SLAIT ThreatManage Security Service

Transcription

1 SLAIT ThreatManage Security Service Security Operation Center: Build Versus Buy The increase in the volume and velocity of cyber attacks have many organizations questioning whether their internal operations and processes are best equipped to handle these challenges. As mid-size organizations recognize the pressing need to improve cybersecurity protections they must decide how much of that protection can come from their existing internal staff, processes, and technology. Forrester: State of Information Security Improve quality of protection 34% Gain 24x7 coverage 34% Greater competency 28% Reduced cost 27% Improve regulatory compliance Reduced complexity 20% Decreaste liability concerns 18% Because of the rest of IT environment is outsourced Should you continue to invest in your internal security operations or look to outside resources? When comparing the direct and indirect costs of on-premise versus managed security operations center there are many factors to consider. While the financial implications of build vs. buy are high on the list they cannot be the only criteria. In fact, a Forrester survey of 1,214 US and European IT security decision-makers found that quality of protection, 24x7 coverage, and competency as priorities over price. (see chart) Quantifying indirect costs is subject to some debate, but there s little doubt that it should be part of the evaluation process. Those involved in making decisions regarding cybersecurity compliance and protection for their organization need straight forward analysis of the functional and cost benefits of sourcing a managed service versus building an internal capability. 21% 4% Due to variance in size and regulatory demands, businesses can greatly vary in their requirements. Comparing the direct costs in the build-versus-buy debate will demonstrate greater security competency gains while at the same time realizing significant cost savings. ThreatManage Below we have outlined the direct and indirect costs of building versus outsourcing your security operations center. This paper presents financial considerations that support the conclusion that SLAIT's managed security service, ThreatManage, can provide the improvements your organization needs at a fraction of the cost of an investment in building an internal function. Below is a summary of the direct costs detailed in this document. Internal Staff 24x7 SOC Investigation/Planning Infrastructure Build, Use, Operate Total Direct Cost 600,000 50,000 40,000 40, ,000

2 Direct Cost: Internal Security Staff: Building a 24x7 security operations center requires a minimum of five full-time employees. Gartner research advises a staff of eight for a larger organization. This paper is focused on staffing a mid-sized business, so we will use a staff count of five for our purposes. The average U.S. base salary for an IT security administrator who works in a security operations center, often referred to as a SOC analyst, is over 80,000 according to salary.com [1]. This means the direct cost associated with base salaries alone is approximately 400,000. Of course, that s just one piece of the cost structure. Most conservative financial estimates put incremental staff-related costs at a minimum of 50 percent of salary to accommodate such costs as taxes, benefits, and training. Also included are other overhead such as office space, utilities, laptops, and mobile phones. That bumps up your annual direct staff costs to at least 600,000 for an average sized enterprise. A managed service provider experiences similar staff expenses, however the costs are spread across multiple clients. The ThreatManage SOC cost-per-client is a small fraction of the total staffing cost as reflected in the statement of work provided by SLAIT. Investigation/Planning: As you build a qualified team of internal security professionals you also begin the process of evaluation and testing of tools and technology. This process is typically not the domain of your security administrators and generally requires input from your CISO and/or lead security professionals adding to the overall staff costs identified above. The evaluation process can easily span six to twelve months to select technology, train your staff, and develop a plan for integrating new tools and technology into your existing infrastructure. The additional costs associated with this process are likely to exceed 50,000 in labor, whether conducted by internal staff or an experienced outside consulting group. A managed service will already staff an experienced security engineering team who is constantly evaluating and testing new technology that improve clients cybersecurity posture and surface actionable alarms. ThreatManage services are designed by highly experienced industry experts that come from Fortune 100 corporations and the Federal Government, vetting functional products that have been fully evaluated and integrated with multiple man-years of effort. Infrastructure Costs: Security solutions range from an annual subscription of 20,000 to 200,000 depending upon the level of sophistication you choose to implement. If you choose to deploy network-based sensors or endpoint sensors that provide increased visibility, those costs will continue to rise. Capital outlay to support this additional infrastructure will range from 20,000 to 100,000 for servers, storage, and network devices with an additional 20% added on the bill for annual maintenance. [1]

