Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

The ROI on Intrusion Prevention: Protecting Both Your Network & Investment

View on-demand: http://event.on24.com/wcc/r/1125108/92F1EBE9F405FFB683B79FD046CAC8B7
Forrester Research recently conducted a Total Economic Impact (TEI) study, commissioned by IBM, to examine the potential return on investment (ROI) that organizations may achieve by deploying IBM Security Network Protection (XGS), a next-generation intrusion prevention system (IPS). The study determined that by implementing IBM Security Network Protection (XGS), organizations realize an increase in network performance and availability, while also enjoying reduced costs and security risks.

Join us at this complimentary webinar to hear directly from our guest, Forrester TEI consultant Ben Harris, about the results of IBM Security Network Protection (XGS) study.

  • Inicia sesión para ver los comentarios

The ROI on Intrusion Prevention: Protecting Both Your Network & Investment

  1. 1. © 2015 IBM Corporation The Total Economic Impact™ of IBM Security Network Protection (XGS) Ben Harris Business Technology Strategy Consultant Forrester Consulting Paul Griswold Program Director, Strategy & Product Management Threat Protection & X-Force IBM Security The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
  2. 2. 2© 2015 IBM Corporation Threat Management.NEXT New protection and integration capabilities to stay ahead of the threat Advanced Malware Defense Blocks malware infections on the network The history of IBM Security Network Protection (XGS) Evolving beyond intrusion prevention to provide greater value SSL Inspection Protects against attacks hidden inside encrypted traffic URL/App Control Protects users from visiting risky sites on the web Web App Protection Heuristically protects against common app-based attacks Behavioral Defense Protects against attacks based on behavior, not specific vulnerabilities Intrusion Prevention Protects attacks on vulnerabilities, not exploits Intrusion Detection Evolutionbasedonclientneeds 1997+ 2002+ 2005+ 2008+ 2012+ 2013+ 2014+ Future
  3. 3. 3© 2015 IBM Corporation XGS appliance models IBM Network Protection XGS Capabilities per Model XGS 3100 XGS 4100 XGS 5100 XGS 7100 XGS Virtual Inspected Throughput Up to 800 Mbps Up to 1.5 Gbps Up to 7.0 Gbps Up to 25 Gbps Up to 1 Gbps Flexible Performance Levels 400 and 800 Mbps 750 Mbps and 1.5 Gbps 2.5, 4.0, 5.5, and 7.0 Gbps 5, 10, 15, 20, and 25 Gbps 600 Mbps and 1 GBps Inspected Throughput (with SSL/TLS) Up to 500 Mbps (in) Up to 400 Mbps (out) Up to 900 Mbps (in) Up to 700 Mbps (out) Up to 4.5 Gbps (in) Up to 2.5 Gbps (out) Up to 12 Gbps (in) Up to 7.5 Gbps (out) Up to 500 Mbps (in) Up to 400 Mbps (out) Pluggable Network Interface Modules 0 1 2 4 0 Protected Segments 2 Up to 6 Up to 10 Up to 16 Up to 4 XGS 5100 XGS 4100 XGS 7100 XGS 3100
  4. 4. 4© 2015 IBM Corporation In the past two years, IBM has introduced:  Five new XGS models, covering throughput from 400 Mbps to 25 Gbps + virtual environments  On-appliance inbound and outbound SSL inspection  IP reputation, including intelligence from 270M hosts via Trusteer  Industry-first Flexible Performance Licensing, allowing customers to increase inspected throughput via a software license  IBM Threat Protection System, including integrations with IBM products + FireEye, Damballa, and Trend Micro (with more to come)  Enhanced QRadar integration, including layer 7 flow data and right-click quarantine to block operator- detected threats  OpenSignature support, which allows users to detect and block custom traffic patterns using the SNORT syntax
  5. 5. 5© 2015 IBM Corporation Ahead of the Threat Protection by IBM X-Force Shellshock CVE 2014-6271 MS OLE Remote Code Execution CVE-2014-6332 MS SharePoint Priv Escalation CVE-2015-1640 IE Cross-Domain Info Disclosure CVE-2015-0070 Cisco Prime SQL Injection CVE-2015-6350 DisclosedIBM Protection 2007 2015 Sept 2014Jun 2007 (10 other vulnerabilities covered) Shell_Command_Injection 7.3 years ahead Oct 2014 6.8 years ahead (201 other vulnerabilities covered) CompoundFile_Shellcode_DetectedFeb 2008 Apr 2015 (31 other vulnerabilities covered) HTTP_HTML_Tag_InjectionNov 2008 6.4 years ahead Feb 2015Nov 2008 (10,000+ other vulnerabilities covered) Cross_Site_Scripting 6.3 years ahead Oct 2015Jun 2007 (9,500+ other vulnerabilities covered) SQL_Injection 6.9 years ahead
  6. 6. 6© 2015 IBM Corporation Backed by the reputation and scale of IBM X-Force IBM X-Force Exchange Research and collaboration platform and API Security Analysts and Researchers Security Operations Centers (SOCs) Security Products and Technologies OPEN a robust platform with access to a wealth of threat intelligence data SOCIAL a collaborative platform for sharing threat intelligence ACTIONABLE an integrated solution to help quickly stop threats A new platform to consume, share, and act on threat intelligence IBM X-Force Exchange is: Try it today at http://xforce.ibmcloud.com
