The ROI on Intrusion Prevention: Protecting Both Your Network & Investment

© 2015 IBM Corporation
The Total Economic Impact™ of IBM Security Network Protection (XGS)
Ben Harris
Business Technology Strategy Consultant
Forrester Consulting
Paul Griswold
Program Director, Strategy & Product Management
Threat Protection & X-Force
IBM Security
The ROI on Intrusion Prevention:
Protecting Both Your Network & Investment

2© 2015 IBM Corporation
Threat Management.NEXT
New protection and integration capabilities
to stay ahead of the threat
Advanced Malware Defense
Blocks malware
infections
on the
network
The history of IBM Security Network Protection (XGS)
Evolving beyond intrusion prevention to provide greater value
SSL Inspection
Protects against attacks
hidden inside
encrypted
traffic
URL/App Control
Protects users from
visiting
risky sites
on the web
Web App Protection
Heuristically protects
against common
app-based
attacks
Behavioral Defense
Protects against
attacks based
on behavior,
not specific
vulnerabilities
Intrusion Prevention
Protects
attacks on
vulnerabilities,
not exploits
Intrusion
Detection
Evolutionbasedonclientneeds
1997+ 2002+ 2005+ 2008+ 2012+ 2013+ 2014+ Future

XGS appliance models
IBM Network Protection XGS
Capabilities per Model XGS 3100 XGS 4100 XGS 5100 XGS 7100 XGS Virtual
Inspected Throughput Up to 800 Mbps Up to 1.5 Gbps Up to 7.0 Gbps Up to 25 Gbps Up to 1 Gbps
Flexible Performance
Levels
400 and 800 Mbps
750 Mbps and
1.5 Gbps
2.5, 4.0,
5.5, and 7.0 Gbps
5, 10, 15,
20, and 25 Gbps
600 Mbps and
1 GBps
Inspected Throughput
(with SSL/TLS)
Up to 500 Mbps (in)
Up to 400 Mbps (out)
Up to 900 Mbps (in)
Up to 4.5 Gbps (in)
Up to 2.5 Gbps (out)
Up to 12 Gbps (in)
Up to 7.5 Gbps (out)
Up to 500 Mbps (in)
Pluggable Network
Interface Modules
0 1 2 4 0
Protected Segments 2 Up to 6 Up to 10 Up to 16 Up to 4
XGS 5100
XGS 4100
XGS 7100
XGS 3100

In the past two years, IBM has introduced:
 Five new XGS models, covering throughput from 400 Mbps to 25 Gbps + virtual environments
 On-appliance inbound and outbound SSL inspection
 IP reputation, including intelligence from 270M hosts via Trusteer
 Industry-first Flexible Performance Licensing, allowing customers to increase inspected throughput
via a software license
 IBM Threat Protection System, including integrations with IBM products + FireEye, Damballa, and
Trend Micro (with more to come)
 Enhanced QRadar integration, including layer 7 flow data and right-click quarantine to block operator-
detected threats
 OpenSignature support, which allows users to detect and block custom traffic patterns using the
SNORT syntax

Ahead of the Threat Protection by IBM X-Force
Shellshock
CVE 2014-6271
MS OLE Remote
Code Execution
CVE-2014-6332
MS SharePoint
Priv Escalation
CVE-2015-1640
IE Cross-Domain
Info Disclosure
CVE-2015-0070
Cisco Prime
SQL Injection
CVE-2015-6350
DisclosedIBM Protection
2007 2015
Sept 2014Jun 2007
(10 other vulnerabilities covered)
Shell_Command_Injection
7.3 years ahead
Oct 2014
6.8 years ahead
CompoundFile_Shellcode_DetectedFeb 2008
Apr 2015
HTTP_HTML_Tag_InjectionNov 2008
6.4 years ahead
Feb 2015Nov 2008
(10,000+ other vulnerabilities covered)
Cross_Site_Scripting
6.3 years ahead
Oct 2015Jun 2007
(9,500+ other vulnerabilities covered)
SQL_Injection
6.9 years ahead

Backed by the reputation and
scale of IBM X-Force
IBM X-Force Exchange
Research and collaboration platform and API
Security
Analysts and
Researchers
Security
Operations Centers
(SOCs)
Security
Products and
Technologies
OPEN
a robust platform with access to
a wealth of threat intelligence
data
SOCIAL
a collaborative platform for
sharing threat intelligence
ACTIONABLE
an integrated solution to help
quickly stop threats
A new platform to consume, share, and
act on threat intelligence
IBM X-Force Exchange is:
Try it today at http://xforce.ibmcloud.com

