CoreTrace Whitepaper: BOUNCER by CoreTrace ROI Analysis

COnTenTS

bOun

Cer

by C

Ore

Tra

Ce r

Oi a

na

lySi

S

CoreTrace Corporation 6500 River Place Blvd., Building II, Suite 105, Austin, TX 78730

512-592-4100 | [email protected] | www.coretrace.com

BOUNCER by CoreTrace™ with its unique Endpoint Security v2.0 whitelisting solution is sounding the death knell for inferior Endpoint Security v1.0 solutions (i.e., blacklisting solutions). BOUNCER’s revolutionary 180°-shifted approach to endpoint security is a disruptive technology that delivers true endpoint security and sets a new standard-of-care benchmark for the industry. The prevailing circumstances for endpoint security have inarguably changed for the better. BOUNCER closes the well-publicized security gaps that plague Endpoint Security v1.0 solutions that are evident in data-breach headlines that—even though grossly underreported—are now commonplace.

Not only does BOUNCER’s superior Endpoint Security v2.0 technology provide true endpoint security, but it does so at a significant savings of $938,085 over Endpoint Security v1.0 solutions—an $846 savings per server per year (assumes a three-year 500-server implementation). Moreover, this BOUNCER implementation is forecasted to pay for itself in less than 10 months and it has an ROI of 277%.

July 2008

BOUNCER by CoreTrace™

Provides True Endpoint Security with Rapid Breakeven

1 Overview

2 TCO: endpOinT SeCuriTy v1.0 vS. v2.03 Three-Year 500-Server Implementation4 Annual Cost per Server

patch management Configuration Management and License Auditing help Desk Support Failed-System Recovery lost End-User productivity Blacklist Signature Subscriptions Blacklist management BOUNCER maintenance and Support BOUNCER management

8 Summary

http://www.coretrace.com/

http://www.coretrace.com/index.php?pid=108

http://www.coretrace.com/


BOUNCER by CoreTrace ROI Analysis 1

OverviewBOUNCER by CoreTrace™ with its unique Endpoint Security v2.0 whitelisting solution is sounding the death knell for inferior Endpoint Security v1.0 solutions (i.e., blacklisting solutions). BOUNCER’s revolutionary 180°-shifted approach to endpoint security is a disruptive technology that delivers true endpoint security and sets a new standard-of-care benchmark for the industry. The prevailing circumstances(1) for endpoint security have inarguably changed for the better. BOUNCER closes the well-publicized security gaps that plague Endpoint Security v1.0 solutions that are evident in data-breach headlines that—even though grossly underreported(2)—are now commonplace.

This paper presents an illustrative analysis of the total cost of ownership (TCO) of Endpoint Security v1.0 vs. BOUNCER’s Endpoint Security v2.0 to provide a framework for discussion of BOUNCER’s return on investment (ROI). The analysis in the main body of the paper presents the hard costs; the commentary on the periphery of the paper presents the really-hard costs—the kind that can crush a company. Fortunately, with BOUNCER-protected endpoints, these really-hard costs for some companies can be avoided costs for your company. While you are reading this paper, allow yourself to become a peripheral visionary:(3) visualize your company navigating the gauntlet of cyberthreats and compliance audits with and without BOUNCER-protected endpoints and ask yourself what a prudent person would purchase given the circumstances now prevailing—v1.0 security-gap-riddled technology or BOUNCER’s v2.0 true endpoint security?

Gartner states, “IT security organizations that spend compliance dollars wisely can also solve security gaps and reduce risk.”(4) BOUNCER is the perfect example of this type of investment—BOUNCER eliminates the need for and expense of ineffective blacklisting solutions and BOUNCER protects unpatched vulnerabilities from exploitation, effectively neutralizing zero-day threats; therefore, with BOUNCER-secured endpoints, IT departments, compliance departments, and corporate officers with fiduciary duties can have confidence that zero-day threats have zero time-to-live.

