Carbon Black & VMware Announce Expanded Partnership to Secure the Software-Defined Data Center (SDDC) Learn more

Questions to Consider When Calculating Cost of Ownership in Security

jet1
Hex_Honeycomb
August 8, 2016 / Joel Rising

There have been times in history when a certain force dominates the landscape. That is to say, when a nation dominates the world. Examples include Egypt, Persia, Rome, France, England, and the United States.

Military history shows us that each time, these forces were able to dominate largely because of technology. They built a powerful technology that could be wielded by a single solder. And their superiority shows in their “man-to-man kill ratio.”

“Kill ratio” even has a trend. It’s about 20:1. One fighter jet against 20 tanks, for example.

But what does it take to put that fighter jet in the air? What is the true “cost” of that kill ratio?

An aircraft carrier is a floating city, typically housing 5,000 or more personnel. Maybe 50 of them are jet pilots.

We often talk about creating “tiers” for our SOC teams. Who’s the junior? Who’s the senior? Who’s detection? Who’s response?  Who’s the pilot and who’s the gunner?  Who’s the Phantom, who’s the Warthog?  (No disrespect to my pilot friends; I know the comparison is apples to oranges.)

But we rarely talk about the support tiers BEYOND the SOC team.

That aircraft carrier has people fixing planes, fueling, driving the boat, maintaining the ship, cooking food, doing paperwork, cleaning toilets.

And that paints a more nuanced picture of what the “kill ratio” really computes to.

There’s a lot more to “winning” than just the pilot in the cockpit.

You are investing in security technology.  You are investing in security teams. Are you investing in company security?

Who maintains the servers on which your security tools sit?  Ops team, or SOC team?

How positive is the relationship between SOC team and Ops team?

Who troubleshoots “perceived performance impacts” from security software? Is that SOC team or Ops team?

How many tickets does Ops team close, and how many get escalated to SOC team?

How many of your “pilots” are fixing and fueling their own “planes?”

How many roadblocks do they run into when they ask for help?  SOC team staffed up, but did Ops team staff up?

I don’t want you to think that better security means some gigantic change in your bottom line.  I do want you to hear that, when a nation is “at war,” in order to win, the whole nation must be “at war” in effort and in attitude.

I want you to think about, if not necessarily calculate, whether you might need to accommodate a little extra “cultural change”and a little extra total cost of ownership.

 

TAGS: Kill ratio / security / SOC

Related Posts