  7. 7. 7© 2015 IBM Corporation Learn more about IBM Security Network Protection (XGS) countries where IBM delivers managed security services industry analyst reports rank IBM Security as a LEADER enterprise security vendor in total revenue clients protected including… 130+ 25 No. 1 12K+ 90% of the Fortune 100 companies Visit the website IBM Security Network Protection Watch the videos IBM Security Network Protection Read new blog posts SecurityIntelligence.com Follow us on Twitter @ibmsecurity Join IBM X-Force Exchange xforce.ibmcloud.com
  8. 8. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security
  9. 9. The Total Economic Impact™ Of IBM Security Network Protection (XGS) Webinar Forrester Consulting Ben Harris Consultant February 10, 2016
  10. 10. © 2016 Forrester Research, Inc. Reproduction Prohibited 11 Source: The Total Economic Impact of IBM Security Network Protection (XGS), February 2016 Agenda ›What is TEI? ›Executive summary ›Analysis ›Financial summary ›Question and answer Please note: This slide presentation is an abridged, graphical, and complementary representation of a case study. For a full explanation of methodology and details on model calculations, please refer to the full case study IBM Security Network Protection (XGS) February 2016
  11. 11. © 2016 Forrester Research, Inc. Reproduction Prohibited 12 What is TEI? Background and methodology
  12. 12. © 2016 Forrester Research, Inc. Reproduction Prohibited 13 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 “Next level” business case justifications are increasingly vital for critical investments Somewhat important 33% Somewhat unimportant 4% Not at all important 3% Very important 60% TCO ROI TEI IT Impact IT costs    IT cost savings    Business Impact User efficiency   Business effectiveness   Risk/ uncertainty Risk mitigation  Risk versus reward  Strategic Impact Scalability  Flexibility  Base: 825 IT decision-makers at North American enterprises Do I need a business case? What is an effective business case? • Over 90% of IT decision-makers find value in a business case • TEI adjusts for risks and factors the flexibility of a product into the case study
  13. 13. © 2016 Forrester Research, Inc. Reproduction Prohibited 14 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 The TEI framework centers on quantifying benefits, capturing costs, evaluating flexibility, and adjusting risk Benefits Costs Flexibility Total Economic ImpactTM (TEI) R i s k
  14. 14. © 2016 Forrester Research, Inc. Reproduction Prohibited 15 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 The TEI approach involves key stakeholders at Forrester, IBM, and IBM’s customers Perform due diligence Conduct customer interview Construct financial model Write case study Deliver webinar • Consult Forrester Analyst • Interview IBM stakeholders • Interview with IBM customer • Collect data • Populate model • Describe the model • Review with interviewee • Webinars • Presentation
  15. 15. © 2016 Forrester Research, Inc. Reproduction Prohibited 16 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 Disclosures The audience should be aware of the following: › This document is an abridged webinar version of a full case study (Forrester Total Economic Impact of IBM Security Network Protection (XGS), February 2016). › The study is commissioned by IBM and delivered by the Forrester Consulting group. › Forrester makes no assumptions as to the potential return on investment that other organizations will receive. Forrester strongly advises that readers should use their own estimates within the framework provided in the report to determine the appropriateness of an investment in IBM › IBM reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study. › The customer name for the interview was provided by IBM. › Forrester does not endorse IBM.
  16. 16. © 2016 Forrester Research, Inc. Reproduction Prohibited 17 Executive summary High level findings
  17. 17. © 2016 Forrester Research, Inc. Reproduction Prohibited 18 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 XGS delivers security and performance as well as an attractive ROI Return on Investment: 340% Net Present Value: $1,075,592 Payback Period: 1.9 months Based on an analysis of IBM XGS’s customer feedback, Forrester has determined XGS has the following three-year risk-adjusted financial impact: EXECUTIVE SUMMARY XGS Interviewed organization Robust security and desirable performance
  18. 18. © 2016 Forrester Research, Inc. Reproduction Prohibited 19 Analysis Interview highlights and model
  19. 19. © 2016 Forrester Research, Inc. Reproduction Prohibited 20 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 Forrester interviewed one organization, who shared their challenges and objectives prior to using XGS Small security team Required high availability Network performance critical Security attacks common to region