Not only does BOUNCER’s superior Endpoint Security v2.0 technology provide true endpoint security, but it does so at a significant savings of $938,085 over Endpoint Security v1.0 solutions—an $846 savings per server per year (assumes a three-year 500-server [Windows and Solaris] implementation). Moreover, this BOUNCER implementation is forecasted to pay for itself in less than 10 months and it has an ROI of 277%.(5)(6)

(1) “In most countries, the management of an organization has a financial responsibility to the owners of a company. In a publicly traded company, this is the shareholder. When considering the liability that a company or senior executives may face when security is breached, there are several concepts with which one should become familiar. In no particular order, they are due diligence, due care, and the prudent man rule.

...the prudent man rule is a rule that management must follow when determining if due diligence and due care have been exercised properly. The prudent man rule states that management is required to perform those duties that “prudent” people would normally take, given similar circumstances.”

Cliff Riggs; Network Perimeter Security: Building Defense In-depth; CRC Press, 2003; pp 10–11.(2) Robert McMillan; Most retailer breaches are not disclosed, Gartner says; Computerworld.com; May 26, 2008.

(http://computerworld.co.nz/news.nsf/scrt/AB1E9146A5D82A3CCC257454007AB6C6)(3) Comedian Steven Wright: “I’m a peripheral visionary. I can see into the future—just way off to the side.”

Bruce Weber; COMEDY REVIEW; This Guy Still Finds the World Baffling. Blame the World.; The New York Times; June 18, 2002. (http://query.nytimes.com/gst/fullpage.html?res=9506EEDA1E3CF93BA25755C0A9649C8B63)

(4) Mark Nicolett; Key Issues for Infrastructure Protection, 2008; Gartner; March 10, 2008. (http://www.gartner.com/DisplayDocument?ref=g_search&id=619208)

(5) Ross Kerber; Advanced tactic targeted grocer; The Boston Globe; March 28, 2008. (http://www.boston.com/news/local/articles/2008/03/28/advanced_tactic_targeted_grocer/)

(6) Judy Harrison; Hannaford breach lawsuits assigned to judge; Bangor Daily News; June 10, 2008. (http://bangornews.com/news/t/news.aspx?articleid=165441&zoneid=500)

“A massive data breach at Hannaford… was caused by…software…secretly installed on servers at every one of its grocery stores…Hannaford said…that the problem potentially compromised the account numbers and expiration dates on all 4.2 million credit and debit card numbers used at its stores in six states…Hannaford said it knows of about 2,000 cases of fraud related to the intrusion…Hannaford…has replaced the hardware on which the malware was installed… Hannaford said… that it was certified a year ago as meeting card security standards and was recertified on Feb. 27…the day Visa first notified Hannaford of unusual card activity and began its investigation.(5)

– Ross Kerber The Boston Globe

“The federal lawsuits filed…over the security breach of Hannaford…have been consolidated and assigned to the District of Maine… As of June 1, 14 lawsuits had been filed.(6)

– Judy Harrison Bangor Daily News



TCO: endpOinT SeCuriTy v1.0 vS. v2.0Endpoint Security v1.0 with its multiple layers of reactive antivirus and blacklisting databases, security patches, and personal firewalls (all of which slow performance and add significant cost to network operations) can’t defeat today’s threats (e.g., zero-day attacks from malware, rootkits, and buffer overflows)—let alone tomorrow’s.

Zero-day threats are the bane of Endpoint Security v1.0’s reactive blacklisting strategy (that is, to identify malware and keep it out)—since the strategy is dependent on timely signature updates, it is inherently flawed and no amount of multi-layering or heuristics can save it. In effect, blacklisting surrenders control to the cybercriminals, handing them the first-strike advantage. Moreover, if the first strike is delivered by a stealth bomber (buffer overflow code injection) that happens to drop a kernel-based-rootkit payload, Endpoint Security v1.0 technology is unaware that an attack has occurred and the compromised system is literally open for business.(7)

BOUNCER takes a revolutionary 180°-shifted approach to endpoint security providing a unique Endpoint Security v2.0 solution that defeats today’s, tomorrow’s, next year’s…threats—finally, efficiently, effectively, BOUNCER stops the madness.

