Chapter 2: Security investment strategies: The art and science of calculating security ROI

In the dynamic realm of cybersecurity, security leaders and decision-makers are often tasked with making pivotal choices regarding security investments. These decisions can significantly impact an organization’s security posture, resilience, and overall productivity. This chapter delves into the intricate art of understanding the holistic value of new security investments, emphasizing VMRay’s ROI-focused approach to revolutionizing security operations.

VMRay’s ROI Study: Boosting SOC Productivity

In the quest for robust security solutions, an organization’s Security Operations Center (SOC) plays a pivotal role. VMRay’s journey towards innovation in email security took a compelling turn when they embarked on a study to measure Return on Investment (ROI) through improved SOC productivity.

One remarkable case study featured a customer who harnessed VMRay’s API integration for email security alongside their Endpoint Detection and Response (EDR) system. With a sprawling network of 10,000 endpoints, this organization’s SOC team was facing a daunting challenge. Before the integration, they dedicated a staggering 125 hours per week to sifting through phishing alerts. However, the introduction of VMRay’s advanced capabilities led to a paradigm shift. The SOC team’s arduous task was streamlined, and the time spent on phishing alerts plummeted to a mere 12.5 hours—a remarkable reduction of 90%.

For EDR, the improvement was equally substantial, with a 70% reduction in the time spent, despite a considerable decrease in their initial workload. These tangible results underscore VMRay’s commitment to enhancing SOC productivity and justifying security investments with measurable ROI.

The quest for maximum return: What to look for in a security tool

In a landscape where security investments are the lifeblood of cyber resilience, decision-makers face the complex task of determining where to allocate resources for maximum return. The challenge lies in the absence of actuarial tables or precise metrics to gauge ROI in security. However, Joel Fulton’s astute observation sheds light on the critical aspect of alignment between security investments and an organization’s risk mitigation goals.

This alignment extends beyond email security, encompassing communication channels like Slack and Teams, where security controls overlap. The key is to strike a balance between security and business functionality, acknowledging that complete security is an elusive goal. Instead, security leaders must focus on identifying the level of investment that mitigates the specific risks the business aims to address, all while recognizing the ongoing trade-offs inherent in cybersecurity.

Proving efficacy: A catalyst for security investment

In today’s cybersecurity landscape, proving the efficacy of security tools is paramount to securing investment. Forrester analyst Jess Burn’s research offers an intriguing perspective—efficacy drives budget allocation. In her extensive customer reference calls, she discovered that nearly all organizations used multiple email security solutions, often combining native email infrastructure with third-party offerings.

What piqued interest was the pivotal role played by efficacy in securing budgets for new solutions. Organizations conducted rigorous tests, engaging in simple bake-offs to measure the efficacy of potential security tools. This process, made easier through seamless API integrations, yielded quantifiable results. The ability to demonstrate that a solution effectively reduced phishing emails or bolstered security measures led to budget approvals. Efficacy became the catalyst for investment.

Showcasing ROI: Beyond Incident Response

Security investment isn’t merely about incident response; it’s a multifaceted endeavor. The best security programs operate seamlessly, and they are the ones you seldom hear about because they maintain a low-profile presence. However, showcasing the return on investment in such programs is essential.

Joel Fulton, esteemed cybersecurity expert, suggests that the ROI narrative should transcend the typical response-centric approach. Instead, it should focus on investments made in identification and protection measures. By demonstrating how these proactive steps reduce the need for responding to incidents, organizations can highlight their commitment to enhancing security maturity. A mature security program operates in a manner that anticipates threats, minimizing the need for reactive firefighting.

In conclusion, this chapter has illuminated the intricate world of security investments, emphasizing VMRay’s ROI-centric approach. As security leaders and decision-makers continue their journey, the next chapter will delve deeper into essential considerations when selecting a security tool. Stay tuned for valuable insights that will empower you to make informed choices in an ever-evolving cybersecurity landscape.