Whitepaper Abstract
Any technology investment today must have an attractive ROI. This paper demonstrates the ROI associated with implementing the leading application whitelisting solution, BOUNCER by CoreTrace. Using a 500-server example, the paper outlines the various levers that generate a rapid and significant ROI. Not only does BOUNCER provide dramatically improved endpoint security, it does so at a significant savings of $938,085 over Endpoint Security 1.0 solutions — a savings of $846 per-server per-year. Moreover, the BOUNCER implementation is forecasted to pay for itself in less than 10 months.
How to Troubleshoot Apps for the Modern Connected Worker
CoreTrace Whitepaper: BOUNCER by CoreTrace ROI Analysis
1. bOunCer by COreTraCe rOi analySiS
BOUNCER by CoreTrace™
Provides True Endpoint Security
with Rapid Breakeven
BOUNCER by CoreTrace™ with its unique Endpoint Security v2.0 whitelisting
solution is sounding the death knell for inferior Endpoint Security v1.0 solutions
(i.e., blacklisting solutions). BOUNCER’s revolutionary 180°-shifted approach to
endpoint security is a disruptive technology that delivers true endpoint security
and sets a new standard-of-care benchmark for the industry. The prevailing
circumstances for endpoint security have inarguably changed for the better.
BOUNCER closes the well-publicized security gaps that plague Endpoint Security
v1.0 solutions that are evident in data-breach headlines that—even though grossly
underreported—are now commonplace.
Not only does BOUNCER’s superior Endpoint Security v2.0 technology provide
true endpoint security, but it does so at a significant savings of $938,085 over
Endpoint Security v1.0 solutions—an $846 savings per server per year (assumes a
three-year 500-server implementation). Moreover, this BOUNCER implementation
is forecasted to pay for itself in less than 10 months and it has an ROI of 277%.
COnTenTS
1 Overview
2 TCO: endpOinT SeCuriTy v1.0 vS. v2.0
3 Three-Year 500-Server Implementation
4 Annual Cost per Server
patch management
Configuration Management and License Auditing
help Desk Support
Failed-System Recovery
lost End-User productivity
Blacklist Signature Subscriptions
Blacklist management
BOUNCER maintenance and Support
BOUNCER management
8 Summary
Ju
ly
20
08
CoreTrace Corporation
6500 River Place Blvd., Building II, Suite 105, Austin, TX 78730
512-592-4100 | sales@coretrace.com | www.coretrace.com
2. BOUNCER by CoreTrace™
Overview “ A massive
BOUNCER by CoreTrace™ with its unique Endpoint Security v2.0 whitelisting solution is data breach at
sounding the death knell for inferior Endpoint Security v1.0 solutions (i.e., blacklisting solutions). Hannaford…
BOUNCER’s revolutionary 180°-shifted approach to endpoint security is a disruptive technology was caused by…
that delivers true endpoint security and sets a new standard-of-care benchmark for the industry. software…secretly
The prevailing circumstances(1) for endpoint security have inarguably changed for the better. installed on servers
BOUNCER closes the well-publicized security gaps that plague Endpoint Security v1.0 solutions at every one of its
that are evident in data-breach headlines that—even though grossly underreported(2)—are now grocery stores…
commonplace. Hannaford said…
that the problem
This paper presents an illustrative analysis of the total cost of ownership (TCO) of potentially
Endpoint Security v1.0 vs. BOUNCER’s Endpoint Security v2.0 to provide a framework for compromised the
discussion of BOUNCER’s return on investment (ROI). The analysis in the main body of the account numbers
paper presents the hard costs; the commentary on the periphery of the paper presents the and expiration dates
really-hard costs—the kind that can crush a company. Fortunately, with BOUNCER-protected on all 4.2 million
endpoints, these really-hard costs for some companies can be avoided costs for your company. credit and debit
While you are reading this paper, allow yourself to become a peripheral visionary:(3) visualize card numbers used
your company navigating the gauntlet of cyberthreats and compliance audits with and without at its stores in six