BOUNCER is proactive, whitelist-based, provides enforcement from within the kernel, and delivers true endpoint security and reduces the cost of managing corporate IT assets through the following measures:

Eliminating the need for reactive security patching (patch for features you need on your �schedule and have time to fully test patches) and chronic signature updating.

Blocking configuration drift and reducing the need for frequent license auditing. �

Reducing IT help desk workload by eliminating calls related to security failures, as �well as performance and system instability issues triggered by rogue applications and configuration drift.

Reducing expensive downtime costs caused by time-consuming recovery efforts and lost �end-user productivity due to security breaches.

TCO for a traditional Endpoint Security v1.0 solution’s blacklisting approach consists of the use of antimalware technology plus frequent patching, configuration management, and license auditing. The costs include staff time to handle security-related help desk calls and recover failed systems, annual subscriptions to blacklist signature services, and lost productivity due to server downtime and lost end-user productivity. BOUNCER’s Endpoint Security v2.0 solution significantly reduces valuable staff time required for patching, configuration management, help desk calls, and failed-system recovery, as well as eliminating the cost for annual blacklist subscriptions and blacklist management.(8)

(7) “It is foreseeable that a victim of a cyber-extortion scheme involving a DDoS [distributed denial of service] attack will sue the owners of the networks used to perpetrate the attack. There is no statute that criminalizes allowing one’s computer or network to be hijacked and used as a zombie to attack other computers or networks. However, there are doctrines and precedents that are applicable to this seemingly novel fact pattern…as security practices become more harmonized and routinized over time, the likelihood of a plaintiff winning a negligence lawsuit in the context of downstream liability will improve…Negligence is clearly the most applicable potential framework in seeking redress from a business that fails to take reasonable steps in protecting its information system, such as to allow it to become an attack zombie…far from requiring a standard of perfection, an action based on negligence theory will, practically by definition, seek out and enforce a reasonable standard.”

Adam J. Sulkowski; Cyber-Extortion: Duties and Liabilities Related to the Elephant in the Server Room; bepress Legal Series, Working Paper 1935; January 11, 2007. (http://law.bepress.com/expresso/eps/1935)

(8) Avivah Litan and John Pescatore; Hannaford Case Shows Need for End-to-End Card Data Security; Gartner; March 20, 2008. (http://www.gartner.com/resources/156500/156542/hannaford_case_shows_need_fo_156542.pdf)

“Hannaford…represents the first publicly acknowledged theft of sensitive card authorization data in transit...The theft is likely to be particularly damaging for card-issuing banks. The theft of the security codes…enables criminals to manufacture counterfeit cards, and any fraudulent charges made using the counterfeit cards must be borne by the issuing banks. Under Visa rules, if a merchant is identified as the source of the data breach, direct fraud costs initially borne by the bank can be charged back to the retailer. Without the security codes, criminals can use the card information only in card-not-present environments…in which case the retailer bears liability…This theft shows that a focus on end-to-end protection of customer data…is critical for merchants and other card-industry stakeholders… Focusing only on PCI compliance may limit the possibility of fines from acquiring banks, but will do nothing to prevent the much-larger costs of a data breach.(8)

– Avivah Litan and John Pescatore

Gartner



ThREE-YEAR 500-SERvER ImplEmENTATIONTable 1 and Figure 1 compare the TCO for a three-year 500-server (Windows and Solaris) implementation for Endpoint Security v1.0 vs. BOUNCER’s Endpoint Security v2.0. This analysis demonstrates that BOUNCER can save an organization $938,085, deliver an ROI of 277%,(9) and is forecasted to pay for itself in less than 10 months.

