In a nutshell, FDR closes the end-user security gap. And, closing this gap has tangible and substantial business, security personnel and SOC ROI benefits.
Direct Benefits from Stopping File-borne Breaches and Incidents
First and foremost, FDR saves organizations from the costs associated with file-borne malware, ransomware, exploits, phishing lures, scams, fraud, and data loss breaches and incidents. As examples, according to the Ponemon Institute in 2021:
Average Total Cost
(detection and escalation, notification, post breach response and lost business)
|Business Email Compromise (BEC)||$5.01M|
Direct Benefit to Automated Threat Hunting
Second, FDR saves massive amounts of time for seasoned, experienced, and supply-limited SOC analysts and threat hunters. Further, its game-changing automation features enable less skilled or experienced personnel to move 'up stack' increasing job satisfaction, lowering SOC costs and helping to substantially expand the pool of much needed security talent. According to ZipRecruiter, the average threat hunter salary in July of 2022 is $105,247. Anything that can be done to focus their time and energy on quality leads backed by current, accurate and complete threat analysis is money in the bank - not to mention that making threat hunting more efficient reduces the daily grind of pining away on false positives and insignificant alerts, thus improving morale and productivity. The challenge is just as formidable for SOC analysts. Large organizations deal with hundreds, thousands or 10's of thousands of alerts per second. Considering that as many as 50% of those alerts are false positives, and another significant percentage lack severity, it's no wonder why SOC ROI suffers and SOC personnel face burnout far too soon. Finally, the average time to identify and contain a data breach in 2021 was 287 days. Without question, SOC analysts and threat hunters are missing a full detection and response toolset if the average time to identify and contain a breach is nearly a year.
FDR provides direct benefit to the SOC analyst and threat hunter challenges below:
- Enables existing SOC personnel to find the real threats, attacks, breaches, and data exfils without wasting time on false positives or threats of low severity
- Saves massive amounts of analyst time stripping malware down to its very essence
- Collapses analysis time to understand/act
- Frees staff time for higher order work
- Reduces analyst alert fatigue
- Eliminates irrelevant, time-wasting work
- Short learning curve for busy staff
- Simplifies analyst daily grind
- Cloaked hunters have a distinct man-machine advantage over adversaries
Direct Benefit to Overall SOC ROI
Third, cybersecurity - in its entirety - is a greater effort than stopping breaches, incidents, and improving the productivity of short-staffed, overworked resources. The sheer economics of securing organizations cost-effectively will forever be a boardroom topic. Clearly, if a given organization had unlimited capital, labor and automation/integration ability, it could sharply reduce its attack surface, build formidable defense-in-depth, and acquire/retain the necessary human capital to investigate and respond to each and every alert. But this is a pipe dream. The reality, according to Deloitte, is the average organization spends only about 10% of their IT budget on cybersecurity, which equates to roughly 0.5% of company revenue. This creates an obvious dilemma. No CISO wants to be a headline story for a security incident, especially when a single incident can cost $4M-$5M on average. And that number rises precipitously with organizational size and revenue.
Above and beyond FDR's unique and powerful approach to stopping file-borne breaches and incidents, as well as dramatically improving threat hunting for attacks that have circumvented defenses, FDR also provides substantial benefit by reducing cybersecurity capital spend, reducing operating costs, and driving up the efficacy and value of adjacent security solutions:
- FDR Collector and Manager appliances collect, process and analyze network traffic at rates from 100 Mbps to 40 Gbps and beyond - in a single RU per appliance regardless of link speed. Relative to other traffic capture and analysis appliances, this represents a substantial capital and operating cost savings in rack unit space, power and cooling
- InQuest Labs' continuous harvesting, de-duping, parsing, augmenting, and scoring of internal/proprietary, public, and private 3rd party threat intel not only preserves human capital time and energy, but also provides ultra-high fidelity threat intel back out to SIEMs and policy enforcement engines - operational intelligence they are simply incapable of producing on their own
Driving down the cost of two of the most expensive elements of cybersecurity - collecting terabits of raw data cost-effectively, and automatically distilling threat intelligence into the essence required by man and machine to take fast, corrective action - is a direct boost to any organization's overall return on the security dollar.