`
 

Security Headcount = ƒ(alerts, time to resolve)

 

To reduce the headcount number needed to effectively work security alerts, you must:

  • Decrease the number of security alerts
  • Increase the quality of security alerts
  • Reduce the amount of time to investigate security alerts
 
 
 
ROI #2.jpg

For 500 endpoints with 500 security alerts per day with 30 minutes average time to resolve

  • Number of security alerts on average daily = 500
  • Multiplied by the average time to resolve = 250 hours
  • 250 hours ÷ 8 hours in average workday = 31.25 security analysts

In this example 31.25 full time security analysts are needed to effectively investigate and resolve the volume of security alerts

Using ATA, with a proven reduction of at least 99% in security alerts that need to be analyzed equates to:

  • 500 x .01 = 5 security alerts for human eyes on them
  • 5 x 30 minutes = 2.5 hours to resolve for all 5 security alerts
  • 2.5 hours ÷ 8 hours in an average workday = .3125 of a security analyst
ROI3.jpg