Table 1. Endpoint Security v1.0 vs. BOUNCER’s v2.0 Total Cost of Ownership: Three-Year 500-Server Implementation

Year 1 Year 2 Year 3 3-Year ToTal

operaTing CosTs

Endpoint Security v1.0 $605,560 $605,560 $605,560 $1,816,680

Endpoint Security v2.0 $182,565 $182,565 $182,565 $547,695

v2.0 Cost (Savings) ($422,995) ($422,995) ($422,995) ($1,268,985)

Less BOUNCER Acquisition Cost $330,900 – – $330,900

Net v2.0 Cost (Savings) ($92,095) ($422,995) ($422,995) ($938,085)

v2.0 ROI(9) 277%

v2.0 Breakeven Point 9.7 months

$605,560 $605,560 $605,560

$513

,465*

$182

,565

$182

,565

EndpointSecurity

v1.0

EndpointSecurity

v2.0SAVINGS ($938,085)

3-Year Total$1,816,680

3-Year Total$878,595

Year 1 Year 2 Year 3

*Includes product acquisition cost.

Figure 1. Endpoint Security v1.0 vs. BOUNCER’s v2.0 Total Cost of Ownership: Three-Year 500-Server Implementation(10)

(9) v2.0 ROI = (v1.0 Operating Costs – (v2.0 Operating Costs – BOUNCER Maintenance and Support Cost)) / (BOUNCER Acquisition Cost + BOUNCER Maintenance and Support Cost*)

v2.0 ROI = ($1,816,680 – ($547,695 – $198,540)) / ($330,900 + $198,540)

*$198,540 = $132.36 (annual per server; see Table 2) × 500 servers × 3 years.(10) Andy Greenberg; If Security Is Expensive, Try Getting Hacked; Forbes.com; November 28, 2007.

(http://www.forbes.com/technology/2007/11/27/data-privacy-hacking-tech-security-cx_ag_1128databreach.html)

“2007 will go down in the record books as a thoroughly lousy year for keeping information private. Of the $198 average cost of each personal record lost this year, about $18 was spent on finding new customers to replace those who fled following a breach—up from $14.50 spent on customer acquisition in 2006 …Companies are also spending more on public relations damage control after data security incidents: 3% of data breach costs are now associated with post-breach P.R., compared with just 1% last year… “Now that we have these notification requirements, we can see who’s good at this, and who’s really awful at this”… “When a company exposes a security event to the public, the cost of lost business is much greater than a regulator’s fine or lawsuits. The stakes for security are really raised.”(10)

– Andy Greenberg Forbes.com



ANNUAl COST pER SERvERTable 2 and Figure 2 compare the annual TCO per server for Endpoint Security v1.0 vs. BOUNCER’s Endpoint Security v2.0; the methodology and calculations for the line items in Table 2 are discussed thereafter. This analysis demonstrates that BOUNCER can save an organization $846 per server per year.(11)(12)

Table 2. Endpoint Security v1.0 vs. BOUNCER’s v2.0 Total Cost of Ownership: Annual per Server

operaTing CosTs

endpoinT seCuriTY v1.0

endpoinT seCuriTY v2.0

v2.0 CosT (savings)

Patch Management $784.45 $51.98 ($732.47)

Configuration Management and License Auditing $167.50 $41.88 ($125.62)

Help Desk Support $81.78 $65.42 ($16.36)

Failed-System Recovery $47.26 $4.73 ($42.53)

Lost End-User Productivity $96.92 $9.69 ($87.23)

Blacklist Signature Subscriptions $14.31 — ($14.31)

Blacklist Management $18.90 — ($18.90)

BOUNCER Maintenance and Support — $132.36 132.36

BOUNCER Management — $59.07 59.07

Total Cost (Savings) $1,211.12 $365.13 ($845.99)

$365

$1,211Endpoint Securityv1.0

Endpoint Securityv2.0 SAVINGS ($846)

Figure 2. Endpoint Security v1.0 vs. BOUNCER’s v2.0 Total Cost of Ownership: Annual per Server(13)

(11) Assumes a three-year 500-server (Windows and Solaris) implementation.(12) Assumes the following fully-burdened staff costs per hour: help desk: $27.26, IT: $39.38, and white collar: $48.46.

Salaries for Tier 1 and Tier 2 IT workers and knowledge workers uplifted by a 26% burden rate.

