Cost and Value of Cyber Security

What is “good enough” security really costing you?

Truth is, good enough security is just not good enough. Detection rates are only one piece of the puzzle. When most organizations only have the resources to investigate 4% of alerts, how do you know those are the 4% that matter?   Conventional cyber security solutions force your security analysts into busywork, and more importantly they fail to stop sophisticated, targeted attacks on your systems. You know your security risks, requirements and capabilities. In this asymmetric battle an attacker only needs to be right once, while organizations need to be successful every time. Can you afford security that’s just “good enough”

Customer testimonial: Stater Bros. Market

Customer testimonial: Stater Bros. Market

Hear from Ben Cabrera, Network Supervisor, who discusses how FireEye products integrate easily and produce quality alerts.

Quantity does not equal quality

When you buy a cyber security solution, you expect to get alerts. And with malware signatures, you certainly will. Signature-based technologies, “next-generation” products and sandboxing solutions look for anything—and everything—they’ve experienced before. The wide net they often cast generates volumes of alerts for low-risk, low-priority attacks and false positives – benign events incorrectly labeled as attacks. Even worse, these conventional technologies will miss the indicators of unknown attacks, with devastating results.

The cost of indiscriminate alerts

Security teams get up to a thousand if not hundreds of thousands of alerts in a week. Third-party studies tell us that only 19 percent are reliable, and security teams only have time to really investigate four percent of them—and they don’t know in advance if that four percent really matter! Consequently, security analysts spend two-thirds of their time investigating false alerts. This wasted effort costs the average company over $1.2 million each year.

To deal with this reality, security teams have a choice:

  • Pay more now to scale operations, knowing that two-thirds of their money will continue to be wasted on noise
  • Pay more later when they miss critical alerts and experience a breach that can cost $10,000- $100,000+ per hour in remediation costs

“We have to do everything we can to protect ourselves. All it would take is one breach and 80 years of success would be gone.”

- Ben Cabrera, Network Supervisor, Stater Bros. Markets

FireEye makes alerts worthwhile again

It takes 157 minutes for an expensive expert analyst to correctly identify a true positive alert. That’s a lot of misplaced expertise. Here’s how FireEye delivers value:

  • The MVX engine identifies true positive alerts without volumes of alerts or false positives.  Since security analyst’s typically validate alerts manually, this automation leaves them free for more important tasks. It even finds signs of threats for previously unknown attacks.
  • Contextual intelligence accompanies validated alerts to help your analysts quickly prioritize alerts properly and decide how to remediate them. It includes details such as attacker profile, threat severity and attack scale and scope.
  • Comprehensive visibility across the entire lifecycle to reduce alerts by up to 76 percent.  By seeing and stopping attacks early (e.g. during exploit), it eliminates the alerts that would be generated from subsequent stages of the attack (e.g. callbacks) and alerts from other victims when the scope of the attack expands.

Handling too many alerts vs. managing risk

When you only have the resources to investigate 4% of alerts, make sure they're the ones that really matter. Learn how to better manage alerts to reduce operational cost and improve overall security posture.

Download the white paper 

Podcast: Good enough is not good enough

A look at the “True Cost of Ownership” and the implicit operational cost that is associated with alert volume and the risks that it creates.

Listen now 

“We haven’t seen any false positives and the alerts enable us to understand what’s going on across our whole infrastructure. And by getting ahead of the curve, we minimize wasting resources on having to clean up a breach.”

- Scott Adams, Manager of Technical Services, Bexar County, TX

Make sure your cyber security pays for itself

Choosing the correct cyber security solution can instantly save you up to 97 percent of your analysts’ time. Overall, this can translate into operations savings of 90 percent based on alert volume and 99+ percent based on false positives. The truth is, going beyond good enough pays off a lot faster than you think.

The following is a snapshot of outcomes based on default values informed through common deployments, which take into account resource capacity constraints.

Standard FireEye
Average Time to Identify an Alert that Matters 157 Minutes 157 Minutes 4 Minutes 4 Minutes
Annual Operational Expenditure Due to Alert Volume Given Resource Capacity $21,996,000 $21,996,000 $1,903,200 $1,903,200
Annual Operational Expenditure Due to Alert volume When Deployed Inline $21,996,000 $21,996,000 $456,768 $456,768
Annual Operational Expenditure Due to False Positives Given Resource Capacity $17,816,760 $17,816,760 $19,032 $19,032