BOUNCER-protected endpoints and ask yourself what a prudent person would purchase given states…Hannaford
the circumstances now prevailing—v1.0 security-gap-riddled technology or BOUNCER’s v2.0 said it knows of
true endpoint security? about 2,000 cases
Gartner states, “IT security organizations that spend compliance dollars wisely can also solve of fraud related
security gaps and reduce risk.”(4) BOUNCER is the perfect example of this type of investment— to the intrusion…
BOUNCER eliminates the need for and expense of ineffective blacklisting solutions and Hannaford…
BOUNCER protects unpatched vulnerabilities from exploitation, effectively neutralizing has replaced the
zero-day threats; therefore, with BOUNCER-secured endpoints, IT departments, compliance hardware on which
departments, and corporate officers with fiduciary duties can have confidence that zero-day the malware was
threats have zero time-to-live. installed…
Hannaford said…
Not only does BOUNCER’s superior Endpoint Security v2.0 technology provide true endpoint that it was certified
security, but it does so at a significant savings of $938,085 over Endpoint Security v1.0 a year ago as
solutions—an $846 savings per server per year (assumes a three-year 500-server [Windows meeting card
and Solaris] implementation). Moreover, this BOUNCER implementation is forecasted to pay security standards
for itself in less than 10 months and it has an ROI of 277%.(5)(6) and was recertified
on Feb. 27…the day
Visa first notified
Hannaford of
unusual card activity
and began
its investigation.(5)
(1) “In most countries, the management of an organization has a financial responsibility to the owners of a company.
– Ross Kerber
In a publicly traded company, this is the shareholder. When considering the liability that a company or senior
The Boston Globe
executives may face when security is breached, there are several concepts with which one should become familiar.
In no particular order, they are due diligence, due care, and the prudent man rule.
...the prudent man rule is a rule that management must follow when determining if due diligence and due care have
been exercised properly. The prudent man rule states that management is required to perform those duties that
“prudent” people would normally take, given similar circumstances.”
“ The federal lawsuits
filed…over the
Cliff Riggs; Network Perimeter Security: Building Defense In-depth; CRC Press, 2003; pp 10–11. security breach of
(2) Robert McMillan; Most retailer breaches are not disclosed, Gartner says; Computerworld.com; May 26, 2008. Hannaford…have
(http://computerworld.co.nz/news.nsf/scrt/AB1E9146A5D82A3CCC257454007AB6C6)
been consolidated
(3) Comedian Steven Wright: “I’m a peripheral visionary. I can see into the future—just way off to the side.”
and assigned to the
Bruce Weber; COMEDY REVIEW; This Guy Still Finds the World Baffling. Blame the World.; The New York Times; District of Maine…
June 18, 2002. (http://query.nytimes.com/gst/fullpage.html?res=9506EEDA1E3CF93BA25755C0A9649C8B63)
As of June 1,
(4) Mark Nicolett; Key Issues for Infrastructure Protection, 2008; Gartner; March 10, 2008.
(http://www.gartner.com/DisplayDocument?ref=g_search&id=619208) 14 lawsuits had
(5) Ross Kerber; Advanced tactic targeted grocer; The Boston Globe; March 28, 2008.
been filed.(6)
(http://www.boston.com/news/local/articles/2008/03/28/advanced_tactic_targeted_grocer/)
– Judy Harrison
(6) Judy Harrison; Hannaford breach lawsuits assigned to judge; Bangor Daily News; June 10, 2008. Bangor Daily News
(http://bangornews.com/news/t/news.aspx?articleid=165441&zoneid=500)
BOUNCER by CoreTrace ROI Analysis 1
3. BOUNCER by CoreTrace™
“
Hannaford…
TCO: endpOinT SeCuriTy v1.0 vS. v2.0 represents the
first publicly
Endpoint Security v1.0 with its multiple layers of reactive antivirus and blacklisting databases, acknowledged
security patches, and personal firewalls (all of which slow performance and add significant theft of sensitive
cost to network operations) can’t defeat today’s threats (e.g., zero-day attacks from malware, card authorization
rootkits, and buffer overflows)—let alone tomorrow’s. data in transit...