Michael A. Silver, Federica Troni, and Mark A. Margevicius; Desktop Total Cost of Ownership: 2008 Update; Gartner; January 24, 2008. (http://www.gartner.com/DisplayDocument?id=588719)

(13) Ken Silverstein; Stealing Corporate Secrets; EnergyBiz Insider; February 29, 2008. (http://www.energycentral.com/centers/energybiz/ebi_detail.cfm?id=470)

“After several employees of the Oak Ridge National Laboratory acknowledged falling prey to nefarious emails that sought to infect their computers and steal corporate information, they were then told… it had been one aspect of a “sophisticated cyber attack” to gain access to several national laboratories and institutions. No business is immune…Corporate espionage is big business. According to the FBI, such theft costs all U.S. companies between $24 billion and $100 billion annually…about 20 percent of those losses are tied to cyber threats… according to a study by the American Society for Industrial Security and…Pricewaterhouse Coopers, proprietary information stolen at Fortune 1000 companies has steadily increased from $24 billion a year in 1995 to at least double that now…Fortune 2000 companies experience theft 2 or 3 times a year…adding billions more in losses. Oftentimes, they are unaware.(13)

– Ken Silverstein EnergyBiz Insider



patch managementEndpoint Security v1.0—Patching events for security vulnerabilities average twice a month and each event (which may include multiple patches) requires 0.83 IT staff hours per server.(14) Each patch event entails intrusion detection and identification of compromised systems after disclosure of a vulnerability, threat assessment, patch retrieval, assembly and testing, patch deployment, and, if necessary, failure resolution.

BOUNCER’s Endpoint Security v2.0—Zero-day threats no longer necessitate patching immediately upon notification of a security vulnerability. Patching can be conducted on a quarterly basis instead of reactively, several times a month. In addition, time required per patching event can be reduced by up to 60% because many steps are greatly simplified or no longer necessary. For example, the patching process no longer has to include time to detect intrusions, identify compromised systems, and perform risk analysis and make an impact assessment.

Table 3. Endpoint Security v1.0 vs. BOUNCER’s v2.0—patch management

endpoinT seCuriTY

paTChing evenTs (#/server/Year)

iT sTaff Time (hours/evenT)

iT sTaff CosT ($/hour)

ToTal ($/server/

Year) v1.0 24 × 0.83 × $39.38 = $784.45

v2.0 4 × 0.33 × $39.38 = $51.98

v2.0 Cost (Savings) 20 × 0.50 × $39.38 = ($732.47)

Configuration Management and License AuditingEndpoint Security v1.0—Blacklisting strategies do not stop configuration drift (the addition of applications by end users) and frequent patching also increases the need for configuration management. Furthermore, regular license auditing is also required to protect an organization from the legal risks of software license infringement. IT staff time required for configuration management and license auditing per server per year is 4.25 hours.(15)

BOUNCER’s Endpoint Security v2.0—True endpoint security delivered by BOUNCER eliminates the need for configuration management and license auditing to counter configuration drift and rogue applications. Use is reduced to satisfying compliance requirements, saving 75% of time previously required for these management functions.(16)

Table 4. Endpoint Security v1.0 vs. BOUNCER’s v2.0—Configuration Management and license Auditing

endpoinT seCuriTY

iT sTaff Time (hours/server/Year)


ToTal ($/server/Year)

v1.0 4.25 × $39.38 = $167.50

v2.0 1.06 × $39.38 = $41.88

v2.0 Cost (Savings) 3.19 × $39.38 = ($125.62)

(14) Average weighted time for patching events for Windows and OSS servers (both database and nondatabase servers) calculated at 0.83 hours.

Theo Forbath, Patrick Kalaher, and Thomas O’Grady; The Total Cost of Security Patch Management: A Comparison of Microsoft Windows and Open Source Software; Wipro Technologies Ltd.; April 2005. (http://download.microsoft.com/download/1/7/b/17b54d06-1550-4011-9253-9484f769fe9f/TCO_SPM_Wipro.pdf)

(15) CoreTrace analysis based on customer interviews and industry publications.(16) David Geer; The Patch Window is Closing; Processor, Volume 30, Issue 24; June 13, 2008.