Learn more about IBM Security Network Protection (XGS)
countries where IBM delivers
managed security services
industry analyst reports rank
IBM Security as a LEADER
enterprise security vendor
in total revenue
clients protected
including…
130+
25
No. 1
12K+
90% of the Fortune 100
companies
Visit the website
IBM Security Network Protection
Watch the videos
Read new blog posts
SecurityIntelligence.com
Follow us on Twitter
@ibmsecurity
Join IBM X-Force Exchange
xforce.ibmcloud.com

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries
or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks
on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.
IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOU
www.ibm.com/security

The Total Economic Impact™ Of
(XGS) Webinar
Forrester Consulting
Ben Harris
Consultant
February 10, 2016

© 2016 Forrester Research, Inc. Reproduction Prohibited
11
Source: The Total Economic Impact of IBM Security Network Protection (XGS), February 2016
Agenda
›What is TEI?
›Executive summary
›Analysis
›Financial summary
›Question and answer
Please note:
This slide presentation is an abridged,
graphical, and complementary
representation of a case study.
For a full explanation of methodology
and details on model calculations,
please refer to the full case study IBM
Security Network Protection (XGS)
February 2016

© 2016 Forrester Research, Inc. Reproduction Prohibited 12
What is TEI?
Background and methodology

13
Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016
“Next level” business case justifications are increasingly
vital for critical investments
Somewhat
important
33%
Somewhat
unimportant
4%
Not at all
important
3%
Very
important
60%
TCO ROI TEI
IT Impact
IT costs   
IT cost
savings
  
Business
Impact
User
efficiency
 
Business
effectiveness
 
Risk/
uncertainty
Risk
mitigation

Risk versus
reward

Strategic
Impact
Scalability 
Flexibility 
Base: 825 IT decision-makers at North American enterprises
Do I need a business case? What is an effective business case?
• Over 90% of IT decision-makers
find value in a business case
• TEI adjusts for risks and factors the flexibility
of a product into the case study

14
The TEI framework centers on quantifying benefits,
capturing costs, evaluating flexibility, and adjusting risk
Benefits
Costs
Flexibility
Total
Economic
ImpactTM
(TEI)
R
i
s
k

15
The TEI approach involves key stakeholders at Forrester,
IBM, and IBM’s customers
Perform due
diligence
Conduct
customer
interview
Construct
financial
model
Write
case
study
Deliver
webinar
• Consult
Forrester
Analyst
• Interview IBM
stakeholders
• Interview with
IBM customer
• Collect data
• Populate
model
• Describe the
model
• Review with
interviewee
• Webinars
• Presentation

16
Disclosures
The audience should be aware of the following:
› This document is an abridged webinar version of a full case study (Forrester Total Economic
Impact of IBM Security Network Protection (XGS), February 2016).
› The study is commissioned by IBM and delivered by the Forrester Consulting group.
› Forrester makes no assumptions as to the potential return on investment that other
organizations will receive. Forrester strongly advises that readers should use their own
estimates within the framework provided in the report to determine the appropriateness of an
investment in IBM
› IBM reviewed and provided feedback to Forrester, but Forrester maintains editorial control
over the study and its findings and does not accept changes to the study that contradict
Forrester’s findings or obscure the meaning of the study.
› The customer name for the interview was provided by IBM.
› Forrester does not endorse IBM.

Executive summary
High level findings

18
XGS delivers security and performance as well as an
attractive ROI
Return on
Investment: 340%
Net Present Value:
$1,075,592
Payback Period:
1.9 months
Based on an analysis of IBM XGS’s customer feedback, Forrester has determined XGS has
the following three-year risk-adjusted financial impact:
EXECUTIVE SUMMARY
XGS Interviewed organization Robust security and
desirable performance

Analysis
Interview highlights and model

20
Forrester interviewed one organization, who shared their
challenges and objectives prior to using XGS
Small security team Required high availability
Network performance critical Security attacks common to region

21
The interviewed organization noted several key results
from its investment in XGS
“Choosing XGS was a no-brainer because of the ability to utilize
the SSL decryption for inbound traffic.”
- Deputy chief security officer
“Configuring the rules is incredibly easy.”
“We deployed the configuration that actually blocks the regions
that are known for their hostility against our country’s
organizations.”