The theft is likely
Zero-day threats are the bane of Endpoint Security v1.0’s reactive blacklisting strategy to be particularly
(that is, to identify malware and keep it out)—since the strategy is dependent on timely signature damaging for
updates, it is inherently flawed and no amount of multi-layering or heuristics can save it. In effect, card-issuing banks.
blacklisting surrenders control to the cybercriminals, handing them the first-strike advantage. The theft of the
Moreover, if the first strike is delivered by a stealth bomber (buffer overflow code injection) that security codes…
happens to drop a kernel-based-rootkit payload, Endpoint Security v1.0 technology is unaware enables criminals
that an attack has occurred and the compromised system is literally open for business.(7) to manufacture
BOUNCER takes a revolutionary 180°-shifted approach to endpoint security providing a unique counterfeit cards,
Endpoint Security v2.0 solution that defeats today’s, tomorrow’s, next year’s…threats—finally, and any fraudulent
efficiently, effectively, BOUNCER stops the madness. charges made using
the counterfeit cards
BOUNCER is proactive, whitelist-based, provides enforcement from within the kernel, and must be borne by
delivers true endpoint security and reduces the cost of managing corporate IT assets through the issuing banks.
the following measures: Under Visa rules,
„ Eliminating the need for reactive security patching (patch for features you need on your if a merchant is
schedule and have time to fully test patches) and chronic signature updating. identified as the
source of the data
„ Blocking configuration drift and reducing the need for frequent license auditing. breach, direct
„ Reducing IT help desk workload by eliminating calls related to security failures, as fraud costs initially
well as performance and system instability issues triggered by rogue applications and borne by the bank
configuration drift. can be charged
back to the retailer.
„ Reducing expensive downtime costs caused by time-consuming recovery efforts and lost Without the security
end-user productivity due to security breaches. codes, criminals
can use the card
TCO for a traditional Endpoint Security v1.0 solution’s blacklisting approach consists of the
information only in
use of antimalware technology plus frequent patching, configuration management, and license
card-not-present
auditing. The costs include staff time to handle security-related help desk calls and recover
environments…
failed systems, annual subscriptions to blacklist signature services, and lost productivity due to
in which case
server downtime and lost end-user productivity. BOUNCER’s Endpoint Security v2.0 solution
the retailer bears
significantly reduces valuable staff time required for patching, configuration management,
liability…This theft
help desk calls, and failed-system recovery, as well as eliminating the cost for annual blacklist
shows that a focus
subscriptions and blacklist management.(8)
on end-to-end
protection of
customer data…
is critical for
merchants and
other card-industry
stakeholders…
Focusing only on
PCI compliance may
(7) “It is foreseeable that a victim of a cyber-extortion scheme involving a DDoS [distributed denial of service] attack will
sue the owners of the networks used to perpetrate the attack. There is no statute that criminalizes allowing one’s
limit the possibility
computer or network to be hijacked and used as a zombie to attack other computers or networks. However, there of fines from
are doctrines and precedents that are applicable to this seemingly novel fact pattern…as security practices become acquiring banks,
more harmonized and routinized over time, the likelihood of a plaintiff winning a negligence lawsuit in the context of but will do nothing
downstream liability will improve…Negligence is clearly the most applicable potential framework in seeking redress
from a business that fails to take reasonable steps in protecting its information system, such as to allow it to become to prevent the
an attack zombie…far from requiring a standard of perfection, an action based on negligence theory will, practically much-larger costs
by definition, seek out and enforce a reasonable standard.” of a data breach.(8)