(http://www.processor.com/editorial/article.asp?article=articles%2Fp3024%2F32p24%2F32p24.asp)

“Attackers use exploit code provided by tools such as Metasploit, which helps people create exploits (attacks) quickly and easily, and Fuzzers, which attack servers with millions of permutations of code searching for weaknesses…With these tools, attackers find any number of vulnerabilities and create and deploy attacks before their patches are released. Tools…are helping attackers create about a hundred new viruses every few minutes…security software can’t keep up. Plus, SMEs can’t always apply patches right away because attackers are finding vulnerabilities in the patches themselves and attacking those, too…This leaves enterprises vulnerable to at least some attacks no matter what they do…Attackers are too well-informed and exploits are multiplying too fast for the current system of downloading patches to be sufficiently effective by itself. SMEs are all too often vulnerable to attacks no one is aware of until they strike.(16)

– David Geer Processor



help Desk SupportEndpoint Security v1.0—An organization’s IT help desk can expect one call per end-user per server per year; with a call averaging 0.15 hours. With an average ratio of 20 end-users per server, a 500-server implementation can expect 10,000 help desk calls per year.(17)

BOUNCER’s Endpoint Security v2.0—IT surveys indicate that 75% of help desk calls are for routine requests such as forgotten passwords, how-to information, install/move/add/changes, support-specific service offerings, and hardware failures. However, 25% may be caused directly or indirectly by lack of endpoint security such as failures from security breaches, or performance and instability problems caused by rogue applications and configuration drift.(18) Enforcing endpoint security with BOUNCER can reduce help desk call load by 20%.(19)

Table 5. Endpoint Security v1.0 vs. BOUNCER’s v2.0—help Desk Support

endpoinT seCuriTY

help desk Calls

(Calls/server/Year)

help desk sTaff Time

(hours/Call)

help desk sTaff CosT

($/hour)

ToTal ($/server/

Year)v1.0 20 × 0.15 × $27.26 = $81.78

v2.0 16 × 0.15 × $27.26 = $65.42

v2.0 Cost (Savings) 4 × 0.15 × $27.26 = ($16.36)

Failed-System RecoveryEndpoint Security v1.0—Without true endpoint security, 1 in 10 servers is likely to be impacted by a security breach in a year. Recovery of the failed or compromised server can take up to 12 hours for systems with standby hardware and data replication and much more than 12 hours for recovery from traditional tape backup.(20)

BOUNCER’s Endpoint Security v2.0—With BOUNCER-secured endpoints, the projected system-failure rate attributable to a security breach is reduced by 90% to 1 in 100.(21)

Table 6. Endpoint Security v1.0 vs. BOUNCER’s v2.0—Failed-System Recovery

endpoinT seCuriTY

seCuriTY BreaChes (proBaBiliTY/server/Year)

iT sTaff Time (hours/ BreaCh)


ToTal ($/server/

Year)v1.0 10% × 12.0 × $39.38 = $47.26

v2.0 1% × 12.0 × $39.38 = $4.73

v2.0 Cost (Savings) 9% × 12.0 × $39.38 = ($42.53)

(17) CoreTrace market research shows that the help desk call rate averages one call per seat per year, and the average ratio of seats or end users per server is 1 to 20.

(18) SupportSoft Press Release; Employee Forgetfulness Causes Most Calls Into IT Help Desk; March 5, 2007. (http://supportsoft.mediaroom.com/index.php?s=press_releases&item=414)

(19) CoreTrace analysis based on customer interviews and industry publications.(20) Carla Safigan; Disaster Recovery for the Masses—The Role of OS-Level Server Virtualization in Disaster Recovery;

Computer Technology Review; May 2, 2006. (http://www.wwpi.com/index.php?option=com_content&task=view&id=1151&Itemid=44)

(21) Gregor Freund; Security—why don’t we get it?; cnet.com; November 4, 2003. (http://news.cnet.com/Security--why-dont-we-get-it/2010-7355_3-5101632.html)

