the roi on intrusion prevention: protecting both your network & investment

© 2015 IBM Corporation

The Total Economic Impact™ of IBM Security Network Protection (XGS)

Ben HarrisBusiness Technology Strategy ConsultantForrester Consulting

Paul GriswoldProgram Director, Strategy & Product ManagementThreat Protection & X-ForceIBM Security

The ROI on Intrusion Prevention: Protecting Both Your Network & Investment

2© 2015 IBM Corporation

Threat Management.NEXTNew protection and integration capabilities

to stay ahead of the threat

Advanced Malware DefenseBlocks malware

infections on the

network

The history of IBM Security Network Protection (XGS)Evolving beyond intrusion prevention to provide greater value

SSL InspectionProtects against attacks

hidden inside encrypted

trafficURL/App Control

Protects users from visiting

risky siteson the web

Web App ProtectionHeuristically protects

against common app-based

attacksBehavioral Defense

Protects against attacks basedon behavior, not specific

vulnerabilities

Intrusion PreventionProtects

attacks on vulnerabilities,

not exploitsIntrusion

Detection

Evo

lutio

n ba

sed

on c

lient

nee

ds

1997+ 2002+ 2005+ 2008+ 2012+ 2013+ 2014+ Future


XGS appliance models

IBM Network Protection XGS

Capabilities per Model XGS 3100 XGS 4100 XGS 5100 XGS 7100 XGS Virtual

Inspected Throughput Up to 800 Mbps Up to 1.5 Gbps Up to 7.0 Gbps Up to 25 Gbps Up to 1 Gbps

Flexible Performance Levels 400 and 800 Mbps

750 Mbps and

1.5 Gbps 2.5, 4.0,

5.5, and 7.0 Gbps 5, 10, 15,

20, and 25 Gbps600 Mbps and

1 GBps

Inspected Throughput (with SSL/TLS)

Up to 500 Mbps (in)Up to 400 Mbps (out)

Up to 900 Mbps (in)Up to 700 Mbps (out)

Up to 4.5 Gbps (in)Up to 2.5 Gbps (out)

Up to 12 Gbps (in)Up to 7.5 Gbps (out)

Up to 500 Mbps (in)

Up to 400 Mbps (out)

Pluggable Network Interface Modules 0 1 2 4 0

Protected Segments 2 Up to 6 Up to 10 Up to 16 Up to 4

XGS 5100

XGS 4100

XGS 7100

XGS 3100


In the past two years, IBM has introduced:

Five new XGS models, covering throughput from 400 Mbps to 25 Gbps + virtual environments

On-appliance inbound and outbound SSL inspection

IP reputation, including intelligence from 270M hosts via Trusteer

Industry-first Flexible Performance Licensing, allowing customers to increase inspected throughput via a software license

IBM Threat Protection System, including integrations with IBM products + FireEye, Damballa, and Trend Micro (with more to come)

Enhanced QRadar integration, including layer 7 flow data and right-click quarantine to block operator-detected threats

OpenSignature support, which allows users to detect and block custom traffic patterns using the SNORT syntax


Ahead of the Threat Protection by IBM X-Force

ShellshockCVE 2014-6271

MS OLE Remote Code ExecutionCVE-2014-6332

MS SharePoint Priv EscalationCVE-2015-1640

IE Cross-Domain Info DisclosureCVE-2015-0070

Cisco PrimeSQL InjectionCVE-2015-6350

DisclosedIBM Protection

2007 2015

Sept 2014Jun 2007

(10 other vulnerabilities covered)

Shell_Command_Injection7.3 years ahead

Oct 2014

6.8 years ahead(201 other vulnerabilities covered)

CompoundFile_Shellcode_DetectedFeb 2008

Apr 2015

(31 other vulnerabilities covered)

HTTP_HTML_Tag_InjectionNov 2008

6.4 years ahead

Feb 2015Nov 2008

(10,000+ other vulnerabilities covered)

Cross_Site_Scripting

6.3 years ahead

Oct 2015Jun 2007

(9,500+ other vulnerabilities covered)

SQL_Injection6.9 years ahead


Backed by the reputation and scale of IBM X-Force

IBM X-Force Exchange

Research and collaboration platform and API

Security Analysts and Researchers

Security Operations Centers

(SOCs)

