The ROI of ThreatForce

Demonstrating the ROI of security investments has long been a challenge for SecOps teams. If an organization as a whole doesn’t put emphasis on such an investment the battle to prove its worth is always uphill because most will view it as intangible. We believe this narrative needs to be re-written. Security investments are quite tangible when you put the right light on them. ThreatForce is such a light.

According to the relatively recent Ponemon Study – Costs and Consequences of Gaps in Vulnerability Response, industry benchmarks state that over 400 hours per week (or 10.5 FTEs) are required to work on detection, remediation, documentation, reporting, and coordination between teams. That’s to do the job correctly. Given the resource constraints that most security teams have to face, only a small percentage of companies can boast that they get to spend this amount of time working on vulnerabilities. If you take this stat to your executive team and try to make the case that you need 10.5 total employees for this security function you’ll likely be laughed out of the room. 

Let’s do some simple math here to help change this narrative. Assume on average that one of these security FTE hires commands a salary of 130k a year. Tack on a 1.2x multiplier to factor in benefits. That’s a total FTE invest of $1,638,000 a year for your 10.5 headcount. That is the not-so-small number that will get you laughed out of that room full of executives. However, the sole addition of head count is not the best way to approach this conversation for getting additional critical resources. Nor is it the best way to accomplish this security function. This is where ThreatForce comes in.

A product like ThreatForce provides a robust summary of information related to vulnerability results with correlation and links to:

• Exploit-DB and Metasploit DB of exploits
• All related patch links under different vendors covering Linux, Unix, Windows, and mobile OS flavors.
• Snort and Suricata IDS signatures
• Correlated DB of malware and exploit kits
• CWE, CPE, CAPEC and OVAL related links.
• CVSS score and related components
• Date published
• OS
• Attack vector

AKA ThreatForce makes the job of vulnerability prioritization and management a much leaner and efficient operation. To put it simply, you won’t need the same headcount if a tool like ThreatForce is in play. Combine ThreatForce capabilities with everything else that the UVRM platform can do (ITSM automation, asset discovery, reporting, etc.) and you’re looking at about a 70% reduction in the amount of time necessary to perform all the critical operations expected of a Vulnerability Management team.

Back to our math model. What was originally a necessary $1,638,000 yearly investment into headcount alone, now instead looks like a $491,400 yearly investment for a team the fraction of the size. Factor in the costs of the UVRM/ThreatForce platform (on average $358,000 a year) and your total investment comes out to $849,400, just under half the expense you were originally looking to argue the case for. Now this is just a portion of the ROI case to be made. Once you take into account the amount a typical data breach costs a company and the additional operational efficiencies you get from UVRM/ThreatForce, you start to paint a very ROI positive net return when you invest in such a platform.

To learn more about ThreatForce/UVRM or get the full financial ROI picture, we invite you to schedule a demo with us.