Educause Security Discussion mailing list archives
Re: post firewall deployment ROI numbers
From: Karen Duncanson <duncans2 () OAKLAND EDU>
Date: Mon, 12 Jun 2006 08:51:15 -0400
The metrics for this, if you can find meaningful ones, will be very difficult to determine due to the variables involved in utilizing a firewall. After 10 years of deploying various firewalls, I have found that they tend to be viewed as monlithic, when in fact they are not. The manpower going into deploying, maintaining and utilizing firewall depends on how you want to use it and on how much service you want to get from it. I find that the more effective you want that firewall to be, the more time is required to configure, maintain and monitor it. (more FTE). A better metric might be to visit the site http://www.dshild.org or similar site. There you will find, reports regarding the number of attacks originating from various ip address spaces. These can be easily mapped to various sites that have, or do not have a firewall (you will need to ask around). In this way you can map the firewall FTE to effectiveness. You may also want to ask generic questions regarding basic configu! ration. For example, a firewall configured to deny all except that specifically specified will require fewer FTEs from the admin and result in fewer FTEs from the on staff and allow fewer attacks paths into and out of the site. Historically, I have occaisonally observed organizations putting up firewalls that do little, require little attention (few FTEs) and provide a false sense of security which encourages users and admins to become lax about desktop maintanance. In the extreme this will be a negative firewall. These should not be in your report :-) Hope this perspective helps you with your report. ---- Original message ----
Date: Fri, 9 Jun 2006 13:20:55 -0700 From: Tina Darmohray <tmd () STANFORD EDU> Subject: [SECURITY] post firewall deployment ROI numbers To: SECURITY () LISTSERV EDUCAUSE EDU I'm looking for Return On Investment numbers from universities who have deployed firewalls. E.g., one university has shared that they reduced their incidents by > 90% by firewalling their campus. Another university reduced their incident response staffing from 1.25 FTE to 1 FTE [10K node network] through firewallng. Do you have similar numbers you'd be willing to share? I can summarize to the group, or if you'd prefer your numbers not be widely posted, let me know that too. Thank you for your help! -- Tina Darmohray Information Security Officer tmd () stanford edu (650) 724-7661
Karen Duncanson, CISSP, CCNA UTS/Network Security Analyst www.oakland.edu/uts 248-370-2675
Current thread:
- post firewall deployment ROI numbers Tina Darmohray (Jun 09)
- <Possible follow-ups>
- Re: post firewall deployment ROI numbers Karen Duncanson (Jun 12)
- Re: post firewall deployment ROI numbers Flagg, Martin D. (Jun 12)
- Re: post firewall deployment ROI numbers Gary Flynn (Jun 12)
- Re: post firewall deployment ROI numbers Russell Fulton - ISO (Jun 12)