Security Products and Technologies

OPENa robust platform with access to a wealth of threat intelligence data

SOCIALa collaborative platform for sharing threat intelligence

ACTIONABLEan integrated solution to help quickly stop threats

A new platform to consume, share, and act on threat intelligence

IBM X-Force Exchange is:

Try it today at http://xforce.ibmcloud.com


Learn more about IBM Security Network Protection (XGS)

countries where IBM delivers managed security services

industry analyst reports rankIBM Security as a LEADER

enterprise security vendor in total revenue

clients protectedincluding…

130+

25No. 1

12K+

90% of the Fortune 100 companies

Visit the website IBM Security Network Protection

Watch the videosIBM Security Network Protection

Read new blog postsSecurityIntelligence.com

Follow us on Twitter@ibmsecurity

Join IBM X-Force Exchangexforce.ibmcloud.com

http://www.ibm.com/software/products/en/subcategory/infrastructure-protection

https://www.youtube.com/playlist?list=PL875ACE56207037A4

http://www.ibm.com/software/products/en/subcategory/infrastructure-protection

https://www.youtube.com/playlist?list=PL875ACE56207037A4

http://securityintelligence.com/

http://www.twitter.com/ibmsecurity

http://xforce.ibmcloud.com/

© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOUwww.ibm.com/security

http://www.ibm.com/security

http://www.ibm.com/security

The Total Economic Impact™ Of IBM Security Network Protection (XGS) WebinarForrester Consulting

Ben HarrisConsultantFebruary 10, 2016

© 2016 Forrester Research, Inc. Reproduction Prohibited11

Source: The Total Economic Impact of IBM Security Network Protection (XGS), February 2016

Agenda

›What is TEI?›Executive summary›Analysis›Financial summary›Question and answer

Please note:This slide presentation is an abridged, graphical, and complementary representation of a case study.

For a full explanation of methodology and details on model calculations, please refer to the full case study IBM Security Network Protection (XGS) February 2016

© 2016 Forrester Research, Inc. Reproduction Prohibited 12

What is TEI?Background and methodology


Source: The Total Economic Impact™ Of IBM Security Network Protection (XGS), February 2016

“Next level” business case justifications are increasingly vital for critical investments

Somewhat important

33%

Somewhat unimpor-

tant4%

Not at all important

3%

Very important60%

TCO ROI TEI

IT ImpactIT costs

IT cost savings

Business Impact

User efficiency

Business effectiveness

Risk/ uncertainty

Risk mitigation

Risk versus reward

Strategic Impact

Scalability

Flexibility Base: 825 IT decision-makers at North American enterprises

Do I need a business case? What is an effective business case?• Over 90% of IT decision-makers

find value in a business case• TEI adjusts for risks and factors the flexibility

of a product into the case study



The TEI framework centers on quantifying benefits, capturing costs, evaluating flexibility, and adjusting risk

Benefits

Costs

Flexibility

Total Economic ImpactTM

(TEI)

Risk



The TEI approach involves key stakeholders at Forrester, IBM, and IBM’s customers

Perform due diligence

Conduct customer interview

Construct financial

model

Write case study

Deliver webinar

• Consult Forrester Analyst

• Interview IBM stakeholders

• Interview with IBM customer

• Collect data

• Populate model

• Describe the model

• Review with interviewee

• Webinars• Presentation



Disclosures

The audience should be aware of the following:› This document is an abridged webinar version of a full case study (Forrester Total Economic

Impact of IBM Security Network Protection (XGS), February 2016).

› The study is commissioned by IBM and delivered by the Forrester Consulting group.

› Forrester makes no assumptions as to the potential return on investment that other organizations will receive. Forrester strongly advises that readers should use their own estimates within the framework provided in the report to determine the appropriateness of an investment in IBM

› IBM reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

› The customer name for the interview was provided by IBM.

› Forrester does not endorse IBM.


