The Real Cost of Manual Security Operations
More tools, processes, or people doesn’t always equal better security. In fact, the more you have to manage, the costlier it can get. But as threats evolve, technologies and processes change, and so too must security operations.
If your security operations are highly manual today, this post will help you visualize what that is costing your organization, not just from a monetary standpoint, but from an efficiency and speed perspective, too. We’ll start by looking at the three major areas of security: technology, processes, and people, and then explain how you can optimize to reduce costs.
The Real Cost of Security Technologies
Every company’s security technology stack will look a little different depending on the type of threats it faces. While there are obvious costs, like the purchase price of the technology itself, there are several other factors to consider, including:
- Up-front purchase price
- Onboarding and setup fees
- Monthly subscription costs
- Other ongoing fees (e.g. maintenance, storage, backups, support, etc.)
- Service fees
In addition to the costs above, you should think about whether the money that’s being spent is getting you as much value as it should. For example, to access the full potential of many security technologies, you need the ability to integrate and then automate processes between them. If you decide to do this by building custom integrations, you’ll have to factor in development resources, which of course come with their own associated costs. And if you don’t have in-house resources, this can be a major road block.
The Real Cost of Developing Manual Processes
When it comes to security, every company is different. That’s why many teams attempt to develop processes and integrations that are unique to their organizations. This sounds good in theory, but it’s not without its own costs and hiccups. In order to develop good security processes—ones that work consistently, save time, and improve your overall security posture, you will want to minimize the amount of manual labor that goes into each security task or action.
If you rely on overly manual processes, you can waste a lot of time, which of course means bad ROI for your security investments. For example, to manually investigate a phishing attempt, you would need to:
- Grab the alert
- Extract URLs, IPs, domains, hashes, or attachments
- Scan the contents to see reputations or see if malicious content is found
- If an artifact is indeed malicious, perform escalation by creating a ticket and notifying the team
- Find out whether the user clicked the links or downloaded the content, and if so, what happened next
- If any malicious code was downloaded, you will have to:
- Figure out where the victim machine is located
- Identify compromised files
- Wipe and restore
In addition to the actual work of executing a process like this, it can take a long time to develop the security process and to train the team on how to execute it. Plus, it will need to be tested and regularly maintained and updated. The time to manually triage, respond, and remediate can be upwards of hours per ticket, depending on the scale of the phishing attack, leaving little to no room for other strategic security initiatives. This bring us to our final point, and where manual work really hamper security operations...
The Real Cost of Personnel
Good security talent is hard to come by today, and when you do find it, you can bet it won’t be cheap. So, you want to be sure you’re optimizing your investment in people, too. In our white paper, The ROI of Security Automation & Orchestration, we took a look at some common security titles and their median salaries in a major city like Boston, according to Glassdoor, Silverbull, and several other sources:
|Senior Security Analyst||$112,000|
|IT Security Manager||$105,768|
|Chief Security Officer||$204,000|
Time is money, and if your talent is focused on tasks like manually coding every integration, conducting a routine task like investigating a phishing incident, or regularly reviewing the structure of your processes, the cost of those tasks becomes quite pricey!
For the sake of simplicity, let’s say you’re paying a security hire $100,000 per year. Let’s assume that person is spending 80% of his or her time handling alerts (and that’s probably not too far off, given the average U.S. enterprise receives 10,000 security alerts per day).
That means you’re spending $80,000 per year for one employee to review alerts, many of which are either false positives or can be handled better with automation. Now multiply that by however many employees you have doing routine tasks like alert investigation, and you can start to see where the money is going.
Reduce Manual Security Operations with Security Orchestration
Now that we’ve broken down the manual cost of security operations across people, process, and technology, consider this: a good security orchestration solution (like Komand) can not only help to connect tools and automate processes between them, but it can handle tedious tasks for you and your team in a matter of minutes.
Time-to-response and remediation will drastically accelerate, which ultimately means cost saved — based on analyst and engineering time — across security operations. And this is where security orchestration will truly provide benefit to you and your colleagues. By investing in a security orchestration platform, you can extract the full value of every tool in your toolbox, while alleviating your team from time-intensive tasks, and streamlining security processes to be as efficient as possible.
Ready to optimize the ROI of your people, processes, and tools? We’ve got a free white paper to help you calculate your ROI for security orchestration and automation.
The ROI of Security Orchestration and Automation
About Gwen Betts
Gwen is the Director of Customer Experience at Komand. As the lead for product design and marketing, Gwen loves building products and brands, and obsesses over the intersection of product and marketing. She strives to create a usable and enjoyable experience across all functions, especially with a security focus.