“Our legacy security model is reactive… It’s the digital version of closing the barn door after the horse gets out. To make things worse, the gap is collapsing between the publication of a new vulnerability and the appearance of an exploit that takes advantage of it. More alarming still, our window to react to such exploits is shrinking. We must instead adopt a proactive security model that neutralizes attack vectors before a true crisis occurs…Malicious code can weaken network defenses— opening backdoors, stealing files or confiscating passwords— and pave the way for a secondary attack. Who has time to run exhaustive security audits—checking files’ integrity, changing passwords, etc.—after network infections?… And the most critical component for your first line of defense is proactive security.(21)

– Gregor Freund cnet.com



lost End-User productivityEndpoint Security v1.0—When a server fails, on average 20 end-users’ ability to perform their job is impacted.(22) If the organization has a business continuity plan, these end-users are out of operation on average only 1 hour instead of the 12 hours required to restore the server.(23)

BOUNCER’s Endpoint Security v2.0—With BOUNCER, lost productivity due to system failures caused by security breaches is reduced by 90%.

Table 7. Endpoint Security v1.0 vs. BOUNCER’s v2.0—lost End-User productivity

endpoinT seCuriTY

seCuriTY BreaChes

(proBaBiliTY/server/Year)

end users

(#/

server)

losT end-user

produCTiviTY (hours/BreaCh)

end-user CosT

($/hour)

ToTal

($/server/Year)

v1.0 10% × 20 × 1.0 × $48.46 = $96.92

v2.0 1% × 20 × 1.0 × $48.46 = $9.69

v2.0 Cost (Savings) 9% × 20 × 1.0 × $48.46 = ($87.23)

Blacklist Signature SubscriptionsEndpoint Security v1.0—Annual subscription to blacklist signature services is required.(24)

BOUNCER’s Endpoint Security v2.0—Not applicable.

Table 8. Endpoint Security v1.0 vs. BOUNCER’s v2.0—Blacklist Signature Subscriptions

endpoinT seCuriTY

ToTal BlaCklisT signaTure suBsCripTions ($/server/Year)

v1.0(24) $14.31

v2.0 –

v2.0 Cost (Savings) ($14.31)

Blacklist managementEndpoint Security v1.0—Blacklist management requires an average of 0.48 IT staff hours per server annually (update blacklists, perform scans, and monitor scan results).(25)

BOUNCER’s Endpoint Security v2.0—Not applicable.(26)(27)

Table 9. Endpoint Security v1.0 vs. BOUNCER’s v2.0—Blacklist management

endpoinT seCuriTY




v1.0 0.48 × $39.38 = $18.90

v2.0 — × — = —

v2.0 Cost (Savings) 0.48 × $39.38 = ($18.90)

(22) CoreTrace market research shows that the average ratio of seats or end users per server is 1 to 20.(23) Carla Safigan; Disaster Recovery for the Masses—The Role of OS-Level Server Virtualization in Disaster Recovery;

Computer Technology Review; May 2, 2006. (http://www.wwpi.com/index.php?option=com_content&task=view&id=1151&Itemid=44)

(24) Symantec Endpoint Protection 11.0: annual maintenance price for 500 systems. (http://www.symantec.com)(25) CoreTrace analysis based on customer interviews and industry publications.(26) Mathew Schwartz; Data Breach Damage Control; IT Compliance Institute; May 16, 2007.

(http://www.itcinstitute.com/display.aspx?id=1731)(27) Shaun Nichols; Big names fail VB100 antivirus test; vnunet.com; April 4, 2008.

(http://www.vnunet.com/vnunet/news/2213530/big-names-fall-vb100-test)

“Several major security vendors have failed the latest VB100 antivirus test…which requires antivirus tools to correctly identify 100 active malware samples collected from the internet…“Threats that several vendors failed to detect in this test have been circulating in the real world for some months now”…“It is disappointing to see so many products tripping up over threats that are not even new. Computer users should be getting a better service from their antivirus vendors than this.” Among the companies that failed were McAfee and Trend Micro.(27)

– Shaun Nichols vunet.com

“Your company just suffered a data breach. If you’re wondering what to do next, it’s already too late …it’s time to ask the tough questions: why did it happen, and whose head should be on a platter?… In short, when it comes to preventing security breaches…“It’s not just a security problem; it’s a management issue.”(26)

– Mathew Schwartz IT Compliance Institute



BOUNCER maintenance and SupportEndpoint Security v1.0—Not applicable.(28)

BOUNCER’s Endpoint Security v2.0—Industry standard maintenance and support for BOUNCER includes technical assistance, software maintenance (i.e., updates and upgrades), and an extended hardware warranty.