Adam J. Sulkowski; Cyber-Extortion: Duties and Liabilities Related to the Elephant in the Server Room;
bepress Legal Series, Working Paper 1935; January 11, 2007. (http://law.bepress.com/expresso/eps/1935) – Avivah Litan
and John Pescatore
(8) Avivah Litan and John Pescatore; Hannaford Case Shows Need for End-to-End Card Data Security; Gartner;
Gartner
March 20, 2008. (http://www.gartner.com/resources/156500/156542/hannaford_case_shows_need_fo_156542.pdf)
BOUNCER by CoreTrace ROI Analysis 2
4. BOUNCER by CoreTrace™
ThREE-YEAR 500-SERvER ImplEmENTATION
Table 1 and Figure 1 compare the TCO for a three-year 500-server (Windows and Solaris)
implementation for Endpoint Security v1.0 vs. BOUNCER’s Endpoint Security v2.0. This
analysis demonstrates that BOUNCER can save an organization $938,085, deliver an ROI of
“2007 will
go down in the
277%,(9) and is forecasted to pay for itself in less than 10 months. record books
as a thoroughly
lousy year for
Table 1. Endpoint Security v1.0 vs. BOUNCER’s v2.0 keeping information
Total Cost of Ownership: Three-Year 500-Server Implementation private. Of the
$198 average cost
of each personal
Year 1 Year 2 Year 3 3-Year ToTal record lost this year,
about $18 was
operaTing CosTs spent on finding
Endpoint Security v1.0 $605,560 $605,560 $605,560 $1,816,680 new customers to
replace those who
Endpoint Security v2.0 $182,565 $182,565 $182,565 $547,695
fled following a
v2.0 Cost (Savings) ($422,995) ($422,995) ($422,995) ($1,268,985) breach—up from
Less BOUNCER Acquisition Cost $330,900 – – $330,900 $14.50 spent
on customer
Net v2.0 Cost (Savings) ($92,095) ($422,995) ($422,995) ($938,085)
acquisition in 2006
v2.0 ROI(9) 277% …Companies are
v2.0 Breakeven Point 9.7 months
also spending more
on public relations
damage control
after data security
incidents: 3% of
data breach costs
are now
Endpoint
associated with
Security SAVINGS ($938,085)
v2.0
post-breach P.R.,
compared with
*
$1 65
65
65
3-Year Total
just 1% last year…
,5
,5
,4
82
82
13
$878,595
$1
“Now that we have
$5
Endpoint these notification
Security 3-Year Total requirements,
$605,560 $605,560 $605,560
v1.0 $1,816,680 we can see
Year 1 Year 2 Year 3
who’s good at this,
*Includes product acquisition cost. and who’s really
awful at this”…
“When a company
Figure 1. Endpoint Security v1.0 vs. BOUNCER’s v2.0 exposes a security
Total Cost of Ownership: Three-Year 500-Server Implementation(10) event to the public,
the cost of lost
business is much
greater than a
regulator’s fine
or lawsuits.
The stakes for
security are
really raised.”(10)
– Andy Greenberg
(9) v2.0 ROI = (v1.0 Operating Costs – (v2.0 Operating Costs – BOUNCER Maintenance and Support Cost)) / Forbes.com
(BOUNCER Acquisition Cost + BOUNCER Maintenance and Support Cost*)
v2.0 ROI = ($1,816,680 – ($547,695 – $198,540)) / ($330,900 + $198,540)
*$198,540 = $132.36 (annual per server; see Table 2) × 500 servers × 3 years.
(10) Andy Greenberg; If Security Is Expensive, Try Getting Hacked; Forbes.com; November 28, 2007.
(http://www.forbes.com/technology/2007/11/27/data-privacy-hacking-tech-security-cx_ag_1128databreach.html)
BOUNCER by CoreTrace ROI Analysis 3
5. BOUNCER by CoreTrace™
ANNUAl COST pER SERvER
Table 2 and Figure 2 compare the annual TCO per server for Endpoint Security v1.0 vs.
“
After several
employees of
BOUNCER’s Endpoint Security v2.0; the methodology and calculations for the line items in the Oak Ridge
Table 2 are discussed thereafter. This analysis demonstrates that BOUNCER can save an National Laboratory
organization $846 per server per year.(11)(12) acknowledged
falling prey to
nefarious emails
Table 2. Endpoint Security v1.0 vs. BOUNCER’s v2.0 that sought to
Total Cost of Ownership: Annual per Server infect their
computers and
endpoinT seCuriTY endpoinT seCuriTY v2.0
steal corporate
operaTing CosTs v1.0 v2.0 CosT (savings)
information, they
were then told…
Patch Management $784.45 $51.98 ($732.47) it had been
Configuration Management and one aspect of a
$167.50 $41.88 ($125.62)
License Auditing “sophisticated
Help Desk Support $81.78 $65.42 ($16.36) cyber attack”
to gain access
Failed-System Recovery $47.26 $4.73 ($42.53)
to several
Lost End-User Productivity $96.92 $9.69 ($87.23) national laboratories
Blacklist Signature Subscriptions $14.31 — ($14.31) and institutions.
