WHITEPAPER PROACTIVE SECURITY INTELLIGENCE RETURN ON INVESTMENT



Similar documents
Leveraging Network and Vulnerability metrics Using RedSeal

Privilege Gone Wild: The State of Privileged Account Management in 2015

Enabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal

Privilege Gone Wild: The State of Privileged Account Management in 2015

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Improving Network Security Change Management Using RedSeal

Optimizing Network Vulnerability

The Value of Vulnerability Management*

SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER

Continuous Network Monitoring

FIREMON SECURITY MANAGER

Demonstrating the ROI for SIEM: Tales from the Trenches

DEMONSTRATING THE ROI FOR SIEM

The Business Case for Security Information Management

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Web application security: automated scanning versus manual penetration testing.

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

Real-Time Security for Active Directory

THE TOP 4 CONTROLS.

Technical Testing. Network Testing DATA SHEET

Leveraging a Maturity Model to Achieve Proactive Compliance

Extreme Networks Security Analytics G2 Vulnerability Manager

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Strengthen security with intelligent identity and access management

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

IBM Security QRadar Vulnerability Manager

Understanding SCADA System Security Vulnerabilities

How To Plan For Cloud Computing

FIVE PRACTICAL STEPS

Impact of Data Breaches

Best Practices for Building a Security Operations Center

Proving Control of the Infrastructure

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency

Achieving ITSM Excellence Through Availability Management

Enforcing IT Change Management Policy

Payment Card Industry Data Security Standard

The Emergence of Security Business Intelligence: Risk

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Specific observations and recommendations that were discussed with campus management are presented in detail below.

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Total Protection for Compliance: Unified IT Policy Auditing

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Information Security Services

FISMA Compliance: Making the Grade

CORE Security and GLBA

Best Practices for PCI DSS V3.0 Network Security Compliance

SUSTAINING COMPETITIVE DIFFERENTIATION

1/8/2012. Gordon Shevlin, Allgress, Founder, CEO Kyle Starkey, CISO, Early Warning Services. Effectively Communicating IT Risk to Senior Management

Predictive Intelligence: Identify Future Problems and Prevent Them from Happening BEST PRACTICES WHITE PAPER

The Importance of Cyber Threat Intelligence to a Strong Security Posture

Protecting against cyber threats and security breaches

AD Management Survey: Reveals Security as Key Challenge

How To Protect Your Organization From Insider Threats

Managing IT Security with Penetration Testing

How To Test For Security On A Network Without Being Hacked

FFIEC Cybersecurity Assessment Tool

The Importance of Data Quality for Intelligent Data Analytics:

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Information Technology Risk Management

IBM Security QRadar Risk Manager

Managing business risk

PCI DSS Reporting WHITEPAPER

Automating ITIL v3 Event Management with IT Process Automation: Improving Quality while Reducing Expense

Managing the Unpredictable Human Element of Cybersecurity

IT Operations analytics redefined: uncovering business impact and opportunities with Application Analytics

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Whitepaper. Advanced Threat Hunting with Carbon Black

Reduce IT Costs by Simplifying and Improving Data Center Operations Management

AlgoSec. Managing Security at the Speed of Business. AlgoSec.com

Cisco Security Optimization Service

IBM Security Intelligence Strategy

Symantec Control Compliance Suite. Overview

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

WhiteHat Security White Paper. Evaluating the Total Cost of Ownership for Protecting Web Applications

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

HP Security Assessment Services

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Transcription:

WHITEPAPER PROACTIVE SECURITY INTELLIGENCE RETURN ON INVESTMENT

Table of Contents Introduction...3 Business Case...3 Real-World ROI...4 Measured Annual ROI...4 ROI Analysis...5 ROI Calculations...6 ROI Overview: Direct Benefits...6 ROI Overview: Real-World Environment...6 ROI Overview: Non-Financial Benefits...7 Conclusion...7 Addendum (Real-World Examples)...7