Executive summaryHigh level findings



XGS delivers security and performance as well as an attractive ROI

Return on Investment: 340%

Net Present Value: $1,075,592

Payback Period: 1.9 months

Based on an analysis of IBM XGS’s customer feedback, Forrester has determined XGS has the following three-year risk-adjusted financial impact:

EXECUTIVE SUMMARY

XGS Interviewed organization Robust security and desirable performance


AnalysisInterview highlights and model



Forrester interviewed one organization, who shared their challenges and objectives prior to using XGS

Small security team Required high availability

Network performance critical Security attacks common to region



The interviewed organization noted several key results from its investment in XGS

“Choosing XGS was a no-brainer because of the ability to utilize the SSL decryption for inbound traffic.”

- Deputy chief security officer

“Configuring the rules is incredibly easy.”


“We deployed the configuration that actually blocks the regions that are known for their hostility against our country’s organizations.”




The interviewed organization quantified key benefits resulting from its investment in XGS

NETWORK PERFORMANCENo degradation in

network speed

SECURITYFinancial impact of

a breach

AVAILABILITYHighly available

network

MANAGEMENT &

CONFIDENCEManage access and traffic from

one solution



Network performance with robust security

• XGS allows for high productivity without additional network tuning

• Hardware and software is a one-time metric

Metric Year 1 Year 2 Year 3

Total population 2500 2500 2500

% of population affected 15% 15% 15%

Time impacted 40 40 40

Productivity factor 20% 20% 20%

FTE cost per hour $60 $60 $60

FTE cost avoidance of network tuning $150,000 $150,000 $150,000

Current HW & SW solution costs, including maintenance (already purchased) $200,000

Network performance $530,000 $330,000 $330,000

Network per-formance

73%

Three-Year Benefit



The cost avoidance of a security breach

• Assuming one breach in a three-year period

• Reflects benefit realization in the first year


Cost of an incident $15,400,000

Probability of breach 9.000%

% reduction 20%

Security $277,200

Security $277,200

Security17%

Three-Year Benefit



What availability means

• Lost revenue and % reduction are key drivers

• Variables are based on research


Lost revenue $1,570,000 $1,570,000 $1,570,000

Regulatory fines related to downtime $125,000 $125,000 $125,000

Probability of breach 3.000% 3.000% 3.000%

% reduction 20% 20% 20%

Availability $10,170 $10,170 $10,170

Availability2%

Three-Year Benefit



Benefits to the technology executives

• Extends security team by taking security policy updates away

• Allows the team to control access simply yet effectively


FTE cost avoidance of managing security policies $150,000 $150,000 $150,000

% reduction 30% 30% 30%

Management and confidence $45,000 $45,000 $45,000

Management & Confidence

8%

Three-Year Benefit



Traditional hardware and licensing cost structure

29%

16%27%

28%

Hardware -- $101,352

Initial costs• $101,352

Ongoing costs• N/A

Licensing fees -- $57,680

Initial costs• N/A

Ongoing costs• $57,680 in year 2



Modest maintenance and implementation costs

29%

16%27%

28%

Maintenance -- $95,584

Initial costs• $22,248

Ongoing costs• $36,668 in years 2 & 3

Implementation -- $100,000

Initial costs• N/A

Ongoing costs• $75,000 in year 1• $25,000 in year 3



In addition to benefits and costs, TEI includes potential future “flexibility” options

Flexibility, as defined by TEI, represents the opportunity to make an investment in additional capacity or capability that could be turned into future business benefit:› SLL encryption inspection

› Geo-blocking


Financial summaryResults



The three-year cash flow for XGS shows a ROI of 340%, a NPV of over $1M, and a payback period of 1.9 months

Initial Year 1 Year 2 Year 3($200,000)

$0

$200,000

$400,000

$600,000

$800,000

$1,000,000

$1,200,000

$1,400,000

Financial Analysis (risk-adjusted)

Total costs Total benefits Cumulative total

Cas

h flo

ws

Cash Flow Analysis

Summary Initial Year 1 Year 2 Year 3 TotalPresent Value

Total costs ($123,600) ($75,000) ($94,348) ($61,668) ($354,616) ($316,087)

Total benefits $0 $862,370 $385,170 $385,170 $1,632,710 $1,391,679

Total ($123,600) $787,370 $290,822 $323,502 $1,278,094 $1,075,592

ROI 334% 340%

Payback period (months) 1.9


Question and answer

Thank you

forrester.com

Ben Harris+1 [email protected]