,
More informationExecutive Summary... 2. Factors Affecting Benefits And Costs... 4. Disclosures... 5. TEI Framework And Methodology... 6. Analysis...
TABLE OF CONTENTS Executive Summary... 2 Factors Affecting Benefits And Costs... 4 Disclosures... 5 TEI Framework And Methodology... 6 Analysis... 7 Interview Highlights... 7 Costs... 9 Benefits... 10
More informationThe Total Economic Impact Of SAS Customer Intelligence Solutions Intelligent Advertising For Publishers
A Forrester Total Economic Impact Study Commissioned By SAS Project Director: Dean Davison February 2014 The Total Economic Impact Of SAS Customer Intelligence Solutions Intelligent Advertising For Publishers
More informationExecutive Summary... 2. OpenEdge Streamlines Development and Support... 2. Factors Affecting Benefits And Costs... 3. Disclosures...
TABLE OF CONTENTS Executive Summary... 2 OpenEdge Streamlines Development and Support... 2 Factors Affecting Benefits And Costs... 3 Disclosures... 3 TEI Framework And Methodology... 5 Analysis... 7 Interview
More informationExecutive Summary... 2. Junos Simplifies Network Operations... 2. Disclosures... 3. TEI Framework And Methodology... 5. Analysis...
TABLE OF CONTENTS Executive Summary... 2 Junos Simplifies Network Operations... 2 Disclosures... 3 TEI Framework And Methodology... 5 Analysis... 7 Interview Highlights... 7 Costs... 9 Benefits... 12 Flexibility...
More informationThe Total Economic Impact Of SAS Customer Intelligence Solutions Real-Time Decision Manager
A Forrester Total Economic Impact Study Commissioned By SAS Project Director: Dean Davison May 2014 The Total Economic Impact Of SAS Customer Intelligence Solutions Real-Time Decision Manager Table Of
More informationThe Total Economic Impact Of Virtual Hold s Virtual Queuing Solutions
Prepared for Virtual Hold Technology June 2006 The Total Economic Impact Of Virtual Hold s Virtual Queuing Solutions Project Director: Dan Merriman TABLE OF CONTENTS Executive Summary...4 Purpose...4 Methodology...4
More informationA Forrester Total Economic Impact Study Prepared For Codenomicon The Total Economic Impact Of Codenomicon s Defensics Security Testing Suite
A Forrester Total Economic Impact Study Prepared For Codenomicon The Total Economic Impact Of Codenomicon s Defensics Security Testing Suite Project Director: Michael Speyer July 2012 TABLE OF CONTENTS
More informationThe Total Economic Impact Of D&B Direct
A Forrester Total Economic Impact Study Commissioned By D&B Project Directors: Shaheen Parks Sarah Musto December 2014 The Total Economic Impact Of D&B Direct Cost Savings And Business Benefits Enabled
More informationThe Total Economic Impact Of IBM Informix Database Server
A Forrester Total Economic Impact Study Prepared For IBM The Total Economic Impact Of IBM Informix Database Server A Single-Company Analysis Project Director: Jon Erickson September 2010 TABLE OF CONTENTS
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationThe Total Economic Impact Of IBM Integration Bus
A Forrester Total Economic Impact Study Commissioned By IBM Project Directors: Dave Kelly Jon Erickson May 2014 The Total Economic Impact Of IBM Integration Bus Table Of Contents Executive Summary... 3
More informationThe Total Economic Impact Of Salesforce CRM Customer Service & Support A Leading Global Application Software And Services Provider
Prepared for Salesforce.com January 2009 The Total Economic Impact Of Salesforce CRM Customer Service & Support A Leading Global Application Software And Services Provider Project Director: Jeffrey North,
More informationThe Total Economic Impact Of SAS Customer Intelligence Solutions Marketing Operations Management
A Forrester Total Economic Impact Study Commissioned By SAS Project Director: Michelle S. Bishop October 2013 The Total Economic Impact Of SAS Customer Intelligence Solutions Marketing Operations Management
More informationThe Total Economic Impact of iovation ReputationManager
Prepared for iovation The Total Economic Impact of iovation ReputationManager Single Company Analysis Financial Services Project Directors: Jon Erickson and Michelle Salazar TABLE OF CONTENTS Executive
More informationThe Total Economic Impact Of BMC s Service Impact And Event Management Solutions
Prepared for BMC Software July 28, 2006 The Total Economic Impact Of BMC s Service Impact And Event Management Solutions HealthSouth Corporation Project Director: Bob Cormier, Forrester Consulting Table
More informationInformation Security Services. Achieving PCI compliance with Dell SecureWorks security services
Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)
More informationThe Total Economic Impact Of FlashSoft TM Software From SanDisk
A Forrester Total Economic Impact Study Commissioned By SanDisk Project Director: Dean Davison January 2014 The Total Economic Impact Of FlashSoft TM Software From SanDisk Table Of Contents Executive Summary...
