The Cost and Value of Cyber Security
What is "good enough" security
really costing you?
Truth is, good enough security is just not good enough. Detection rates are only one piece of the puzzle. When most organizations only have the resources to investigate 4% of alerts, how do you know those are the 4% that matter? Conventional cyber security solutions force your security analysts into busywork, and more importantly they fail to stop sophisticated, targeted attacks on your systems. You know your security risks, requirements and capabilities. In this asymmetric battle an attacker only needs to be right once, while organizations need to be successful every time. Can you afford security that’s just “good enough?”
Quantity does not equal quality
When you buy a cyber security solution, you expect to get alerts. And with malware signatures, you certainly will. Signature-based technologies, “next-generation” products and sandboxing solutions look for anything—and everything—they’ve experienced before. The wide net they often cast generates volumes of alerts for low-risk, low-priority attacks and false positives – benign events incorrectly labeled as attacks. Even worse, these conventional technologies will miss the indicators of unknown attacks, with devastating results.
"The FireEye solution displaces at least 1.5 FTE that would previously be required to manually track down incidents with questionable efficacy. We approximate this number to be $225,000 per annum in hard ROI. The potential brand damage is estimated to be in the tens of millions. We have to do everything we can to protect ourselves. All it would take is one breach and 80 years of success would be gone."
- Ben Cabrera, Network Supervisor, Stater Bros. Markets
When you only have the resources to investigate 4% of alerts, make sure they're the ones that really matter. Learn how to better manage alerts to reduce operational cost and improve overall security posture.
FireEye makes alerts worthwhile again
It takes 157 minutes for an expensive expert analyst to correctly identify a true positive alert. That’s a lot of misplaced expertise. Here’s how FireEye delivers value:
- The MVX engine identifies true positive alerts without volumes of alerts or false positives. Since security analyst’s typically validate alerts manually, this automation leaves them free for more important tasks. It even finds signs of threats for previously unknown attacks.
- Contextual intelligence accompanies validated alerts to help your analysts quickly prioritize alerts properly and decide how to remediate them. It includes details such as attacker profile, threat severity and attack scale and scope.
- Comprehensive visibility across the entire lifecycle to reduce alerts by up to 76 percent. By seeing and stopping attacks early (e.g. during exploit), it eliminates the alerts that would be generated from subsequent stages of the attack (e.g. callbacks) and alerts from other victims when the scope of the attack expands.
"We haven’t seen any false positives and the alerts enable us to understand what’s going on across our whole infrastructure. And by getting ahead of the curve, we minimize wasting resources on having to clean up a breach, so taking a proactive posture is even more valuable for us."
- Scott Adams, Manager of Technical Services, Bexar County, TX
Make sure your cyber security pays for itself
Choosing the correct cyber security solution can instantly save you up to 97 percent of your analysts’ time. Overall, this can translate into operations savings of 90 percent based on alert volume and 99+ percent based on false positives. The truth is, going beyond good enough pays off a lot faster than you think.
The following is a snapshot of outcomes based on default values informed through common deployments, which take into account resource capacity constraints.
|Average Time to Identify an Alert that Matters||157 Minutes 157 Minutes||4 Minutes 4 Minutes|
|Annual Operational Expenditure Due to Alert Volume Given Resource Capacity||$21,996,000 $21,996,000||$1,903,200 $1,903,200|
|Annual Operational Expenditure Due to Alert volume When Deployed Inline||$21,996,000 $21,996,000||$456,768 $456,768|
|Annual Operational Expenditure Due to False Positives Given Resource Capacity||$17,816,760 $17,816,760||$19,032 $19,032|