No business is
Blacklist Management $18.90 — ($18.90)
immune…Corporate
BOUNCER Maintenance and Support — $132.36 132.36 espionage is big
BOUNCER Management — $59.07 59.07 business. According
to the FBI, such
Total Cost (Savings) $1,211.12 $365.13 ($845.99) theft costs all U.S.
companies between
$24 billion and
$100 billion
annually…about
20 percent of those
Endpoint Security losses are tied to
$365 SAVINGS ($846)
v2.0 cyber threats…
according to a study
by the American
Society for Industrial
Endpoint Security
$1,211 Security and…
v1.0
Pricewaterhouse
Coopers, proprietary
information stolen
Figure 2. Endpoint Security v1.0 vs. BOUNCER’s v2.0 at Fortune 1000
Total Cost of Ownership: Annual per Server(13) companies has
steadily increased
from $24 billion
a year in 1995 to
at least double
that now…Fortune
2000 companies
experience theft
2 or 3 times a year…
adding billions
(11) Assumes a three-year 500-server (Windows and Solaris) implementation.
more in losses.
(12) Assumes the following fully-burdened staff costs per hour: help desk: $27.26, IT: $39.38, and white collar: $48.46.
Salaries for Tier 1 and Tier 2 IT workers and knowledge workers uplifted by a 26% burden rate.
Oftentimes,
they are unaware.(13)
Michael A. Silver, Federica Troni, and Mark A. Margevicius; Desktop Total Cost of Ownership: 2008 Update; Gartner;
January 24, 2008. (http://www.gartner.com/DisplayDocument?id=588719) – Ken Silverstein
(13) Ken Silverstein; Stealing Corporate Secrets; EnergyBiz Insider; February 29, 2008. EnergyBiz Insider
(http://www.energycentral.com/centers/energybiz/ebi_detail.cfm?id=470)
BOUNCER by CoreTrace ROI Analysis 4
6. BOUNCER by CoreTrace™
patch management
Endpoint Security v1.0—Patching events for security vulnerabilities average twice a month
and each event (which may include multiple patches) requires 0.83 IT staff hours per server.(14)
“
Attackers use
exploit code
Each patch event entails intrusion detection and identification of compromised systems after provided by tools
disclosure of a vulnerability, threat assessment, patch retrieval, assembly and testing, patch such as Metasploit,
deployment, and, if necessary, failure resolution. which helps people
BOUNCER’s Endpoint Security v2.0—Zero-day threats no longer necessitate patching create exploits
immediately upon notification of a security vulnerability. Patching can be conducted on a quarterly (attacks) quickly and
basis instead of reactively, several times a month. In addition, time required per patching event easily, and Fuzzers,
can be reduced by up to 60% because many steps are greatly simplified or no longer necessary. which attack servers
For example, the patching process no longer has to include time to detect intrusions, identify with millions of
compromised systems, and perform risk analysis and make an impact assessment. permutations of
code searching
Table 3. Endpoint Security v1.0 vs. BOUNCER’s v2.0—patch management for weaknesses…
With these tools,
paTChing evenTs iT sTaff Time iT sTaff CosT ToTal
attackers find
(#/server/Year) (hours/evenT) ($/hour) ($/server/
any number of
endpoinT seCuriTY Year)
vulnerabilities and
v1.0 24 × 0.83 × $39.38 = $784.45 create and deploy
v2.0 4 × 0.33 × $39.38 = $51.98 attacks before their
patches are
v2.0 Cost (Savings) 20 × 0.50 × $39.38 = ($732.47) released. Tools…
are helping attackers
create about a
Configuration Management and License Auditing hundred new viruses
Endpoint Security v1.0—Blacklisting strategies do not stop configuration drift (the addition every few minutes…
of applications by end users) and frequent patching also increases the need for configuration security software
