There are 3 ways typically to do cyber security:
The first is to buy commercial, off the shelf products. This can get expensive quickly or leaves you with gaping holes and a false sense of security. Products that offer less than 10% of the total solution tend to sell themselves as being extremely affordable for everyone, at the starting point of almost $1,500 CAD per month. ($1,075 USD for Alienvault SIEM, a core foundation part of any solution.) Typical “budget” price range for all of the components you require to provide a complete package for a company with a dozen or so computers can easily be north of $25,000 CAD monthly, or in the range of $300k per year. This cost can easily go higher if you don’t shop around for the “budget” products. This really should just be part of the second option, but many companies that go this route try to just add the job to their current IT staff, or outsourced IT support.
The second is to hire a one man jack-of-all-trades to handle your security. If they are using commercial products, this is a viable option. You can take your $300k software license cost (since a Security Analyst requires tools to do their job) and add on $95,433 for their salary. (Indeed Security Analyst Salary.) Of course you can use Open Source products as abrisuite does, but then you need to add in the people to research, deploy, maintain, and update those platforms since there is not the same level of automation in most Open Source products.
The third is to build a Security Operations Center, stock it with many open-source tools (and some commercial tools) and hire people to do the job properly. This is the way most large companies go about security since it’s really the best approach on a cost per user, assuming you have enough users to make it viable. We will go into a bit of a deeper dive on this method since it’s the solution abrisuite offers.
Let’s start with a quick overview of the basic components that are required for a secure business. At a very basic level you need a firewall to keep control of access to your network. (1 – Firewall) Both your firewall and devices on your network should have intrusion detection and prevention systems. (2 – IDS/IPS) If you want to be able to access your systems remotely, that firewall should also have a VPN capability. You need to have a network monitoring system in order to know what is on your network, running, and failing in any way. (3 – NMS) In order to understand any sort of security risks, you need to have a security information and event monitor. (4 – SIEM) To keep confidential data in your network, and know that nothing is being stolen, you need a data leak prevention system. (5 – DLP) All of the computers on your network require Advanced Endpoint Protection in order to try and keep them secure. (6 – AEP) All of the computers and data on your network require constant backup to be able to recover from any sort of disaster. (7 – Backup) One of the weakest points almost networks are your users. Regular user security training is required so that hackers can’t simply by pass all the rest of the systems by fooling one employee. (8 – User Security Training) With all this complexity comes a critical point of failure. You need people to constantly monitor and manage all of this. That brings us back to another key piece. A security operations center is required to complete the package. (9 – SOC)
Inside the security operations center, or any security Department even within a company for that matter, are some core roles. A security engineer is responsible for maintaining the tools and implementing and updating systems. Security engineer specialise in SIEM platforms. This is the person that make sure all the tools required to secure a business are in place, up to date, and used properly. A security analyst is responsible for using the tools put in place by the security engineer. These are the people that look at all the information coming out of the security systems and determine what is good or bad on the networks and systems. They are responsible for investigating and correcting vulnerabilities and alerts from the systems. A security administrator is tasked with finding the correct procedure for updating and patching or otherwise protecting systems where vulnerabilities have been found. A network administrator is responsible for scripting an automating mass deployment of any fixes created by and documented by the security administrator. Simultaneous to the network administrator creating a mass automated deployment plan, a penetration tester validates that the fix does indeed fully address the issue.
Considering the number of hours, it takes just reading and staying current on security, it is not viable to say that you’re going to have many rolls on few people with a security operations center. Finding and deploying fixes to problems is highly inefficient went asked on the same person. Designing a maintaining the systems that give the data and managing the data that comes out of the systems is not reasonable to ask a single person to do. While there are some companies that tried fit all rules on one person, it is generally a recipe for failure or at the very least rapid burnout of your employee. To be ongoing and stable, you’re going to require at least half a dozen people. With the low end of cyber security roles paying 6 figures, a security operations center can’t reasonably be staffed and run for less than about $750,000 per year. This does not include any administrative overhead, buildings, or other normal business overhead. This puts around a $1,000,000 annual price tag on reasonably good security for a business as the point of entry. Something that is far out of reach of most small and medium businesses. When you have thousands of systems to spread this across, cost go up at a nominal rate compared to the barrier of entry. This is how come it becomes cost effective for large enterprise.
While every small business is quite unique, the systems you use are not as unique as you may think. You’re running the same sorts of applications is others in the same industry. This means that you can take advantage of economies of scale when it comes to a security solution simply by buying the same system that others are using. In a unique system, a vulnerability getting found requires the security analyst, System Administrator, network administrator, and penetration tester. They all work for a couple of hours on a single problem to come to a solution. 8 hours of labour later and you have a fix to a potential critical threat. Since most companies are not using unique systems, the automated deployment to 1 machine or 1000 machines is essentially the same. The difference comes in 1000 machines only costing half a minute of time for that fix. Assuming an hourly rate of about $150, your 8-hour workload comes with a $1,200 bill. If you have a small business with 12 computers, you have averaged the cost of that one fixed to about $100 per machine. If you divide that across the 1000 machines the cost becomes negligible. Considering the hundreds of vulnerabilities that come out for the majority of systems in wide-spread use, the only way to make half decent security a real option is to have the ability to average out costs over a multitude of computers and users.
By targeting specific like-verticals, abrisuite manages to bring the economy of scale normally reserved for large enterprise to small and businesses. Rather than paying hundreds per PC in cost per vulnerability, times hundreds or even thousands of vulnerabilities per month, we let companies pay for a fraction of that. The same scripting that allows us to deploy fixes for vulnerabilities allows us to maintain the control systems in your network remotely without huge cost. And we work with virtually any IT provider you have that does all of your non-security work. Cyber Security pays much more than System Administration, so if your IT guy knew cyber security, they probably wouldn’t still be doing your IT. Because of this, there is no conflict in service offering for us and your IT provider, and it’s rare we get resistance working with almost anyone. Honestly speaking, security is boring, tedious work. (And that’s why it pays more.) Most IT people we come across are rather happy to have it taken care of for them.
We are always happy to answer your questions. We know it’s not just a computer system, it’s your business. Feel free to contact us to book a free consultation to determine if abrisuite is the best fit for your business.