Digital Defense Frontline VM Review | Security Weekly Labs | SC Media
Vulnerability management

Digital Defense Frontline VM Review | Security Weekly Labs

November 17, 2021
  • The work necessary to set up monitoring for scans and ensure they continue to run correctly
  • The work necessary to build and pull regular reports for management, meetings, etc.
  • Managing the underlying operating systems for each scan engine
  • Product cost: For 2,000 assets, the cost for a Frontline Advanced subscription is just under $25,000 per year.
  • Deployment cost (labor): We think deploying scanner VMs and agents can be handled by junior-level folks. We’re estimating 40 hours of labor to get it deployed and an additional 4 hours to set up notifications in case scans break. For junior-level resources, the total cost for deployment comes to $1,480.60 (Check out the methodology document for details on how we calculate labor estimates)
  • Deployment cost (infrastructure): While Digital Defense does offer hardware Frontline appliances, deploying Frontline VMs would probably be more economical. Given that existing VM infrastructure would likely already exist in an organization of this size, security teams can usually get away with deploying a few scanning engines without any direct hit to their budget. Worst case, three modest systems capable of running scanners might run around $4,500, if we’re being conservative and include labor to set them up.
  • Maintaining value (labor): this breaks down into a few categories
    • Maintenance of the scan engine (e.g., tweaking scan configurations) and the underlying OS: 4 hours per scan engine per month at a junior rate comes to $4,845.60 per year.
    • The work of building and distributing reports and metrics will vary widely depending on the organization, but we’ll say a middle-of-the-road estimate would come to 2 hours per week, for a total of $3,499.60 per year.
    • The work of analyzing and validating vulnerabilities can be the real time killer for a lot of organizations. It’s also tough to estimate, as the workload is heaviest when scanning assets for the first time, and wanes over the life of the asset somewhat. Throw in compliance and regulatory requirements and that workload increases dramatically (e.g., PCI and the need to obtain quarterly clean scans for the QSA). Our estimate, for a non-regulated organization is going to be 80 hours of work in the first month, going down to 20 hours per month after that initial big push. That initial 80 hours will likely involve senior folks to help triage findings (say, a 50/50 split) and train junior folks on separating signal and noise. We’ll estimate a 25/75 split for the ongoing work, as senior folks continue to validate some of the vulnerabilities and mentor junior staff. The total comes to $13,292.70 per year.
    • Finally, tracking down unknown assets and their owners can also eat a lot of time and has a similar workload curve that’s heavy on the front, but tapers off to a constant value over time. Assuming a split between senior and junior staff that mirrors the previous estimate, we can easily see 40 hours spent on this in the first month and 10 hours per month following. The total comes to $6,646.36
The VM console displays some useful information and statistics.
Our scan, starting daily with enough time to complete just before the coffee finishes brewing (not a coincidence).
We initially did a double take when we saw “Malware Infections” on the dashboard.
Color-coded nodes make it easy to spot problem assets and their relationships at a glance.
Adrian Sanabria

Adrian joined SC Media’s parent company, CyberRisk Alliance in 2020. He will focus primarily on cybersecurity product reviews, but will also provide industry insight trends for both SC Media and Security Weekly (another CyberRisk Alliance company). He brings two decades of industry experience, working as a practitioner, penetration tester, and industry analyst. He spent the last few years as an entrepreneur, challenging norms in sales and marketing for a variety of vendors. Adrian loves to cook, eat, hike, play music and regale his teenagers with stories of what the early days of the Internet were like.

prestitial ad