It has been a long slog, but the final report on the Network Security Operations (NSO) Quant research project has been published. We are also releasing the raw data we collected in the survey at this point.
The main report includes:
- Background material, assumptions, and research process overview
- Complete process framework for Monitoring (firewalls, IDS/IPS, & servers)
- Complete process framework for Managing (firewalls & IDS/IPS)
- Complete process framework for maintaining Device Health
- The detailed metrics which correlate with each process framework
- Identification of key metrics
- How to use the model
Additionally, you can download and play around with the spreadsheet version of the metrics model. In the spreadsheet, you can enter your specific roles and headcount costs, and estimate the time required for each task, to figure out your own costs.
In terms of the survey, as of October 22, 2010 we had 80 responses. The demographics were pretty broad (from under 5 employees to over 400,000), but we believe the data validates some of the conclusions we reached through our primary research. Click here for the full, raw survey results. The file includes a summary report and the full raw survey data (anonymized where needed) in
With the exception of the raw survey results, we have linked to the landing pages for all the documents, because that’s where we will be putting updates and supplemental material (hopefully you aren’t annoyed by having to click an extra time to see the report). The material is being released under a Creative Commons license.
Thanks again to SecureWorks for sponsoring this research.