The Business Case for Testing Your Security Solution

By Spirent On September 6, 2012
Security, ROI

The business case for testing your security solution

What is the cost of insecurity? Headlines and bottom lines.

In the last year alone the stories of high-profile security breaches included LinkedIn (6 million passwords compromised), Sutter Health ($1 billion class action lawsuit), and Sony ($24 billion in lost revenue).

But you don’t have to be a big name to become a target. In 2011, Symantec alone blocked more than 5.5 billion cyber-attacks. According to Kaspersky Lab, in 2011 an average of 108,035 cyber-attacks per hour (1800 a minute) were launched from 4,073,646 domains.

Holding the FortAnd the successful attacks are costly. Gartner estimates the low end of the range of hourly cost of downtime for computer networks at $42,000. For a financial services company that trades on Wall Street, the cost could be ten times that or more. Even a short outage can rack up significant costs. The loss of HIPPA data due to a breach has cost some companies as much as $1,000 per record in the resulting lawsuits.

In this brave new world, an unprotected enterprise won’t last a day, but what does an effective security solution cost? When it comes to security, ROI is calculated by comparing how much you spend to how much you can avoid losing, much like spending money on the legal department to reduce your liability. A good maximum budget for protection is thirty to forty percent of the anticipated cost of the loss, but the cost of a security solution typically falls well below the maximum.

But simply installing a security solution is no guarantee of protection against a breach. Most likely, all of the companies in the horror story headlines had some measure of security in place. However, those measures obviously proved insufficient to protect them from serious exposure and loss of revenue. How can you assure yourself and the stakeholders in your organization that your security performs as it should?
Two essential elements apply when acquiring and deploying a security solution. Regarding vendors and their claims—trust but verify. When it comes to verifying the efficacy of a solution—use a test platform with the power to achieve test realism.

Testing is the key to effective security, but inadequate testing causes more problems than not testing by creating a false sense of security. A test platform with the power to create test realism and the use of industry best-practices, developed over time through experience and expertise, allow organizations to test and deploy security solutions with confidence.

For more information on testing your security solution, download the Spirent white paper “Holding the fort—securing your network with app-aware firewall testing”.


comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.