Proactive Security Intelligence: Return on Investment 3 Introduction: Proactive Security Intelligence: Is it Worth the Investment? While it may seem obvious that more proactive, intelligence-based management of network firewalls and other security device infrastructure including access routers, load balancers and the like provides numerous opportunities to improve defense and prevent related compromise, documenting the financial and process-oriented benefits of this approach lends significant weight to its overall impact. Traditionally, when IT professionals and security management officials consider the ROI and overall value proposition of solutions investment, discussions primarily emphasize direct financial benefits realized when adopting the involved solution(s). However, when reviewing the intrinsic strengths of embracing a Proactive Security Intelligence approach to management of network security device infrastructure, it is worthwhile to detail how this methodology also facilitates the evolution and improvement of many other related processes. Based on an independent survey of over 125 FireMon customers conducted by researchers TechValidate: 54 percent of all FireMon customers report 100 percent ROI on their investment in 12 months or less. The following information and justification highlights the pervasive ROI appreciated via adoption of this Proactive Security Intelligence management paradigm. Business Case: Proactive Security Intelligence The continued prevalence of network compromise and related data breach incidents drives home the undeniable reality that organizations continue to encounter myriad challenges in addressing the growing complexity and inherent nature of change central to the management of firewalls and other network security device infrastructure, including adaptation of related policies. In direct contrast with the widely held perception that both known and undiscovered vulnerabilities reside in these systems remain the most problematic aspect of this troubling conclusion, leading experts have positioned that, in fact, fragmented and inconsistent management of core network defenses remains the most problematic issue. For example, trusted industry analysts Gartner report that through 2018, more than 95 percent of [all related] breaches will be caused by firewall misconfigurations, not firewall flaws. In a recent survey of more than 250 security management officials representing financial services, government and business services organizations, among others, a litany of statistics supporting the need for more automated, context-aware oversight of firewalls and other network security device infrastructure emerged, including: 73% of all firewall policies are considered somewhat complex to out of control 75% of respondents cite firewall management as a labor intensive, manual process 75% of respondents still perform manual firewall/policy audits using internal staff 71% of organizations lack staffing to perform analysis needed to better manage firewalls 77% of respondents agree firewall audits should be performed continuously/quarterly 70% of respondents cite time needed to identify firewall changes as problematic 70% of respondents note increasing policy complexity extends analysis timeframes 35% of organizations believe themselves capable of analyzing firewalls on a quarterly basis These statistics strongly reinforce that while organizations understand the need for more frequent, conclusive analysis of firewalls and related policies, there remains a distinct need for automated solutions allowing continuous assessment and providing targeted intelligence for informed response.

Proactive Security Intelligence: Return on Investment 4 By adopting a Proactive Security Intelligence approach to analysis and management of network security device infrastructure, organizations can directly address the shortcomings of traditional firewall assessment and rein-in policy matters creating gaps in defense that enable network compromise. Real-World ROI: Proactive Security Intelligence The most effective manner of determining the specific ROI of the FireMon Security Intelligence Platform is gained by reviewing the solution s impact in real-world environments. Using measurements gathered from a sizeable telecommunications provider employing FireMon to automate assessment and improve alignment of network security device infrastructure, as well as optimize related policies, significant benefits are detailed. While the FireMon solutions platform empowers a much broader set of benefits across a wide range of network operations, security management, audit/compliance and IT risk management processes, this analysis focuses on actual cost reduction affecting this organization s bottom line. In the reported case study, FireMon directly affects matters of labor efficiency, firewall auditing expenses, and costs resulting from outages of misconfigured firewalls, among others. It is asserted that within the first 12 months of implementing the core FireMon Security Manager solution, the customer was able to create $122,000 in value (time spent in other areas) using the product to automate firewall rules configuration and lower policy complexity; within 5 months of implementation, the entire investment in FireMon was recovered. Measured Annual ROI: FireMon Security Manager YEAR 1 By Month 1 2 3 4 5 6 7 8 9 10 11 12 Investment $ -46,656 $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - Savings $ 10,204 $ 10,204 $ 10,204 $ 10,204 $ 10,204 $ 10,204 $ 10,204 $ 10,204 $ 10,204 $ 10,204 $ 10,204 $ 10,204 ROI $ -36,453 $ -26,249 $ -16,045 $ -5,842 $ 4,362 $ 14,566 $ 24,769 $ 34,973 $ 45,177 $ 55,380 $ 65,584 $ 75,788 $350,000 Three-Year ROI Analysis $300,000 $250,000 $200,000 $150,000 $100,000 $50,000 $-50,000 $ 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35