More informationThe Total Economic Impact Of Dimension Data s Uptime Services
A Forrester Total Economic Impact Study Prepared For Dimension Data The Total Economic Impact Of Dimension Data s Uptime Services For Organizations With Offices Within A Single Country Project Director:
More informationExecutive Summary... 2. Isilon Storage Increases Utilization And Efficiency While Adding Flexibility... 2. Factors Affecting Benefits And Costs...
TABLE OF CONTENTS Executive Summary... 2 Isilon Storage Increases Utilization And Efficiency While Adding Flexibility... 2 Factors Affecting Benefits And Costs... 3 Disclosures... 4 TEI Framework And Methodology...
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationThe Total Economic Impact of the Symantec Enterprise Vault Largest General Contractor in the Western US
Prepared for Symantec May, 2006 The Total Economic Impact of the Symantec Enterprise Vault Largest General Contractor in the Western US Project Director: Contributors: Jeffrey North, Senior Consultant,
More informationExecutive Summary... 2. Master Data Management Provides Visibility In Key Information... 2. Factors Affecting Benefits And Costs...
TABLE OF CONTENTS Executive Summary... 2 Master Data Management Provides Visibility In Key Information... 2 Factors Affecting Benefits And Costs... 4 Disclosures... 5 TEI Framework And Methodology... 6
More informationProjected Cost Analysis Of SAP HANA
A Forrester Total Economic Impact Study Commissioned By SAP Project Director: Shaheen Parks April 2014 Projected Cost Analysis Of SAP HANA Cost Savings Enabled By Transitioning to HANA Table Of Contents
More informationThe Total Economic Impact Of Guardium Database Security, Monitoring, And Auditing For A Global Consumer Products Company
Prepared for Guardium, Inc. January 2008 The Total Economic Impact Of Guardium Database Security, Monitoring, And Auditing For A Global Consumer Products Company Project Director: Jeffrey North, Principal
More informationTotal Economic Impact TM Of VMware Virtual Desktop Infrastructure Financial Services Industry
Prepared for VMware February 2008 Total Economic Impact TM Of VMware Virtual Desktop Infrastructure Financial Services Industry Project Director: Jonathan Lipsitz Contributor: Lauren Hughes TABLE OF CONTENTS
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationThe Total Economic Impact Of Polycom Voice Solutions For Microsoft Lync
A Forrester Total Economic Impact Study Commissioned By Polycom And Microsoft Project Director: Bob Cormier January 2014 The Total Economic Impact Of Polycom Voice Solutions For Microsoft Lync Cost Savings
More informationA Forrester Total Economic Impact Study Prepared For Magento The Total Economic Impact Of The Magento Enterprise ecommerce Platform
A Forrester Total Economic Impact Study Prepared For Magento The Total Economic Impact Of The Magento Enterprise ecommerce Platform Project Director: Michael Speyer May 2013 TABLE OF CONTENTS Executive
More informationA Total Economic Impact Analysis of Remedy Asset Management: Retail
A Total Economic Impact Analysis of Remedy Asset Management: Retail March 2, 2004 Introduction In November 2003, Remedy commissioned Forrester Research, Inc. to examine the total economic impact of implementing
More informationThe Total Economic Impact Of Private Cloud
A Forrester Total Economic Impact Study Commissioned By Dell Project Director: Sarah Musto June 2015 The Total Economic Impact Of Private Cloud Cost Savings And Business Benefits Enabled By Private Cloud
More informationIBM InfoSphere Optim Solutions For Data Lifecycle Management
A Forrester Total Economic Impact Study Prepared For IBM IBM InfoSphere Optim Solutions For Data Lifecycle Management A Multicompany Analysis Of Database Archiving And Test Data Management Solutions Project
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationThe Total Economic Impact Of Click to Call And Click to Chat
A Forrester Total Economic Impact Study Prepared For ATG The Total Economic Impact Of Click to Call And Click to Chat Project Director: Sadaf Roshan Bellord Contributor: Jon Erickson August 2010 Page 1
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationThe Total Economic Impact Of Listrak Omnichannel Marketing Solutions
A Forrester Total Economic Impact Study Commissioned By Listrak Project Directors: Norman Forbush Sarah Musto July 2014 The Total Economic Impact Of Listrak Omnichannel Marketing Solutions Profit Driven
More informationSYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.
SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,
More informationProjected Cost Analysis of the SAP HANA Platform
A Forrester Total Economic Impact Study Commissioned By SAP Project Director: Shaheen Parks April 2014 Projected Cost Analysis of the SAP HANA Platform Cost Savings Enabled By Transitioning to the SAP
More informationAN EXECUTIVE S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT MANAGEMENT
WHITE PAPER AN EXECUTIVE S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT MANAGEMENT COST ANALYSIS OF TWO DELIVERY MODELS: SELF-MANAGED SIEM VS. MANAGED SIEM SERVICES AN EXECUTIVE S GUIDE TO BUDGETING
More informationThe Total Economic Impact Of IBM Information Integration And Governance Solutions
A Forrester Total Economic Impact Study Commissioned By IBM Project Director: Jon Erickson July 2014 The Total Economic Impact Of IBM Information Integration And Governance Solutions Cost Savings And Business
More informationManaged Security Services
Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationThe Total Economic Impact Of Cherwell Service Management Single Company Analysis
Prepared for Cherwell Software November 2009 The Total Economic Impact Of Cherwell Service Management Single Company Analysis Project Director: Michelle Bishop TABLE OF CONTENTS Executive Summary...4 Purpose...5
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationThe Total Economic Impact of the Symantec Enterprise Vault Netherlands Government Ministry
Prepared for Symantec May 2006 The Total Economic Impact of the Symantec Enterprise Vault Project Director: Contributors: Jeffrey North, Senior Consultant, TEI Practice Jon Erickson, Senior Consultant,
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationThe Total Economic Impact Of TIBCO Software tibbr
A Forrester Total Economic Project Director: Impact Study Adrienne Breslin Commissioned By TIBCO Software February 2014 The Total Economic Impact Of TIBCO Software tibbr Driving Value Through Workplace
More informationThe Total Economic Impact Of Embarcadero DBArtisan
Prepared for Embarcadero Technologies, Inc. January 2007 The Total Economic Impact Of Embarcadero DBArtisan Project Director: Jeffrey North, Senior Consultant, Forrester Consulting TABLE OF CONTENTS Executive
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More information2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationImpact Study Commissioned Byy Cleversafe. Project Director: Dean Davison. January 2015
A Forrester Total Economic Impact Study Commissioned Byy Cleversafe Project Director: Dean Davison January 2015 The Total Economic Impact Of Cleversafe Cost Savings And Business Benefits Enabled By Cleversafe
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationThe Total Economic Impact of CompuCom Integrated Infrastructure Management Services At PSEG Services Corporation
Prepared for CompuCom Systems, Inc. September 2008 The Total Economic Impact of CompuCom Integrated Infrastructure Management Services At PSEG Services Corporation Project Director: Jeffrey North, Principal
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationThe Total Economic Impact Of HP ProLiant BL460c Gen8 Blade Server
A Forrester Total Economic Impact Study Commissioned By HP and Intel Project Director: Sebastian Selhorst April 2015 The Total Economic Impact Of HP ProLiant BL460c Gen8 Blade Server As Deployed And Used
More informationEconomic Impact Of A BlackBerry Solution In North American Enterprises
September 2009 Economic Impact Of A BlackBerry Solution In North American Enterprises A Study Of The Adoption And Total Economic Impact (TEI) Of BlackBerry At Enterprise Organizations A commissioned study
More informationCLOUD GUARD UNIFIED ENTERPRISE
Unified Security Anywhere CLOUD SECURITY CLOUD GUARD UNIFIED ENTERPRISE CLOUD SECURITY UNIFIED CLOUD SECURITY Cloudy with a 90% Chance of Attacks How secure is your cloud computing environment? If you
More information2012 North American Managed Security Service Providers Growth Leadership Award
2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate
More informationSP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF
NFX FOR MSP SOLUTION BRIEF SP Monitor Jump Start Security-as-a-Service Designed to give you everything you need to get started immediately providing security-as-a service, SP Monitor is a real-time event
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationInformation Security Services. Advantages of managed security services vs. in-house security information management (SIM)
Information Security Services Advantages of managed security services vs. in-house security information management (SIM) The intent of this document is to provide an executive-level summary of the potential
More informationThe Total Economic Impact Of SoftLayer, An IBM Company
