Calculating Security ROI, or "Halloween’s Over, So Why is my Vendor Trying to Scare Me?" - Exabeam

Calculating Security ROI, or “Halloween’s Over, So Why is my Vendor Trying to Scare Me?”

November 30, 2016


Reading time
2 mins

Certain technology categories lend themselves well to ROI analysis. Want to replace your old storage array with a new flash array, or your old backup technology with something new? It’s probably not too difficult to work out the payback numbers. Security, on the other hand, has been more resistant to clear ROI analysis. Vendors either give out scary per-company breach averages from Ponemon, or build some other detection-based cost-benefit number. Over time, CISOs and their brethren in Procurement have learned to discount these numbers.

UEBA is interesting because, while most buyers look at it from a breach detection lens, there is also a significant and clear operations angle to behavioral analytics for security. In practice, we’ve found that operations, in the form of incident response, is not something that many security engineering professionals have experienced. Where security engineering professionals focus on detection, algorithms, and architecture, incident response pros spend their time managing alerts, incidents, and investigations. It’s here that operational efficiency comes into play, and here that ROI can be more easily calculated.

For example, security operations centers handle some number of alerts per month, usually in the thousands. Some percentage get handled, the rest are ignored. Some of the ignored alerts had meaning and should have received attention. Each handled alert takes some amount of time, on average. Some number of alerts spawn incidents and each incident takes some other amount of time, on average. There are more details, but in general, incident response operations are more easily modeled and quantified than trying to estimate ROI using security scare stories. Determining payback will help support your hiring and technology plans.

Similar Posts

The New CISO Podcast: Management Tools

Exabeam News Wrap-up – Week of June 13, 2022

One Week of Gartner Security & Risk Summit 2022 in 10 Minutes

Recent Posts

Exabeam in Action: Stopping Lapsus$ in Their Tracks

Ransomware: Bigger, Better, and Still Going Strong

The Benefits of UEBA Technology with Industry Experts at the Helm

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!