Proactive Security Intelligence: Return on Investment 5 ROI Analysis: Inputs and Measurements The following firewall review ticketing data was utilized to arrive at reported ROI calculations: Year 1 Year 2 Year 3 OPERATIONAL EFFICIENCY Number of change requests (weekly) 50 53 55 Requests Average loaded cost of IT Professional (by the hour) 55 55 55 $ Average Time Spent per Request: By the Requestor 15 15 15 Minutes By the Network Team 30 30 30 Minutes By the Security Team 20 20 20 Minutes Percentage of Re-Opened Change Tickets 25 25 25 % False Alarm Percentage 5 5 5 % ADDITIONAL SAVINGS (OPTIONAL) Annual Firewall Related Auditing Expenses 0 0 0 $ Annual Number of Outages Due to Misconfigured Firewalls 0 0 0 Outages Estimated Cost Per Outage 0 0 0 $ The following time calculations regarding the involved customer environment were utilized based on real-world observations and other related experiences regarding use of FireMon in similar environments: Assumptions Time to process a General Request Requestor 50% Time to process a General Request Network Team 30% Time to process a General Request Security Team 10% Reduction in false alarm Request Time Requestor 50% Reduction in false alarm Request Time Network Team 20% Reduction in false alarm Request Time Security Team 0% Reduction in Re-Opened Ticket 0% Cost-Saving Auditing Expenses 85% Cost-Saving Outages Expenses 60% Loaded Cost Per Minute $0.92

Proactive Security Intelligence: Return on Investment 6 ROI Calculations: Observed and Projected Results Based on the proceeding inputs, measurements and assumed results, the following ROI calculations were produced: Calculations First Year Second Year Third Year Number of weekly already works requests 3 3 3 Time to process an already works request with Security Manager 13.50 13.50 13.50 Number of weekly General requests (Re-Opened Tickets) 35 37 39 Time to process a General request without Security Manager 65.00 65.00 65.00 Time to process a General request with Security Manager 18.50 18.50 18.50 Total Annual Operational Cost without Security Manager $154,916.67 $162,662.50 $170,795.63 Total Annual Operational Cost with Security Manager $32,472.92 $34,096.56 $35,801.39 Auditing Expense Savings $0.00 $0.00 $0.00 Outages Cost Savings $0.00 $0.00 $0.00 Total Annual Savings $122,443.75 $128,565.94 $134,994.23 ROI Overview: Direct Benefits In reviewing the supplied calculations, a number of immediate and substantial financial benefits are made clear, including: Over the initial 12 months of the measured timeframe upfront investment ROI of nearly 2x Over the initial 36 months of the measured timeframe upfront investment ROI of more than 6x Time necessary to process involved firewall review tickets reduced by more than 70% Related operational costs associated with firewall review tickets reduced by almost 80% Over the initial 36 months of the measured timeframe savings of 70% over upfront investment Additional unmeasured, yet significant savings are also highlighted, including proposed costs compliance/audit expenses related to the same processes addressed by FireMon Security Manager. Also highlighted are indeterminate costs related to unforeseen service interruptions resulting from inefficiencies or errors introduced by traditional, manual oversight of firewalls, rules and policies. ROI Overview: Real-World Environment As an example of FireMon s immediate impact in real-world environments, consider the measurement of time/resource savings when used in one large government organization. After a specific instance of compromise, security analysts were required to conduct an audit of all network assets: Using FireMon Security Manager Platform, analysts were able to audit five complete network enclaves (connected environments under the control of a single authority) in approximately 1.5 hours (1 analyst/1.5 work hours/90 minutes), for an average of 18 minutes per enclave. Without FireMon, a similar audit of 40 enclaves required 2 months to complete (140 analysts/320 work hours/19,200 minutes), for an average of 8 hours per enclave.

