I wrote previously about how an integrated security architecture makes security easier yet more effective. But the security professionals I talk to also want to understand the financial implications of such an approach, since everyone operates with resource constraints. Let's see how this plays out using the scenario of a zero-day threat that is delivered via a phishing email.
- An event can occur when a user unknowingly downloads and executes zero-day malware on their computer. We learn that malicious software has entered the network based on associated indicators of compromise and automatically share them with the next-generation firewall (NGFW) to immediately begin determining the scope of the attack. Meanwhile, DNS layer protection monitors and can automatically block connections to a command and control (CnC) site to prevent additional malicious activity.
- The NGFW has the contextual awareness with network and device trajectory maps to be able to quickly identify those endpoints that also have the same malicious file, even those hosts that do not have endpoint protection software.
- The NGFW then communicates policy information with the network access control system (NAC) to dynamically quarantine the infected endpoint on the network.
- While the infected endpoint is quarantined within the corporate environments, the threat intelligence on the zero-day is shared with the full architecture at once – including at branch locations and end user devices – blocking the threat everywhere to prevent further compromise and future attacks.
As you can see from this example, an integrated security architecture delivers more effective security. And there's a sound financial argument for this approach to security. We know an architecture that integrates multiple best-in-class platforms is not just a force multiplier of security effectiveness. It's a force multiplier of value as well. The financial benefits come in three areas: improved security efficiency, increased IT productivity, and lower hardware/software costs. Let's take a closer look at how.
1. Security efficiencies
The scenario above shows how an integrated security architecture helps to reduce end user downtime and improve threat detection and incident resolution. Analysts estimate that on average each security threat can result in approximately 17 hours of downtime for each affected end user while IT and security teams identify an incident, conduct analysis, and finally implement a solution or reimage an endpoint. At a rate of $75/end user, and if 1,000 users were affected, the cost in downtime alone is $1,275,000.
But as we saw in the case of a zero-day threat, using telemetry gathered across the security architecture and automated response actions, you can identify, contain, and clean it up in minutes so fewer end users are affected. Security efficiencies from faster malware cleanup are derived from strong endpoint security visibility – you know exactly where a threat is in your enterprise and what it is doing. The efficiency gains are significant – as much as 70 percent, just in reduction of endpoint reimaging costs.
2. IT productivity
According to ESG research, 45 percent of organizations say they have a problematic shortage of cybersecurity skills today. However, the gain in IT productivity from an integrated security architecture can significantly help you leverage your most important and expensive security asset – people. When a breach happens, you can more effectively block malicious activities before they cause a serious issue. Working together, protection at the DNS layer and on the endpoint automatically stops a malicious campaign from unfolding. Sharing threat intelligence across the entire architecture, you can use your network to automatically detect and quarantine infected systems to contain a threat. You can also prevent the same attack in the future by instantly updating policies and rules within your NGFW endpoint security and access control systems.
A 20 percent increase in productivity among a 10-person IT and security team at $150,000 annual salary each is $300,000. Even if just half of that time goes back directly to enhancing security efforts, that's the equivalent of another full-time employee. Not to mention the fact that the time savings can be directed to more value-added tasks. This is priceless when those tasks include developing controls and policies to proactively defend against future attacks, which is where your staff likely feel most fulfilled in their jobs anyway.
3. Hardware/software savings
With an integrated security architecture you can deploy what you need, where and when you need it – through physical and virtual appliances. And often capabilities can be turned on with a software license. Recent analysis indicates that flexible deployment options deliver at least a 20 percent savings in security technology investments, not to mention that integrations with complementary best-in-class solutions are already validated so fewer resources are needed to manage integrations, customizations, deployment, and vendors. You can also capitalize on your existing investment in network infrastructure – using network devices for enforcement – to do security better.
With these three considerations in mind, work with your vendor to see how an integrated security architecture can help save your organization millions of dollars and reduce exposure to threats. Your team spends less time reacting to security issues and managing multiple vendors, and can move away from manual processes to respond more quickly when attacks happen. You also have the time to take steps up front, for example segmenting the network to mitigate damage when threats get through, keeping up with patching to minimize exposure, and utilizing the latest threat intelligence to proactively block more threats outright and make security postures more effective overall. An integrated security architecture doesn't just make sense, it makes cents, as you strive to make your organization more secure today, and prepare to meet the security challenges of tomorrow.