Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
SYS-CON.TV
Network-Based Attacks: How Much Can They Cost You?
Techniques and resources for IT managers to develop their own cost model

Every business acknowledges that network security is critical. But how do you quantify the business value that a secure network provides? And how does an enterprise evaluate and justify investing in network security products like next-generation firewalls, intrusion prevention systems and unified threat management appliances?

While there is no exact formula or "cost of attacks" calculator, there are some useful guidelines and research studies that can provide techniques and resources for IT managers to develop their own cost model. There are three core areas that are important for assessing the impact of network-based attacks and the "prevention value" of next-generation firewall technologies:

  • Defining the different types of network-based attacks
  • Understanding how those attacks can affect your bottom line
  • Methods of quantifying the impact of those attacks

Types of Network-Based Attacks
There are hundreds of types of network-based attacks that can damage an organization. The most common forms include:

  • Viruses, Trojans, worms and other malware that can shut down servers and workstations, or steal data.
  • Advanced persistent threats designed to penetrate networks and surreptitiously steal intellectual property and confidential information.
  • Distributed denial-of-service (DDoS) and flooding attacks that can overwhelm servers and shut down web sites.

How Network-Based Attacks Can Affect Your Bottom Line
This is where it hurts - attacks cause two major categories of harm, regardless of the source: data breaches and loss of service.

Data breaches are always a topic of sensational news coverage, as they result in confidential information being captured and surreptitiously removed out of the organization into the hands of criminals or competitors.

The damage caused by data breaches is visible and very painful. They can be financial (lost revenue, legal and regulatory costs, lawsuit awards and fines) "soft" costs (loss of customer goodwill and loyalty) and loss of competitiveness (through loss in intellectual property). Companies that have suffered data breaches spend an inordinate amount of time and money in detection and technical remediation costs identifying and blocking attacks as well as assessing damage and putting corrective measures in place. In addition, the negative publicity over a data breach lasts far beyond the attack itself.

Denial-of-service attacks result in computer systems - workstations as well as web, application or database servers - being degraded or completely disabled.

The damages in this scenario can also be catastrophic. Commerce slows to a crawl or stops altogether, so revenue is directly impacted. Day-to-day processes are interrupted or employees cannot do their jobs because the network is down.  As with data breaches, there's a real cost associated with IT and support staff having to diagnose problems, coach employees, restart services and re-image PCs.

How to Estimate the Costs?
There is no one-size-fits-all cost model.

Two independent sources that can help IT quantify the impact of network-based attacks can be found in a March, 2012 study from Ponemon Institute, and the NetDiligence® Cyber Liability & Data Breach Insurance Claims Study published in October, 2012.

The Ponemon Institute conducted in-depth interviews late in 2011 with 49 U.S. companies in 14 industries that had experienced the loss or theft of customers' personal data. Some of the key findings:

  • The average total cost of a data breach: $5.5 million.
  • Lost revenue per breach: $3 million
  • Post-data breach costs: $1.5 million (everything from help desk, remediation, customer discounts and more)

The per-record figures - which are based on fairly large quantities (typically 100,000+ records) - can give IT managers at least some sense of the cost associated with data breaches, scaled to the size of the enterprise and the number of threats typically faced.

The NetDiligence study analyzed published a study of 137 events between 2009 and 2011 that resulted in insurance companies making payouts on cyber liability claims. Average payouts:

  • Legal settlement per event: $2,100,000
  • Legal defense per breach $582,000
  • Total average insurance payout costs per event: $3.7 million

While these two studies measure different elements of the costs associated with network attacks, they are consistent in one sense - both illustrate just how costly network attacks really are to a company's bottom line, its reputation and its ability to compete.

Beyond these numbers, there are some back-of-the envelope calculations that can help justify the investment needed for next-generation network firewall technologies:

  • The revenue loss for every hour your web site is down or significantly impaired because of a DDoS attack.
  • The productivity loss for every hour a key business process is down because of malware disabling the server.
  • The hourly rate for help desk personnel to diagnose malware infections on PCs and for the support group to re-image infected PCs.
  • The cost per record for notifying customers or employees in the event of a data breach and providing credit monitoring services to them for a year.

Two additional techniques may be helpful in estimating the costs of attacks. Some organizations have created detailed estimates of possible future ramifications by conducting "war game" simulations. These involve gathering a cross-section of company staff from IT, marketing, HR, legal and other functions, and running through an attack scenario. These exercises not only help quantify costs, but often turn up unexpected effects - for example, contractual obligations or the regulatory impact of data breaches.

Taking Action
How does this all net out for IT managers? The bad news: network attacks are costly, disruptive, potentially catastrophic on many levels and should be avoided at all costs. The good news: there is a rich tool and service set available to help understand exactly how data breaches and loss-of-service attacks can affect your company's bottom line. By comparing these costs with the preventative costs of next-generation protection technologies you are better armed and prepared to understand and articulate the financial and strategic value of increasing investment in securing your company's network. This is not just an academic exercise, it is a business imperative.

About Patrick Sweeney
Patrick Sweeney has over 20 years experience in high tech product management, product marketing, corporate marketing and sales development. Mr. Sweeney is Dell SonicWALL’s Executive Director, Product Management, where he oversees its Network Security, Content Security, Business Continuity and Policy & Management product lines. Previous positions include Vice President of Worldwide Marketing, Minerva Networks, Senior Manager of Product Marketing & Solutions Marketing for Silicon Graphics Inc, Director of Worldwide Sales & Marketing for Articulate Systems, and Senior Product Line Manager for Apple Computer. Mr. Sweeney holds an MBA from Santa Clara University, CA.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

SOA World Latest Stories
When building large, cloud-based applications that operate at a high scale, it’s important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. “Fly two mistakes ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand usin...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and sy...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portabil...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is founda...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder an...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE