Typical tasks with DIY effort in Secure Application Publishing


Cost Drivers

Clean Mbps40
Hostnames50
Virtual Shielding Groups3
Blocks100,000,000
Scanned items, shields verified
CVE + Custom Scanner Signatures executed against shields*60,000,000
CVE + Custom Scanner Signatures executed against application*60,000,000
* 120k signatures are available however on average 25k are verified against each application weekly



Platform Costs

Lifecycle management*Typical life (months)Asset rotationsUnit CostUnitsDIY Cost
Upstream Transit and Peering121$500 /clean Mbps/year$20,000
Hosting360.33$30,000 Lifecycle cost$10,000
Switching360.33$20,000 Lifecycle cost$6,667
Routing360.33$20,000 Lifecycle cost$6,667
Servers360.33$10,000 Lifecycle cost$3,333
Vulnerability Scanning360.33$20,000 Lifecycle cost$6,667
DNS360.33$10,000 Lifecycle cost$3,333
Reverse Proxy (REQ-RES rewrite & application state management)360.33$100,000 Lifecycle cost$33,333
DDoS121$1,400 /clean Mbps/annum$56,000
WAF360.33$50,000 Lifecycle cost$16,667
SIEM360.33$40,000 Lifecycle cost$13,333
Portals360.33$30,000 Lifecycle cost$10,000
Monitoring360.33$30,000 Lifecycle cost$10,000



Platform management of (Capacity, Upgrade, Patch, Support, Contract)*Hours /yearEngineering HoursLoaded Hourly RateUnitsDIY Cost
Upstream Transit and Peering2020$80 /hr$1,600
Hosting2020$80 /hr$1,600
Switching2020$80 /hr$1,600
Routing2020$80 /hr$1,600
Servers2020$80 /hr$1,600
Vulnerability Scanning100100$80 /hr$8,000
DNS6060$80 /hr$4,800
Reverse Proxy (REQ-RES rewrite & application state management)100100$80 /hr$8,000
DDoS4040$80 /hr$3,200
WAF100100$80 /hr$8,000
SIEM6060$80 /hr$4,800
Portals6060$80 /hr$4,800
Monitoring6060$80 /hr$4,800



People and Process Costs

Equipment Configuration, tuning, sync, backup & operationHours/year/hostnameEngineering HoursLoaded Hourly RateUnitsDIY Cost
Vulnerability Scanning201000$80 /hr$80,000
Reverse Proxy (REQ-RES rewrite & application state management)10500$80 /hr$40,000
WAF201000$80 /hr$80,000
DDoS10500$80 /hr$40,000
Monitoring Equipment5250$80 /hr$20,000



Direct HR TasksHours/yearHoursLoaded Hourly RateUnitsDIY Cost
Knowledge Management4040$80 /hr$3,200
Training (12 team members for 24/7 Ops, Response)480480$80 /hr$38,400
Recruitment2020$80 /hr$1,600



Vulnerability managementHours/year/hostnameAnalyst HoursLoaded Hourly RateUnitsDIY Cost
Weekly Vulnerability Scans for Shield Verification (5 scanners)50250080/hr$200,000
Weekly Vulnerability Scans for Application Vulnerability Verification (5 scanners)50250080/hr$200,000
Weekly Vulnerability Data Reviews (5 scanners)100500080/hr$400,000
False Positive removal50250080/hr$200,000
Manual verification of Medium+ scanner findings100500080/hr$400,000
Import of other vulnerability data525080/hr$20,000
Vulnerability Risk scoring1050080/hr$40,000
Consolidation of vulnerability data from multiple sources1050080/hr$40,000
Determination of remediation and mitigation options1050080/hr$40,000
Prioritisation of tasks525080/hr$20,000



Vulnerability managementHours/yearAnalyst HoursLoaded Hourly RateUnitsDIY Cost
Monitoring of Vulnerability Feeds606080/hr$4,800
Diagnostics and assurance of relevant Vulnerabilities (assume 4/app, 5 hours/event)1000100080/hr$80,000



Shield ManagementHours/year/Shielding GroupEngineering HoursLoaded Hourly RateUnitsDIY Cost
Tuning154580/hr$3,600



Shield ManagementHours/False Positive GroupEngineering HoursLoaded Hourly RateUnitsDIY Cost
False positive remediation assume 1xFP/10,000 blocks (addressed in groups of 100)10100080/hr$80,000



Service Monitoring and HelpdeskHours/year/hostnameEngineering HoursLoaded Hourly RateUnitsDIY Cost
Availability and performance monitoring20100080/hr$80,000
Volumetric DDoS monitoring and reporting20100080/hr$80,000
DR firedrills420080/hr$16,000
Vol DDoS firedrills420080/hr$16,000
Application DDoS firedrills420080/hr$16,000
Incident firedrills420080/hr$16,000
Security Engineer Call outs and anomaly investigation20100080/hr$80,000
Security Analyst Call outs and anomaly investigation1050080/hr$40,000



Hours/Shielding Group /yearEngineering HoursLoaded Hourly RateUnitsDIY Cost
Asymmetric DDoS and Application abuse monitoring and reporting206080/hr$4,800



ReportingHours/month/hostnameAnalyst HoursLoaded Hourly RateUnitsDIY Cost
Portal and Analyst commented Attack Demographic and trend analysis5300080/hr$240,000
Correlation of attack traffic to shielded vulnerabilities2120080/hr$96,000



Application Security TestingPen TestsPen Test Rate
Annual Penetration testing for 1/2 apps258000/test$200,000



Application RemediationStory Points/Vuln.Hrs/story pointLoaded Hourly RateUnitsDIY Cost
Software Development time for 11 vulnerablities per pen test (Whitehat average)22080/hr$880,000
Testing/Implementing/Regression Testing ratio percentage of development cost80%$704,000
Maintaining/Upgrading cost pa as percentage of development and deployment cost30%$264,000



Summary: Threat Protection

DIY per year threat protection$1,322,000
Lifecycle management*$196,000
Platform management of (Capacity, Upgrade, Patch, Support, Contract)*$54,400
Equipment Configuration, tuning, sync, backup & operation$260,000
Direct HR Tasks$43,200
Shield Management$83,600
Service Monitoring and Helpdesk$348,800
Reporting$336,000



Summary: Vulnerability Management and Remediation

DIY per year vulnerability management and remediation$3,692,800
Vulnerability management$1,644,800
Application Security Testing$200,000
Application Remediation$1,848,000



*Can be substituted with a range of PaaS tools