Академический Документы
Профессиональный Документы
Культура Документы
SPONSORED BY
sponsored by
Osterman Research, Inc. • P.O. Box 1058 • Black Diamond, Washington 98010-1058
Phone: +1 253 630 5839 • Fax: +1 866 842 3274 • info@ostermanresearch.com • www.ostermanresearch.com
Cloud-Client Enterprise Security Impact Report
Compounding the problem is the fact that malware is becoming more virulent, more
stealthy and more difficult to detect.
Worse, the lifecycle for many
malware variants can now be
Each year in an enterprise
measured in minutes, not hours or
days – many variants appear, do their
of
5,000 employees:
damage and then disappear long
before new pattern files or signatures 2/3 of endpoints
can be deployed and propagated to
servers and clients on the network. get infected
However, if an organization could
dramatically reduce the length of $197,300 is lost
time required to access threat cleaning endpoints
intelligence using in-the-cloud
reputation databases to block new
malware and spam variants before is lost
$160,300
they even reach the network, it could
reduce the rate of endpoint infection,
in employee productivity
lower its security management and
lost productivity costs, and reduce
the likelihood of security breaches.
is lost
>$100,000
Further, if an organization opted to by >10% of companies for
combine these activities with the each security breach suffered
consolidation of its content security
infrastructure to just a single vendor,
the advantages and cost savings But they can
would be even greater. save almost $60 per employee
This white paper discusses the many each year if using a
benefits of faster access to threat comprehensive content
intelligence, using a cloud-client
architecture for immediate security solution with a
protection, as well as the benefits to cloud-client architecture instead
enterprises of consolidating to a
of their conventional approach
©2009 Osterman Research, Inc. 1
Cloud-Client Enterprise Security Impact Report
single vendor for content security infrastructure. Together these benefits can save over
40% of an enterprise’s total security management costs, not to mention savings on reduced
productivity loss, a reduced number of security breaches and other, less tangible costs.
The paper discusses the cost model developed by Osterman Research specifically for this
white paper, as well as the solutions offered by Trend Micro that can significantly improve
an organization’s content security infrastructure.
Every endpoint represents a potential entry point for a virus, worm, Trojan horse or some
other form of malware to gain a foothold in the corporate network. Today, malware is part
of a cybercrime economy and cyber criminals are using multiple endpoints and delivery
mechanisms to steal data and resources. The more popular the use of the business tool,
the more often it is targeted by the cyber criminals.
typical you can expect that in any given year nearly two-thirds of your organization’s
endpoints will become infected.
During a typical month, IT will spend a mean of 428 person-hours simply cleaning
infected endpoints. If we assume that the fully burdened salary for an IT staff member is
$80,000, IT will spend $16,442 per 5,000 employees on IT labor each month just to
clean endpoints from malware.
However, because employees are often idle while their systems are being cleaned,
employee productivity suffers as a result of infections. If we assume that the fully burdened
salary for the typical employee infected with malware is $ 65,000, then productivity loss
from infected endpoints equals $ 13,359 per 5,000 employees per month.
The bottom line is that organizations spend significant amounts just on cleaning endpoints
from various types of malware infections: the combination of IT and non-IT costs totals
over $357,620 per 5,000 employees each year.
Only 4% of organizations that have suffered a security breach during the previous 12
months have not experienced any negative consequences. Further, respondents told us
that when a security breach occurred, their network was down for a mean of 74 minutes
(median of 18 minutes).
Based on an average of the data shown in the figure below, Osterman Research estimates
that the average cost of a security breach is $ 48,698. This was calculated by taking the
midpoint of each cost range shown below (and estimating an $800,000 cost for the “more
than $500,000 range”) and multiplying by the likelihood of each cost.
We also asked organizations about the likelihood of a security breach occurring during the
next 12 months. While no respondents told us that there is almost no chance that a
security breach will occur and 5% told us that a security breach is a virtual certainty, the
average was just under 45%. In other words, organizations believe there is a 45% chance
that a security breach will occur in their networks during the next 12 months.
Using traditional quantitative business analysis methods, if we multiply the average cost of
a security breach by the likelihood of its occurrence, then the average cost of a security
breach that organizations will experience during the next 12 months is $21,839 ($48,698
* 44.8%). However, this represents the low end of the cost of potential security breaches.
For example, a breach of personally identifiable information can result in a requirement to
send each victim a letter explaining the breach, the cost of credit reports and the like. A
single breach can actually reach millions of dollars, not to mention the tremendously
negative impact on an organization’s reputation.
• There is a mean of 216 employees supported for every IT staff member. This varies
widely, from much lower numbers in small organizations to much higher numbers in
large ones. If we assume that the fully burdened salary for an IT staff member is
$80,000 annually, the cost of IT labor per employee is $ 370 per year, or just under
$31 per employee per month.
• During a typical week, IT staff spend the following lengths of time on various tasks in a
5,000-employee organization:
Using the $80,000 figure as above, the cost of these three activities totals almost $290,500
per year, or the equivalent of 3.6 FTE IT staff members. Add this to the cost of cleaning
infections and organizations of 5000 employees are spending at least $ 487,700 on
content security management.
COST SUMMARY
Based on the analysis above, the annual costs experienced by organizations of 5,000
employees are the following:
• IT labor to address endpoint infections: ~$197,300 per 5,000 employees per year
• The IT labor cost per year for managing pattern files, signatures and other critical
endpoint issues is $124,000
• The IT labor cost per year for managing false positives and related issues caused by the
security infrastructure is $102,000
• The annual IT labor cost for upgrading resource capacity for security is $64,423
Content security management is expensive and much of this cost is related to antimalware-
focused tasks and resources. Organizations spend a considerable amount trying to defend
against malware, including labor costs to manage pattern files, deal with false positives as
well as additional bandwidth, storage, new servers or appliances, and other network
upgrades needed to support the increasing size of pattern files and signatures downloaded
to the endpoints to protect against the numerous spam and malware variants. Even with
these efforts, organizations using conventional content security methods have 2/3 of their
endpoints infected each year—adding the cost of cleaning these endpoints. These costs
also do not consider the additional benefits the enterprise would receive if the IT staff
could be used on higher priority initiatives that increase productivity and generate more
revenue.
We asked survey respondents the following question: “Imagine that your server and
endpoints could be updated 10 times faster with new pattern files/signatures after a new
threat has been detected (for example, going from eight hours to update signatures to 15
minutes).” Note that the survey phrased the faster access to threat intelligence as a pattern
file / signature update instead of trying to explain a cloud-client architecture in the survey.
However, the key to the survey response is that the organization has access to threat
intelligence within 15 minutes.
One of the important advantages of faster protection would be to reduce the chances of a
security breach. For example, instead of an almost 45% chance of a data breach occurring
during the next 12 months as discussed above, respondents told us that with faster
protection there would be a 36% chance of such a breach.
Osterman Research developed a cost model specifically for this white paper that allows an
organization to estimate the cost advantages it might obtain from having faster access to
threat intelligence. For example, we have estimated the following for an organization of
5,000 employees:
• There would be a 2% reduction in IT staff investments for managing false positives and
related issues.
Based on these assumptions, Osterman Research estimates that the total security
management cost savings an organization would receive by getting faster protection
through a cloud-client content security solution would equal 34% of the total content
security management costs. Add this to the lost productivity costs saved and security
breaches avoided and, for an organization of 5,000 employees, this would equal roughly
$268,936, or annual savings of $53.79 per employee per year more than what an
organization saves with their current, conventional content security solutions.
Threat information is analyzed using the global knowledge of over 1,000 dedicated
content security experts at TrendLabs, Trend Micro’s global network of research,
service, and support centers. This data is correlated across three types of reputation
databases – Web, email and file. If one element shows a bad reputation, it is
automatically blocked across all threat delivery methods – providing immediate
protection at every point of attack – spam sources, embedded links, dangerous files,
and web sites with malicious content. These reputation databases are constantly
updated, and mutually reinforcing to provide significantly better protection than
would be possible using any of these technologies by itself.
protected. And this protection can also be accessed by roaming users when both on
and off the network. This immediate access to threat intelligence lowers exposure to
dangerous spam and malware, reducing malware infections and security breaches.
The reputation databases also stop threats at their source, limiting the amount of
spam and malware on the network and saving on costly resources.
Here is a summary of the additional amount enterprises can save using Trend Micro
Enterprise Security versus more conventional content security across multiple
vendors:
Estimated
Content Per
Security Employee
Mgmt. % of Overall Additional Annual
Savings Savings by Content Content Savings
Number of with Faster Using One Security Security with Trend
Employees Protection Vendor Mgmt. Costs Savings Micro
1,000 $32,743 $6,156 40% $24,473 $63.37
5,000 $163,713 $30,782 40% $105,223 $59.94
10,000 $327,426 $61,563 40% $206,160 $59.51
Trend Micro Enterprise Security powered by the Smart Protection Network provides
immediate protection with less complexity, offering lower business risks and costs to
enterprises.
Summary
Malware is bad and getting worse. Malware variants are becoming more numerous, more
virulent, more difficult to detect and their lifecycle is becoming dramatically shorter.
Organizations that employ a more traditional content security infrastructure whose pattern
files and signatures are updated only once or twice each day are at a serious disadvantage,
since malware variants can enter a network, do their damage and then disappear before
the enterprise deploys the latest pattern files or signatures to address them.
Trend Micro provides just such a solution with Trend Micro Enterprise Security powered by
the Smart Protection Network. This approach provides immediate protection in an
integrated solution that combines web, messaging, and endpoint security. This
comprehensive content security saves cost today while also providing a sustainable
architecture as threats evolve in the future.
No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of
Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior
written authorization of Osterman Research, Inc.
Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this
document or any software product or other offering referenced herein serve as a substitute for the reader’s compliance with
any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc.
(collectively, “Laws”)) referenced in this document. If necessary, the reader should consult with competent legal counsel
regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the
completeness or accuracy of the information contained in this document.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED
REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY
OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE
DETERMINED TO BE ILLEGAL.