management. Furthermore, regular license auditing is also required to protect an organization can’t keep up. Plus,
from the legal risks of software license infringement. IT staff time required for configuration SMEs can’t always
management and license auditing per server per year is 4.25 hours.(15) apply patches right
away because
BOUNCER’s Endpoint Security v2.0—True endpoint security delivered by BOUNCER attackers are finding
eliminates the need for configuration management and license auditing to counter configuration vulnerabilities in the
drift and rogue applications. Use is reduced to satisfying compliance requirements, saving 75% patches themselves
of time previously required for these management functions.(16) and attacking
Table 4. Endpoint Security v1.0 vs. BOUNCER’s v2.0—Configuration Management and those, too…This
license Auditing leaves enterprises
vulnerable to at
iT sTaff Time iT sTaff CosT ToTal least some attacks
endpoinT seCuriTY (hours/server/Year) ($/hour) ($/server/Year) no matter what they
v1.0 4.25 × $39.38 = $167.50 do…Attackers are
too well-informed
v2.0 1.06 × $39.38 = $41.88
and exploits
v2.0 Cost (Savings) 3.19 × $39.38 = ($125.62) are multiplying
too fast for the
current system
of downloading
patches to be
sufficiently effective
by itself. SMEs
are all too often
(14) Average weighted time for patching events for Windows and OSS servers (both database and nondatabase servers)
calculated at 0.83 hours. vulnerable to attacks
Theo Forbath, Patrick Kalaher, and Thomas O’Grady; The Total Cost of Security Patch Management:
no one is aware of
A Comparison of Microsoft Windows and Open Source Software; Wipro Technologies Ltd.; April 2005. until they strike.(16)
(http://download.microsoft.com/download/1/7/b/17b54d06-1550-4011-9253-9484f769fe9f/TCO_SPM_Wipro.pdf)
– David Geer
(15) CoreTrace analysis based on customer interviews and industry publications.
Processor
(16) David Geer; The Patch Window is Closing; Processor, Volume 30, Issue 24; June 13, 2008.
(http://www.processor.com/editorial/article.asp?article=articles%2Fp3024%2F32p24%2F32p24.asp)
BOUNCER by CoreTrace ROI Analysis 5
7. BOUNCER by CoreTrace™
help Desk Support
Endpoint Security v1.0—An organization’s IT help desk can expect one call per end-user per
server per year; with a call averaging 0.15 hours. With an average ratio of 20 end-users per
server, a 500-server implementation can expect 10,000 help desk calls per year.(17) “Our legacy
security model is
BOUNCER’s Endpoint Security v2.0—IT surveys indicate that 75% of help desk calls are for reactive…
routine requests such as forgotten passwords, how-to information, install/move/add/changes, It’s the digital
support-specific service offerings, and hardware failures. However, 25% may be caused version of closing
directly or indirectly by lack of endpoint security such as failures from security breaches, or the barn door after
performance and instability problems caused by rogue applications and configuration drift.(18) the horse gets out.
Enforcing endpoint security with BOUNCER can reduce help desk call load by 20%.(19) To make things
Table 5. Endpoint Security v1.0 vs. BOUNCER’s v2.0—help Desk Support worse, the gap is
collapsing between
help desk help desk help desk ToTal the publication of a
Calls sTaff Time sTaff CosT ($/server/ new vulnerability
endpoinT seCuriTY (Calls/server/Year) (hours/Call) ($/hour) Year) and the appearance
v1.0 20 × 0.15 × $27.26 = $81.78 of an exploit that
takes advantage
v2.0 16 × 0.15 × $27.26 = $65.42 of it. More alarming
v2.0 Cost (Savings) 4 × 0.15 × $27.26 = ($16.36) still, our window
to react to such
exploits is
Failed-System Recovery shrinking.