Table 10. Endpoint Security v1.0 vs. BOUNCER’s v2.0—BOUNCER maintenance and Support

endpoinT seCuriTY

ToTal BounCer mainTenanCe and supporT

($/server/Year)v1.0 –

v2.0 $132.36

v2.0 Cost (Savings) $132.36

BOUNCER managementEndpoint Security v1.0—Not applicable.

BOUNCER’s Endpoint Security v2.0—On an annual basis, CoreTrace estimates that it will take 1.5 IT staff hours per server to implement and manage BOUNCER. Tasks included in the 1.5 IT staff hours are initial policy generation and distribution, daily review of reports, and policy modifications. This cost is more than offset by the true endpoint security delivered by BOUNCER and the substantial cost savings made possible by BOUNCER.

Table 11. Endpoint Security v1.0 vs. BOUNCER’s v2.0—BOUNCER management

endpoinT seCuriTY




v1.0 – × – = –

v2.0 1.5 × $39.38 = $59.07

v2.0 Cost (Savings) 1.5 × $39.38 = $59.07

SummaryNot only does BOUNCER’s superior Endpoint Security v2.0 technology provide true endpoint security, but it does so at a significant savings of $938,085 over Endpoint Security v1.0 solutions (assumes a three-year 500-server [Windows and Solaris] implementation)—an $846 savings per server per year. Moreover, this BOUNCER implementation is forecasted to pay for itself in less than 10 months and it has an ROI of 277%.

(28) Barbara Darrow; Is Your CEO a Cybercrime Target?; Computerworld.com; November 06, 2007. (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9045564&pageNumber=1)

“A CFO at a Fortune 1000 company holds his cursor over an e-mail that appears to be from a direct report… Now the cybercriminal is in position to launch an attack that will allow him to mine the CFO’s hard drive for credit card numbers, passwords to corporate databases or other proprietary information. In one click, the CFO is going to have himself a big problem. If you’re his IT manager, you’re going to have one too. If…credit card phishers are the carpet-bombers of computer crime… C-level attackers are the snipers…the attackers have taken effort and time finding and researching… they [send] an e-mail from outside but make it look like it’s coming from inside the company…the vehicle for the Trojan is a Word or Excel file containing the exploit…seen cases where the exploit code is modified just enough to go undetected by the particular antivirus program the target company is running —and the hackers have done the work of finding out just what those programs are.(28)

– Barbara Darrow Computerworld.com



abOuT COreTraCeCoreTrace delivers a revolutionary approach to endpoint security with BOUNCER by CoreTrace™: the most tamperproof, scalable, and comprehensive kernel-level application whitelisting solution. Since BOUNCER only allows authorized applications to execute, it defeats sophisticated malware attacks, including rootkits and zero-day threats, and it neutralizes memory-based exploits like buffer overflows. With BOUNCER, companies can stop paying for annual signature updates and start patching applications on their schedule.(29)

© 2008 CoreTrace Corporation. All rights reserved. CoreTrace and BOUNCER by CoreTrace are among the trademarks

and registered trademarks of the company in the United States and other countries. All other trademarks are the property of their respective owners.

(29) Khalid Kark; Calculating the cost of a security breach; The CTO Forum; June 30, 2007. (http://www.thectoforum.com/article.php?prodid=664&page=1)

“Trying to determine the cost of a data breach is no easy task. After calculating the expenses of legal fees, call centers, lost employee productivity, regulatory fines, stock plummets, and customer losses, it can be dizzying, if not impossible, to come up with a true number… many different factors…should be part of the data breach cost calculation—and it’s more than just losing money… a security breach can cost you anywhere between $90 and $305 per record. This means that the cost of a single, significant breach may run into millions or even billions of dollars.(29)

– Khalid Kark The CTO Forum