  20. 20. © 2016 Forrester Research, Inc. Reproduction Prohibited 21 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 The interviewed organization noted several key results from its investment in XGS “Choosing XGS was a no-brainer because of the ability to utilize the SSL decryption for inbound traffic.” - Deputy chief security officer “Configuring the rules is incredibly easy.” - Deputy chief security officer “We deployed the configuration that actually blocks the regions that are known for their hostility against our country’s organizations.” - Deputy chief security officer
  21. 21. © 2016 Forrester Research, Inc. Reproduction Prohibited 22 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 The interviewed organization quantified key benefits resulting from its investment in XGS NETWORK PERFORMANCE No degradation in network speed SECURITY Financial impact of a breach AVAILABILITY Highly available network MANAGEMENT & CONFIDENCE Manage access and traffic from one solution
  22. 22. © 2016 Forrester Research, Inc. Reproduction Prohibited 23 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 Network performance with robust security • XGS allows for high productivity without additional network tuning • Hardware and software is a one-time metric Metric Year 1 Year 2 Year 3 Total population 2500 2500 2500 % of population affected 15% 15% 15% Time impacted 40 40 40 Productivity factor 20% 20% 20% FTE cost per hour $60 $60 $60 FTE cost avoidance of network tuning $150,000 $150,000 $150,000 Current HW & SW solution costs, including maintenance (already purchased) $200,000 Network performance $530,000 $330,000 $330,000 Network performance 73% Three-Year Benefit
  23. 23. © 2016 Forrester Research, Inc. Reproduction Prohibited 24 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 The cost avoidance of a security breach • Assuming one breach in a three-year period • Reflects benefit realization in the first year Metric Year 1 Year 2 Year 3 Cost of an incident $15,400,000 Probability of breach 9.000% % reduction 20% Security $277,200 Security $277,200 Security 17% Three-Year Benefit
  24. 24. © 2016 Forrester Research, Inc. Reproduction Prohibited 25 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 What availability means • Lost revenue and % reduction are key drivers • Variables are based on research Metric Year 1 Year 2 Year 3 Lost revenue $1,570,000 $1,570,000 $1,570,000 Regulatory fines related to downtime $125,000 $125,000 $125,000 Probability of breach 3.000% 3.000% 3.000% % reduction 20% 20% 20% Availability $10,170 $10,170 $10,170 Availability 2% Three-Year Benefit
  25. 25. © 2016 Forrester Research, Inc. Reproduction Prohibited 26 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 Benefits to the technology executives • Extends security team by taking security policy updates away • Allows the team to control access simply yet effectively Metric Year 1 Year 2 Year 3 FTE cost avoidance of managing security policies $150,000 $150,000 $150,000 % reduction 30% 30% 30% Management and confidence $45,000 $45,000 $45,000 Management & Confidence 8% Three-Year Benefit
  26. 26. © 2016 Forrester Research, Inc. Reproduction Prohibited 27 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 Traditional hardware and licensing cost structure 29% 16% 27% 28% Hardware -- $101,352 Initial costs • $101,352 Ongoing costs • N/A Licensing fees -- $57,680 Initial costs • N/A Ongoing costs • $57,680 in year 2
  27. 27. © 2016 Forrester Research, Inc. Reproduction Prohibited 28 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 Modest maintenance and implementation costs 29% 16% 27% 28% Maintenance -- $95,584 Initial costs • $22,248 Ongoing costs • $36,668 in years 2 & 3 Implementation -- $100,000 Initial costs • N/A Ongoing costs • $75,000 in year 1 • $25,000 in year 3
  28. 28. © 2016 Forrester Research, Inc. Reproduction Prohibited 29 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 In addition to benefits and costs, TEI includes potential future “flexibility” options Flexibility, as defined by TEI, represents the opportunity to make an investment in additional capacity or capability that could be turned into future business benefit: › SLL encryption inspection › Geo-blocking
  29. 29. © 2016 Forrester Research, Inc. Reproduction Prohibited 30 Financial summary Results
  30. 30. © 2016 Forrester Research, Inc. Reproduction Prohibited 31 Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016 The three-year cash flow for XGS shows a ROI of 340%, a NPV of over $1M, and a payback period of 1.9 months ($200,000) $0 $200,000 $400,000 $600,000 $800,000 $1,000,000 $1,200,000 $1,400,000 Initial Year 1 Year 2 Year 3 Cashflows Financial Analysis (risk-adjusted) Total costs Total benefits Cumulative total Cash Flow Analysis Summary Initial Year 1 Year 2 Year 3 Total Present Value Total costs ($123,600) ($75,000) ($94,348) ($61,668) ($354,616) ($316,087) Total benefits $0 $862,370 $385,170 $385,170 $1,632,710 $1,391,679 Total ($123,600) $787,370 $290,822 $323,502 $1,278,094 $1,075,592 ROI 334% 340% Payback period (months) 1.9
  31. 31. © 2016 Forrester Research, Inc. Reproduction Prohibited 32 Question and answer
  32. 32. Thank you forrester.com Ben Harris +1 617.613.6413 bharris@forrester.com

×