We must instead
Endpoint Security v1.0—Without true endpoint security, 1 in 10 servers is likely to be impacted adopt a proactive
by a security breach in a year. Recovery of the failed or compromised server can take up to security model that
12 hours for systems with standby hardware and data replication and much more than 12 hours neutralizes attack
for recovery from traditional tape backup.(20) vectors before a
BOUNCER’s Endpoint Security v2.0—With BOUNCER-secured endpoints, the projected true crisis occurs…
system-failure rate attributable to a security breach is reduced by 90% to 1 in 100.(21) Malicious code
can weaken
Table 6. Endpoint Security v1.0 vs. BOUNCER’s v2.0—Failed-System Recovery network defenses—
opening backdoors,
seCuriTY BreaChes iT sTaff Time iT sTaff CosT ToTal
stealing files or
(proBaBiliTY/ (hours/ ($/hour) ($/server/
confiscating
endpoinT seCuriTY server/Year) BreaCh) Year)
passwords—
v1.0 10% × 12.0 × $39.38 = $47.26 and pave the way
v2.0 1% × 12.0 × $39.38 = $4.73 for a secondary
attack. Who has
v2.0 Cost (Savings) 9% × 12.0 × $39.38 = ($42.53) time to run
exhaustive
security audits—
checking files’
integrity, changing
passwords,
etc.—after network
infections?…
And the most
critical component
(17) CoreTrace market research shows that the help desk call rate averages one call per seat per year, and for your first line
the average ratio of seats or end users per server is 1 to 20. of defense is
(18) SupportSoft Press Release; Employee Forgetfulness Causes Most Calls Into IT Help Desk; March 5, 2007. proactive security.(21)
(http://supportsoft.mediaroom.com/index.php?s=press_releases&item=414)
(19) CoreTrace analysis based on customer interviews and industry publications. – Gregor Freund
cnet.com
(20) Carla Safigan; Disaster Recovery for the Masses—The Role of OS-Level Server Virtualization in Disaster Recovery;
Computer Technology Review; May 2, 2006.
(http://www.wwpi.com/index.php?option=com_content&task=view&id=1151&Itemid=44)
(21) Gregor Freund; Security—why don’t we get it?; cnet.com; November 4, 2003.
(http://news.cnet.com/Security--why-dont-we-get-it/2010-7355_3-5101632.html)
BOUNCER by CoreTrace ROI Analysis 6
8. BOUNCER by CoreTrace™
lost End-User productivity
Endpoint Security v1.0—When a server fails, on average 20 end-users’ ability to perform their
job is impacted.(22) If the organization has a business continuity plan, these end-users are out of
“
Your company
just suffered a
operation on average only 1 hour instead of the 12 hours required to restore the server.(23) data breach.
If you’re wondering
BOUNCER’s Endpoint Security v2.0—With BOUNCER, lost productivity due to system what to do next,
failures caused by security breaches is reduced by 90%. it’s already too late
Table 7. Endpoint Security v1.0 vs. BOUNCER’s v2.0—lost End-User productivity …it’s time to ask
the tough questions:
seCuriTY end losT end- ToTal why did it happen,
BreaChes users end-user user and whose head
produCTiviTY CosT should be on a
(proBaBiliTY/ (#/ (hours/ ($/hour) ($/server/ platter?…
endpoinT seCuriTY server/Year) server) BreaCh) Year) In short, when it
v1.0 10% × 20 × 1.0 × $48.46 = $96.92 comes to preventing
security breaches…
v2.0 1% × 20 × 1.0 × $48.46 = $9.69 “It’s not just a
v2.0 Cost (Savings) 9% × 20 × 1.0 × $48.46 = ($87.23) security problem;
it’s a management
issue.”(26)
Blacklist Signature Subscriptions
– Mathew Schwartz
Endpoint Security v1.0—Annual subscription to blacklist signature services is required.(24) IT Compliance Institute
BOUNCER’s Endpoint Security v2.0—Not applicable.
Table 8. Endpoint Security v1.0 vs. BOUNCER’s v2.0—Blacklist Signature Subscriptions “
Several major
security vendors
ToTal BlaCklisT signaTure suBsCripTions
have failed the latest
endpoinT seCuriTY ($/server/Year)
VB100 antivirus
v1.0(24) $14.31 test…which
v2.0 – requires antivirus
tools to correctly
v2.0 Cost (Savings) ($14.31) identify 100 active
malware samples
collected from the
Blacklist management internet…“Threats
Endpoint Security v1.0—Blacklist management requires an average of 0.48 IT staff hours per that several vendors
server annually (update blacklists, perform scans, and monitor scan results).(25) failed to detect in
this test have been
BOUNCER’s Endpoint Security v2.0—Not applicable.(26)(27) circulating in the
Table 9. Endpoint Security v1.0 vs. BOUNCER’s v2.0—Blacklist management real world for some
months now”…“It is
iT sTaff Time iT sTaff CosT ToTal disappointing to see
endpoinT seCuriTY (hours/server/Year) ($/hour) ($/server/Year) so many products
v1.0 0.48 × $39.38 = $18.90 tripping up over
threats that are not
v2.0 — × — = —
even new. Computer
v2.0 Cost (Savings) 0.48 × $39.38 = ($18.90) users should be
getting a better
(22) CoreTrace market research shows that the average ratio of seats or end users per server is 1 to 20. service from their
(23) Carla Safigan; Disaster Recovery for the Masses—The Role of OS-Level Server Virtualization in Disaster Recovery; antivirus vendors
Computer Technology Review; May 2, 2006. than this.” Among
(http://www.wwpi.com/index.php?option=com_content&task=view&id=1151&Itemid=44)
the companies that
(24) Symantec Endpoint Protection 11.0: annual maintenance price for 500 systems. (http://www.symantec.com)
failed were McAfee
(25) CoreTrace analysis based on customer interviews and industry publications.
