Most organizations employ some kind of detection-based security to protect their systems. But a new report by cyber security company Bromium reveals that this approach has major hidden costs.
Upfront licensing and deployment costs security-detection tools like anti-virus are dwarfed by the cost of human skills and effort needed to manage and assess the millions of alerts and false-positive threat intelligence generated.
The findings, based on a survey of 500 CISOs from global enterprises, show that organizations invest $345,300 per year on detect-to-protect security tools. However, the average annual cost to maintain this endpoint security is $16,714,186, per enterprise.
This figure is based on security teams spending 413,920 hours per year triaging alerts, and an additional 2,448 hours rebuilding compromised machines, plus 780 hours on emergency patching. That adds up to 417,148 hours per year; resulting in an annual labor cost of $16,368,886, per enterprise.
Gregory Webb, CEO of Bromium says:
Detection requires a patient zero -- someone must get owned and then protection begins. Yet, because of this, rebuilds are unavoidable; false positives balloon; triage becomes more complex and emergency patching is increasingly disruptive. It's no surprise that 63 percent of the CISOs we surveyed said they're worried about alert fatigue. Our customers tell us their SOC teams are drowning in alerts, many of which are false positives, and they are spending millions to address them.
Meanwhile, advanced malware is still getting through because cyber criminals are focusing on the weak spots like email attachments, phishing links and downloads. This is why organizations must consider the total cost of ownership when making security investments, rather than just following the detect-to-fail crowd.
The research also shows that organizations are investing in multiple security layers to defend against hackers, including: Advanced Threat Detection (annual spend $159,220); next-generation and traditional anti-virus (annual spend $44,200); whitelisting and blacklisting ($29,540 annual spend), and detonation environments ($112,340 annual spend).
You can find out more about the findings in the full report on the Bromium website. And there's an infographic summary of the findings below.