Proactive Security Intelligence: Return on Investment 7 ROI Overview: Non-Financial Benefits Among the most significant and lasting benefits supplied by FireMon Security Manager are inherent improvements that directly result in more effective assessment and oversight of firewalls, network security device policies and related processes including: Prevention of network compromise and resulting data breaches related to poor access management Increased ability to tie network security management directly to business requirements Improved performance of overall network infrastructure driven by reduction in complexity Closed-loop, integrated policy management workflow, including what-if change analysis Rapid, informed response and defense reconfiguration related to changing conditions Continuous audit, validation and recertification of mandated policy compliance Prioritized (real-world exposure-based) mitigation of vulnerabilities and underlying IT risks Conclusion: Clear ROI of Proactive Security Intelligence When reviewing the current scenario of largely inefficient, highly fragmented and ultimately reactive processes used to address analysis and management of network security device infrastructure, related policies and underlying IT risks, it is clear that there is significant need for a more effective approach and supporting solutions. Whether in consideration of specific expense items or numerous undocumented costs related to inefficiencies addressed comprehensively by FireMon Proactive Security Intelligence and most importantly within the larger context of improving network defenses to prevent compromise and resulting outcomes investment in the FireMon Security Manager Platform has immediate and undeniable benefits. By utilizing FireMon Security Manager and its supporting modules to empower existing staff to address the persistent reality of spiraling complexity and ongoing change in network security device infrastructure, it is possible for organizations to greatly advance process and program maturity enabling continuous assessment and monitoring, evolving overall management strategy, and, just as critically, freeing up substantial resources for application in other adjacent domains. Addendum: Applicability in Real-World Breach Incidents It is worth noting that in addition to the significant ROI benefits outlined in the proceeding document, use of FireMon Security Manager can prevent many common network compromise and data breach scenarios, including some of the largest incidents recently reported. For example: Using FireMon Security Manager to understand overly permissive access and underlying attack paths, retailer Target would have been able to understand inappropriate routes open to its HVAC contractor which led to compromise of its point-of-sale network, exposing millions of consumers and incurring huge losses. Using FireMon Security Manager, industrial giant Monsanto could have seen gaps in its defenses that resulted in its reported breach of network security whereby attackers bypassed access servers to steal sensitive information including customer names, addresses, tax ID numbers, and (in some cases) financial information. Using FireMon Security Manager, online marketplace leader ebay could have identified improper network access and used existing controls to prevent exposure of its users password data, which resulted in significant reputational damage, potential lawsuits and major operational interruptions.

Proactive Security Intelligence: Return on Investment 8 Using FireMon Security Manager, payroll company Paytime could have visualized and mitigated compromise of vulnerabilities in its Client Service Center systems which led to unauthorized access to customer information, including Social Security numbers, direct deposit bank account information, wage information and other data. Using FireMon Security Manager, Sony Computer Entertainment America LLC could have visualized and mitigated improper access and poor network segmentation that led to exposure of personal financial details of its online gaming community members, for which it recently agreed to $15 million in damages. About FireMon FireMon is an enterprise security management company headquartered in Overland Park, Kansas. Founded in 2004, we help organizations find, correct, and ultimately avoid gaps in their existing network security infrastructure. Our proactive, real-time enterprise security management platform gives security decision makers key management and operations data to reduce risk and provide appropriate levels of access. FireMon Security Manager provides a perfect framework for making intelligent, informed decisions to enact security countermeasures in real time, so you can protect your organization s network and keep business operations running smoothly. CONTACT FIREMON: 8400 W. 110th Street, Suite 400 Overland Park, KS 66210 USA Phone: +1.913.948.9570 Fax: +1.913.948.9571 Email: info@firemon.com

Follow us on Twitter @FireMon Like us on Facebook: www.facebook.com/firemon 8400 W. 110th Street, Suite 400 Overland Park, KS 66210 USA Phone: 1.913.948.9570 E-mail: info@firemon.com www.firemon.com FireMon and the FireMon logo are registered trademarks of FireMon, LLC. All other product or company names mentioned herein are trademarks or registered trademarks of their respective owners. Copyright FireMon, LLC 2014 rev090514

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information