and Trend Micro.(27)
(26) Mathew Schwartz; Data Breach Damage Control; IT Compliance Institute; May 16, 2007.
(http://www.itcinstitute.com/display.aspx?id=1731) – Shaun Nichols
(27) Shaun Nichols; Big names fail VB100 antivirus test; vnunet.com; April 4, 2008. vunet.com
(http://www.vnunet.com/vnunet/news/2213530/big-names-fall-vb100-test)
BOUNCER by CoreTrace ROI Analysis 7
9. BOUNCER by CoreTrace™
BOUNCER maintenance and Support
“
A CFO at a
Fortune 1000
company holds
Endpoint Security v1.0—Not applicable.(28) his cursor over
BOUNCER’s Endpoint Security v2.0—Industry standard maintenance and support for an e-mail that
BOUNCER includes technical assistance, software maintenance (i.e., updates and upgrades), appears to be from
and an extended hardware warranty. a direct report…
Now the
Table 10. Endpoint Security v1.0 vs. BOUNCER’s v2.0—BOUNCER maintenance and cybercriminal is in
Support position to launch
an attack that
ToTal
will allow him to
BounCer mainTenanCe and supporT
mine the CFO’s
endpoinT seCuriTY ($/server/Year)
hard drive for
v1.0 – credit card numbers,
v2.0 $132.36 passwords to
corporate databases
v2.0 Cost (Savings) $132.36 or other proprietary
information. In
one click, the
BOUNCER management CFO is going to
Endpoint Security v1.0—Not applicable. have himself a big
problem. If you’re
BOUNCER’s Endpoint Security v2.0—On an annual basis, CoreTrace estimates that it will his IT manager,
take 1.5 IT staff hours per server to implement and manage BOUNCER. Tasks included in you’re going to have
the 1.5 IT staff hours are initial policy generation and distribution, daily review of reports, and one too. If…credit
policy modifications. This cost is more than offset by the true endpoint security delivered by card phishers are
BOUNCER and the substantial cost savings made possible by BOUNCER. the carpet-bombers
Table 11. Endpoint Security v1.0 vs. BOUNCER’s v2.0—BOUNCER management of computer crime…
C-level attackers
iT sTaff Time iT sTaff CosT ToTal are the snipers…
endpoinT seCuriTY (hours/server/Year) ($/hour) ($/server/Year) the attackers have
v1.0 – × – = – taken effort and
time finding and
v2.0 1.5 × $39.38 = $59.07
researching…
v2.0 Cost (Savings) 1.5 × $39.38 = $59.07 they [send] an e-mail
from outside but
make it look like it’s
Summary coming from inside
the company…the
Not only does BOUNCER’s superior Endpoint Security v2.0 technology provide true endpoint vehicle for the
security, but it does so at a significant savings of $938,085 over Endpoint Security v1.0 solutions Trojan is a Word or
(assumes a three-year 500-server [Windows and Solaris] implementation)—an $846 savings Excel file containing
per server per year. Moreover, this BOUNCER implementation is forecasted to pay for itself in the exploit…seen
less than 10 months and it has an ROI of 277%. cases where the
exploit code is
modified just
enough to go
undetected by the
particular antivirus
program the target
company is running
—and the hackers
have done the work
of finding out just
what those
programs are.(28)
– Barbara Darrow
(28) Barbara Darrow; Is Your CEO a Cybercrime Target?; Computerworld.com; November 06, 2007. Computerworld.com
(http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9045564&pageNumber=1)
BOUNCER by CoreTrace ROI Analysis 8