Calculating Security ROI, or “Halloween’s Over, So Why is my Vendor Trying to Scare Me?”
Certain technology categories lend themselves well to ROI analysis. Want to replace your old storage array with a new flash array, or your old backup technology with something new? It’s probably not too difficult to work out the payback numbers. Security, on the other hand, has been more resistant to clear ROI analysis. Vendors either give out scary per-company breach averages from Ponemon, or build some other detection-based cost-benefit number. Over time, CISOs and their brethren in Procurement have learned to discount these numbers.
UEBA is interesting because, while most buyers look at it from a breach detection lens, there is also a significant and clear operations angle to behavioral analytics for security. In practice, we’ve found that operations, in the form of incident response, is not something that many security engineering professionals have experienced. Where security engineering professionals focus on detection, algorithms, and architecture, incident response pros spend their time managing alerts, incidents, and investigations. It’s here that operational efficiency comes into play, and here that ROI can be more easily calculated.
For example, security operations centers handle some number of alerts per month, usually in the thousands. Some percentage get handled, the rest are ignored. Some of the ignored alerts had meaning and should have received attention. Each handled alert takes some amount of time, on average. Some number of alerts spawn incidents and each incident takes some other amount of time, on average. There are more details, but in general, incident response operations are more easily modeled and quantified than trying to estimate ROI using security scare stories. Determining payback will help support your hiring and technology plans.
The New CISO Podcast: Management Tools
Exabeam News Wrap-up – Week of June 13, 2022
One Week of Gartner Security & Risk Summit 2022 in 10 Minutes
Exabeam in Action: Stopping Lapsus$ in Their Tracks
Ransomware: Bigger, Better, and Still Going Strong
The Benefits of UEBA Technology with Industry Experts at the Helm
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!