A Forrester Total Economic Impact Study Commissioned By IBM Project Director: Reggie Lau July 2014 The Total Economic Impact Of SoftLayer, An IBM Company The Partner Business Case for SoftLayer Table Of
More informationThe Total Economic Impact Of Polycom Voice Solutions For Skype For Business
A Forrester Total Economic Impact Study Commissioned By Polycom And Microsoft Project Director: Bob Cormier, Vice President and Principal Consultant August 2015 The Total Economic Impact Of Polycom Voice
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationMeeting the Challenges of Virtualization Security
Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationVirtual Patching: a Proven Cost Savings Strategy
Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes
More informationTotal Economic Impact Of Silver Peak s WAN Optimization Solution
Prepared for Silver Peak Systems, Inc. December 2009 Total Economic Impact Of Silver Peak s WAN Optimization Solution Project Director: Jonathan W. Lipsitz Contributors: Paul Devine TABLE OF CONTENTS Executive
More informationFormulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
A Forrester Consulting Thought Leadership Paper Commissioned By Oracle Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
More informationSelecting a Managed Security Services Provider: The 10 most important criteria to consider
IBM Global Technology Services Thought Leadership White Paper May 2011 Selecting a Managed Security Services Provider: The 10 most important criteria to consider 2 Selecting a Managed Security Services
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationProduct white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI
Product white paper ROI and SIEM How the RSA envision platform delivers an Industry-leading ROI This paper examines the Return on Investment (ROI) that a quality security information & event management
More informationNEC Managed Security Services
NEC Managed Security Services www.necam.com/managedsecurity How do you know your company is protected? Are you keeping up with emerging threats? Are security incident investigations holding you back? Is
More informationExtreme Networks Security Analytics G2 Risk Manager
DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential
More informationWHITE PAPER Linux Management with Red Hat Network Satellite Server: Measuring Business Impact and ROI
WHITE PAPER Linux Management with Red Hat Network Satellite Server: Measuring Business Impact and ROI Sponsored by: Red Hat Tim Grieser Randy Perry October 2009 Eric Hatcher Global Headquarters: 5 Speen
More informationAchieving SOX Compliance with Masergy Security Professional Services
Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationManaged Security Service Providers vs. SIEM Product Solutions
White Paper The Business Case for Managed Security Services Managed Security Service Providers vs. SIEM Product Solutions www.solutionary.com (866) 333-2133 The Business Case for Managed Security Services
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationTata Communications Security Outsourcing. A Must-have for Entry into the Global Economy. www.tatacommunications.com. www.tatacommunications.
Tata Communications Security Outsourcing A Must-have for Entry into the Global Economy www.tatacommunications.com www.tatacommunications.com 2 Tata Communications Security Outsourcing A Must-have for Entry
More informationISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems
IBM Global Services ISS X-Force Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems Internet Security Systems, an IBM Company Security Market Overview Companies face sophisticated
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationCisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.
Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able
More informationIBM ISS Optimizacija Sigurnosti
IBM ISS Optimizacija Sigurnosti Slaven Novak IBM ISS Technical Sales Specialist slaven.novak@hr.ibm.com 1 The Business Challenge: New Methods and Motives: Adding to the complexity and sheer number of risks
More informationHow To Know The Roi Of Cesp Workload Automation Software
WHITE PAPER CA ESP Workload Automation Software: Measuring Business Impact and ROI Sponsored by: CA Tim Grieser Eric Hatcher September 2009 Randy Perry Global Headquarters: 5 Speen Street Framingham, MA
More informationThe Total Economic Impact of Juniper Networks EX4200 Ethernet Switches
Prepared for Juniper Networks October 2009 The Total Economic Impact of Juniper Networks EX4200 Ethernet Switches Project Director: Michael Speyer TABLE OF CONTENTS Executive Summary... 4 Purpose... 4
More informationUnified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES
Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES SOX COMPLIANCE Achieving SOX Compliance with Professional Services The Sarbanes-Oxley (SOX)
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More information