3 Direct Cost: (cont.) By consolidating purchasing power, a managed service provider is able to provide the latest and best technology for the needs of their customers that otherwise might be unattainable. The ThreatManage infrastructure has been tested and configured to meet each of our client s precise needs. Every client receives an appliance pre-integrated with hardware and software that works in union and communicates with SLAIT s SOC. Because ThreatManage is delivered as-a-service, the appliances are fully managed yielding significant cost savings. Build, Use, Operate: When it comes time to build, use and operate your Security Operations Center, considerations for ongoing logging and monitoring need to be considered. Purchasing a SIEM for this purpose requires significant experience and expertise. Without the right skill set on-premise to maintain and manage the SIEM, proper use cases are not developed and true value will not be realized from your investment. A properly deployed SIEM will capture data from many sources including: directory services server logs DNS/DHCP logs perimeter security logs database logs endpoint protection and detection agents a myriad of other sources Other considerations include integration of tools and processes which is a never ending process. Conditions are constantly changing as new versions of operating systems for servers and myriad devices are released, patches are issued, new malware is released and version control is needed. If you have half of a qualified FTE assigned to this function, a portion of their annual costs would exceed 40,000. With ThreatManage, our library of existing integration scripts as well as our devoted experts will dramatically reduce these costs.

4 Indirect Costs: Staff Retention: As you consider the cost of developing an internal security operations center you must also consider your ability to attract and retain highly sought after cybersecurity talent. The talent shortage is well documented, with Cisco reporting the global figure at one million cybersecurity job openings. Consider the following: More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74% over the past five years. [2] Demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million [3] If you choose to compete for these highly sought after resources, you must consider how you will retain your staff. Cybersecurity talent is hard to find and even harder to keep. Once staff gains a year of experience recruiters seek them out and flood them with more lucrative opportunities. When a staff member leaves you lose the training and commitment to the tools and technology that they had selected. Many CIOs tell us that since the previous staff member left no one knows how to use insert-a-tool-name-here and there is no value gained from the investment. To combat these issues, SLAIT s SOC analysts are kept at a competitive salary, are required to complete extensive ongoing training, and are offered growth opportunities. The ThreatManage shared resources model mean that we have the bandwidth to offer the benefits needed to retain top talent. If a staff member does leave they are not the only one with the expertise needed to keep operations at optimal efficiency. It is our goal for each one of our staff to become senior incident response engineers who are highly sought after cyber experts! Focus on Organizations Core Mission: When using on-premise resources to provide security, you are taking IT staff away from developing critical business functionality that is core to your business and contributes to the profitability of your organization. Two of the top reasons to outsource identified in the Forrester survey [4] are Improved Quality of Protection and Greater Competency. SLAIT has built a business around delivering the highest-value security solutions, process, and talent. With ThreatManage your organization reaps the tangible benefits of improved protection while operating with greater competency and effectiveness. [2] 2015 analysis of numbers from the Bureau of Labor Sta s cs by Peninsula Press, a project of the Stanford University Journalism Program. [3] Michael Brown, CEO at Symantec [4] Forrester survey - cite source

5 Summary If you could offer a higher level of security, increase competency with greater access to expertise and tools previously unavailable to you, at a lower cost, with decreased overhead and improved operational efficiecy - would you? As IT budgets continue to be scrutinized, small and large organizations alike are looking to maximize the value of their investments and are discovering the benefits of a managed services model for a wide variety of security functions. While many providers claim to offer managed security services, very few of them prioritize it as a full-fledged practice and even fewer of them have the resources and experience to provide true value. As you perform your build-versus-buy analysis one overriding consideration will be your time to protection and time to value. SLAIT delivers best-in-class technology with a top notch staff of uber qualified professionals that consistently deliver actionable results. With ongoing investments in process, controls, and a hardened environment for the ThreatManage Security Operations Center (SOC), SLAIT alleviates the need for you to invest in on-premise data centers and network monitoring facilities. With ThreatManage you tap into the benefits of a managed security solution: Access to a top notch team of cyber security experts Superior protection with best of breed solutions Increased response to alerts Improved cybersecurity competency 24x7x365 fully staffed SOC Lower capital, overhead and staffing costs Subscription vs Ownership (Opex vs Capex) The financial advantage of ThreatManage in direct and indirect cost savings is clear. Couple these cost savings with a proven solution that brings immediate improvement to your quality of cyber protection and you have a compelling business case to engage with ThreatManage rather than building an internal SOC. Your organization's security is too important to leave to chance. ThreatManage offers a proven solution backed by the expertise of our staff to monitor and protect your most sensitive data and keep your infrastructure safe.