CUPERTINO, Calif., Feb. 06, 2018 (GLOBE NEWSWIRE) -- Bromium®, Inc., the pioneer and leader in application isolation using virtualization-based security, today announced the findings of an independent global survey uncovering the surging hidden costs of reactive, detection-based security intended to protect the organization. The initial, upfront licencing and deployment investment in security-detection tools like anti-virus is dwarfed by the cost of human skills and effort to manage and assess the millions of alerts and false-positive threat intelligence generated. The research, based on a survey of 500 CISOs from global enterprises, is part of a wider report: The Hidden Costs of Detect-to-Protect.
Key findings include:
“Detection requires a patient zero – someone must get owned and then protection begins. Yet, because of this, rebuilds are unavoidable; false positives balloon; triage becomes more complex and emergency patching is increasingly disruptive,” said Gregory Webb, CEO, Bromium. “It’s no surprise that 63 percent of the CISOs we surveyed said they’re worried about alert fatigue. Our customers tell us their SOC teams are drowning in alerts, many of which are false positives, and they are spending millions to address them.
“Meanwhile, advanced malware is still getting through because cyber criminals are focusing on the weak spots like email attachments, phishing links and downloads. This is why organizations must consider the total cost of ownership when making security investments, rather than just following the detect-to-fail crowd.”
The research shows that organizations are investing in multiple security layers to defend against hackers, including: Advanced Threat Detection (annual spend $159,220); next-generation and traditional anti-virus (annual spend $44,200); whitelisting and blacklisting ($29,540 annual spend), and detonation environments ($112,340 annual spend). However, these technologies are dependent on detection first, and therefore are fundamentally flawed and only stop the known.
Organizations expect the associated upfront costs for a security stack, however, as the research shows, the total cost of ownership is much higher than expected. During evaluations CISOs need to be asking questions that uncover the hidden costs, such as:
“Application isolation provides the last line of defense in the new security stack and is the only way to tame the spiralling labor costs that result from detection-based solutions,” Webb concludes. “Application isolation allows malware to fully execute, because the application is hardware isolated, so the threat has nowhere to go and nothing to steal. This eliminates reimaging and rebuilds, as machines do not get owned. It also significantly reduces false positives, as SOC teams are only alerted to real threats. Emergency patching is not needed, as the applications are already protected in an isolated container. Triage time is drastically reduced because SOC teams can analyze the full kill chain.”
For more information about Bromium and to view the infographic and report, please click here.
The research was conducted by researchers at Vanson Bourne. The sample consisted of 500 CISOs from large enterprises sized from 1,000 to 5,000+ employees, across the USA (200), UK (200) and Germany (100).
About Bromium, Inc.
Bromium protects your brand, data and people using virtualization-based security. We convert an enterprise’s largest liability - endpoints and servers - into its best defense. By combining our patented hardware-enforced containerization to deliver application isolation and control, with a distributed Sensor Network to protect across all major threat vectors and attack types, we stop malware in its tracks. Unlike traditional security technologies, Bromium automatically isolates threats and adapts to new attacks using behavioral analysis and instantly shares threat intelligence to eliminate the impact of malware. Bromium offers defense-grade security and counts a rapidly growing set of Fortune 500 companies and government agencies as customers.
Visit Bromium: https://www.bromium.com
Read the Bromium blog: http://blogs.bromium.com/
Follow Bromium on Twitter: https://twitter.com/bromium
Follow Bromium on LinkedIn: https://www.linkedin.com/company/bromium
+020 7436 0420
1 $345,300 cost is based on average 2,000-person organization
2 Workforce costs calculated based on average hourly rate of $39.24 for cybersecurity professional