Calculating Security ROI, or "Halloween’s Over, So Why is my Vendor Trying to Scare Me?" - Exabeam

Calculating Security ROI, or “Halloween’s Over, So Why is my Vendor Trying to Scare Me?”

Published
November 30, 2016

Author
admin

Certain technology categories lend themselves well to ROI analysis. Want to replace your old storage array with a new flash array, or your old backup technology with something new? It’s probably not too difficult to work out the payback numbers. Security, on the other hand, has been more resistant to clear ROI analysis. Vendors either give out scary per-company breach averages from Ponemon, or build some other detection-based cost-benefit number. Over time, CISOs and their brethren in Procurement have learned to discount these numbers.

UEBA is interesting because, while most buyers look at it from a breach detection lens, there is also a significant and clear operations angle to behavioral analytics for security. In practice, we’ve found that operations, in the form of incident response, is not something that many security engineering professionals have experienced. Where security engineering professionals focus on detection, algorithms, and architecture, incident response pros spend their time managing alerts, incidents, and investigations. It’s here that operational efficiency comes into play, and here that ROI can be more easily calculated.

For example, security operations centers handle some number of alerts per month, usually in the thousands. Some percentage get handled, the rest are ignored. Some of the ignored alerts had meaning and should have received attention. Each handled alert takes some amount of time, on average. Some number of alerts spawn incidents and each incident takes some other amount of time, on average. There are more details, but in general, incident response operations are more easily modeled and quantified than trying to estimate ROI using security scare stories. Determining payback will help support your hiring and technology plans.

Recent Information Security Articles

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More

The Challenges of Today’s CISO: Navigating the Balance of Compliance and Security

Read More

Human Managed Selects Exabeam to Drive Faster Decision-making

Read More

Exabeam Successfully Completes the Annual System and Organization Controls SOC 2 Type II Audit

Read More



Recent Information Security Articles

SIEM Gartner: Get the 2021 Magic Quadrant Report

Read More

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More

The Challenges of Today’s CISO: Navigating the Balance of Compliance and Security

Read More

Human Managed Selects Exabeam to Drive Faster Decision-making

Read More