The benefits for AppGuard can be measured in both costs saved and costs avoided.
AppGuard improves the efficiency of protecting your endpoints: fewer false positives; protection of legacy systems that cannot be migrated;
AppGuard frees up resources for redeployment e.g. in patch management; application management; digital certificate management and IT Security Management;
AppGuard can prevent the repetition of Ransomware and other malware attacks by preventing execution of unknown programmes, saving you breach losses.
Although the annual cost of AppGuard will represent additional capital expenditure, savings will be made in three core areas: ‘Operating System Efficiency Savings’, ‘Manpower Savings’ and ‘Avoiding Costs of Recovery’.
Operating System Efficiency Savings
AppGuard creates dramatic efficiencies through the reduction of false positives that are otherwise created while trying to ‘match’ the current potential attack to a previously proven attack. These false positives can require significant internal or external IT resources to manage, which can be expensive and unnecessary.
And remember, AppGuard:- • Requires no update or Internet connection
- • Uses less than 1% processing of the end point it is protecting
- •Needs less than 1 MB disk space on the end point it is protecting
Finally, the efficiencies enabled from supporting costly legacy operating systems (such as Win 7), that are required to host applications and systems that cannot be migrated to the latest operating systems, will realise tangible security update costs (£50-£200 per device per year).
Manpower Savings
AppGuard will allow IT manpower resources to be reduced or diverted onto other projects and tasks in the following areas:
| Patch Management |
Patch management tasking from a deployment timeframe will be reduced with AppGuard. As AppGuard protects against discovered Zero-day vulnerabilities, no emergency change control process or associated resources is required. As AppGuard simply blocks the urgency of needing to deploy a security related patch is reduced. |
| Application Management |
AppGuard can facilitate the protection of the baseline set of applications installed on the workstation or server. This is done by simply not allowing any installations to be conducted unless authorised through the MSSP or designated person within the organisation. This will reduce the time required to continually audit workstations and servers or to conduct management of specific applications within the organisation. |
| Digital Certificate Management |
AppGuard will successfully identify all signed and unsigned digital certificates. This can allow an organisation to accurately map all the installed signed and non-signed applications running on their workstations and servers. This will reduce the overhead of manually identifying issues with certificates for applications within an organisation. This provides improved governance and removes the likelihood of rogue applications; another security risk. |
| IT Security Management |
AppGuard will successfully identify all signed and unsigned digital certificates. This can allow an organisation to accurately map all the installed signed and non-signed applications running on their workstations and servers. This will reduce the overhead of manually identifying issues with certificates for applications within an organisation. This provides improved governance and removes the likelihood of rogue applications; another security risk. |
The deployment of AppGuard will allow for an organisation to re-deploy or reduce its IT Security Team/IT Support Team numbers.
Avoiding Costs of Recovery
The cost of recovering and associated operating downtime from a Malware attack will be significant. The likelihood of having to recover from malicious attacks when AppGuard is implemented would be very unusual.
Sample Cost of a large attacked site:
Excerpts from a UK Public Sector department revealed that the 2017 WannaCry attack cost the organisation in excess of £92m.
These costs, using the mid-range estimates for lost output, are shown below. The estimated financial costs consider the direct costs of lost output and IT support.
|
During attack (£mill) |
Aftermath (£mill) |
Total (£mill) |
| 1. Lost output |
19 |
0 |
19 |
| 2. IT cost |
0.5 |
72 |
73 |
The above table reflects costs that as 80 organisations were successfully attacked, on average each organisation suffered losses as follows:
During the attack: £6,250
To recover after the attack: £900,000
Total cost to each organisation: £906,250
Although these are example recovery costs, AppGuard would remove the cyber risk associated from a Ransomware attack and therefore any impact of recovering post a cyber-attack. If funds have been allocated for cyber recovery activity in order to mitigate the cyber risk, these would be better placed into investing in AppGuard that would prevent the attack from happening.
Summary
When implementing AppGuard organisations heavily influence their risk profile, with a significant reduction in risk from cyber-attacks.
- These are estimated figures based upon our work with other similar organisations prior to implementing AppGuard. Their risk profile is approximately 50% secure as they are not always able to implement patches at the time of their release. Added to this there are considerable legacy system vulnerabilities. Interestingly, some organisations of a similar profile would consider their current risk profile at 80% secure.
- With AppGuard, the organisation’s risk profile increases substantially to approximately 80% as they now have full 365x24x7 protection against unknown (and known) attacks, less urgency for immediate patching, less false/positives and their legacy systems are also fully protected, with no need for segregation or containerisation.
- Knowledge of which applications, executables and processes are running on your endpoints.
- IT resources more focussed on response to positive alerts, less stressed and with correct information from the MSSP to target the threat which was unable to execute.