22
The interviewed organization quantified key benefits
resulting from its investment in XGS
NETWORK
PERFORMANCE
No degradation in
network speed
SECURITY
Financial impact of
a breach
AVAILABILITY
Highly available
network
MANAGEMENT
&
CONFIDENCE
Manage access
and traffic from
one solution

23
Network performance with robust security
• XGS allows for high productivity without
additional network tuning
• Hardware and software is a one-time
metric
Metric Year 1 Year 2 Year 3
Total population 2500 2500 2500
% of population affected 15% 15% 15%
Time impacted 40 40 40
Productivity factor 20% 20% 20%
FTE cost per hour $60 $60 $60
FTE cost avoidance of network tuning $150,000 $150,000 $150,000
Current HW & SW solution costs, including
maintenance (already purchased)
$200,000
Network performance $530,000 $330,000 $330,000
Network
performance
73%
Three-Year Benefit

24
The cost avoidance of a security breach
• Assuming one breach in a three-year
period
• Reflects benefit realization in the first
year
Cost of an incident $15,400,000
Probability of breach 9.000%
% reduction 20%
Security $277,200
Security $277,200
Security
17%
Three-Year Benefit

25
What availability means
• Lost revenue and % reduction are key
drivers
• Variables are based on research
Lost revenue $1,570,000 $1,570,000 $1,570,000
Regulatory fines related to downtime $125,000 $125,000 $125,000
Probability of breach 3.000% 3.000% 3.000%
% reduction 20% 20% 20%
Availability $10,170 $10,170 $10,170
Availability
2%
Three-Year Benefit

26
Benefits to the technology executives
• Extends security team by taking security
policy updates away
• Allows the team to control access simply
yet effectively
FTE cost avoidance of managing security
policies
$150,000 $150,000 $150,000
% reduction 30% 30% 30%
Management and confidence $45,000 $45,000 $45,000
Management &
Confidence
8%
Three-Year Benefit

27
Traditional hardware and licensing cost structure
29%
16%
27%
28%
Hardware -- $101,352
Initial costs
• $101,352
Ongoing costs
• N/A
Licensing fees -- $57,680
Initial costs
• N/A
Ongoing costs
• $57,680 in year 2

28
Modest maintenance and implementation costs
29%
16%
27%
28%
Maintenance -- $95,584
Initial costs
• $22,248
Ongoing costs
• $36,668 in years 2 & 3
Implementation -- $100,000
Initial costs
• N/A
Ongoing costs
• $75,000 in year 1
• $25,000 in year 3

29
In addition to benefits and costs, TEI includes potential
future “flexibility” options
Flexibility, as defined by TEI, represents the opportunity to
make an investment in additional capacity or capability that
could be turned into future business benefit:
› SLL encryption inspection
› Geo-blocking

Financial summary
Results

31
The three-year cash flow for XGS shows a ROI of 340%, a
NPV of over $1M, and a payback period of 1.9 months
($200,000)
$0
$200,000
$400,000
$600,000
$800,000
$1,000,000
$1,200,000
$1,400,000
Initial Year 1 Year 2 Year 3
Cashflows Financial Analysis (risk-adjusted)
Total costs Total benefits Cumulative total
Cash Flow Analysis
Summary Initial Year 1 Year 2 Year 3 Total
Present
Value
Total costs ($123,600) ($75,000) ($94,348) ($61,668) ($354,616) ($316,087)
Total benefits $0 $862,370 $385,170 $385,170 $1,632,710 $1,391,679
Total ($123,600) $787,370 $290,822 $323,502 $1,278,094 $1,075,592
ROI 334% 340%
Payback period (months) 1.9

Question and answer

Thank you
forrester.com
Ben Harris
+1 617.613.6413
bharris@forrester.com

The ROI on Intrusion Prevention: Protecting Both Your Network & Investment

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (9)

Similar a The ROI on Intrusion Prevention: Protecting Both Your Network & Investment

Similar a The ROI on Intrusion Prevention: Protecting Both Your Network & Investment (20)

Más de IBM Security

Más de IBM Security (20)

Último

Último (20)

The ROI on Intrusion Prevention: Protecting Both Your Network & Investment