Professional Documents
Culture Documents
Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their
organizations. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on
the best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®,
Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other
trademarks are the property of their respective companies.
Prior to using SES Complete, the interviewees noted detection and response (EDR), active directory
how their organizations relied on on-premises or threat def ense, threat hunter, and adaptive
sof tware-as-a-service (SaaS) solutions with protection, allows their organizations to replace
signature-based protection combined with manual multiple manual processes and provide greater
threat hunting and remediation. They lacked the coverage and protection. With a breach
ef f iciencies needed to manually cover the large sometimes costing an organization several
number of endpoints and growing risk of million dollars, Forrester calculated that the
sophisticated threats. increased efficacy of the SES Complete solution
allows an organization to avoid an average of
Af ter the investment in SES Complete, the $1.25 million per year. The three-year risk-
interviewees’ organizations have greater protection
adjusted present value (PV) of this benefit totals
with an automated, streamlined, and effective
nearly $3.5 million.
endpoint solution. Key results from the investment
include the cost avoidance of a security breach, the • A consolidated and simplified security stack,
consolidation and simplification of the organization’s leading to savings of over $1.1 million. Upon
security stack, and efficiencies in remediation time. adoption of the SES Complete solution, add-on
endpoint protection tools were no longer
KEY FINDINGS required. Since the implementation of SES
Quantified benefits. Risk-adjusted present value Complete, interviewees commented that their
(PV) quantified benefits include: organizations now spend 10% less on other
• Avoided security breach costs of nearly $3.5 security application licenses. With an average
million. The interviewees reported that the total spend of $5 million, the annual savings is
consolidated platform of SES Complete and its $500,000 per year. The three-year, risk-adjusted
robust suite of features, including multiple PV of this benefit is just over $1 million.
technologies for attack prevention, endpoint
• Increased efficiencies in remediation time, Unquantified benefits. Benefits that are not
leading to a savings of over $775,000. With the quantif ied for this study include:
improved automation the EDR feature provides,
• Increased employee empowerment. The
inf ormation bottlenecks caused by the need for
security team members experience an increased
manual attention and intervention are greatly
satisfaction while performing their jobs after the
reduced. This automation means only the highest
SES Complete investment. The solution provided
priority threats require intervention. Additionally,
them with more valuable information with which
the solution’s visibility and analytics addresses
to work, allowing them to proactively react in the
issues proactively, allowing security and IT team
areas of threat identification and remediation.
members to focus on more strategic tasks. The
combined annual savings is more than $300,000 • The ability to contain new types of threats.
per year, resulting in a three-year, risk-adjusted SES Complete has the ability to monitor unknown
PV of over $775,000. threats, suspicious behavior, exploits, and
potential breaches. These abilities allow the team
to ef fectively detect attack vectors and address
suspicious security activity before they become
successful ransomware attacks.
Benefits (Three-Year)
CASE STUDY
DISCLOSURES Employed four fundamental elements of TEI in
modeling the investment impact: benefits, costs,
Readers should be aware of the following:
flexibility, and risks. Given the increasing
This study is commissioned by Broadcom Software
Group and delivered by Forrester Consulting. It is not sophistication of ROI analyses related to IT
meant to be used as a competitive analysis. investments, Forrester’s TEI methodology
Forrester makes no assumptions as to the potential ROI provides a complete picture of the total
that other organizations will receive. Forrester strongly
economic impact of purchase decisions. Please
advises that readers use their own estimates within the
framework provided in the report to determine the see Appendix A for additional information on the
appropriateness of an investment in SES Complete. TEI methodology.
Broadcom reviewed and provided feedback to Forrester,
but Forrester maintains editorial control over the study
and its findings and does not accept changes to the study
that contradict Forrester’s findings or obscure the
meaning of the study.
Interviewed Decision-Makers
Senior IT security consultant International department of finance Annual budget of over $61 billion
SOLUTION REQUIREMENTS/INVESTMENT
OBJECTIVES
The interviewees’ organizations searched for a Key assumptions
solution that could: • Global financial
• Provide a single agent endpoint management services organization
tool. • 25,000 endpoints
• Of f er an automated threat detection and • 90 real threats identified
remediation solution for an enterprise per year
organization, eliminating most manual processes. • 2.5 days saved per real
• Expand visibility, coverage, and security event threat
prevention.
COMPOSITE ORGANIZATION
Based on the interviews, Forrester constructed a TEI
f ramework, a composite company, and a ROI
analysis that illustrates the areas financially affected.
The composite organization is representative of the
f our decision-makers that Forrester interviewed and “Symantec offers us all the
is used to present the aggregate financial analysis in features that we need in a very
the next section. The composite organization has the solid form. We get complete
f ollowing characteristics:
information reports from
Deployment characteristics. The composite endpoint to source, as well as
organization is a multinational financial services excellent real-time detection and
corporation protecting 25,000 endpoints. Its response. When a threat is
operations include an extensive digital network with
identified, we can address it from
over 20,000 employees, contractors, and connected
third parties.
one centralized location for all of
our endpoints.”
Senior IT security consultant,
international department of finance
Total Benefits
TOTAL COST AVOIDANCE OF SECURITY Modeling and assumptions. For the financial
BREACHES analysis, Forrester assumes that:
Evidence and data. The massive volume of
• The composite organization employs 20,833
proprietary data enterprise organizations receive
FTEs.
requires constant monitoring for suspicious activity.
Automating the monitoring process with SES • The composite organization manages 25,000
Complete saves time and resources. Potential threats endpoints.
are identified more quickly, and the events that are • Forrester’s proprietary, internally developed
handled automatically are assessed and rectified in security model calculates the average cost of a
real time. security breach to total $1,260,968.2
• SES Complete gives organizations a
comprehensive and real-time snapshot of
endpoint activity. One managing director noted:
“The detect capability is many times stronger
than what we had bef ore. The visibility we have “Since implementing SES
now compared to what we had before shows just
Complete, we are saving millions
how shockingly compromised we were f rom a
risk perspective. SES Complete is a game
of dollars through added
changer f or us when it comes to preventing future efficiencies, removal of manual
breaches.” processes, and the general
• The same interviewee noted: “With SES
reduction of resources needed to
Complete, we are aware of the snooping type of run the security operations.”
malware that we could not see previously. Not Consulting security architect, retail
only can we see it now, but we can also banking
understand the full extent of the threat and how
to eliminate it.”
Risks. The total cost avoidance of a security breach • The organization’s size, industry, and location.
will vary with:
To account for these risks, Forrester adjusted this
• The baseline security strength, exposure, and benef it downward by 10%, yielding a three-year, risk-
posture of the organization. adjusted total PV (discounted at 10%) of nearly $3.5
million.
• The skill and salary levels of the organization’s
security team.
A3 Base cost of breach, adjusted for composite size Forrester research $1,260,968 $1,260,968 $1,260,968
A6 Fully loaded annual salary of a cybersecurity analyst Assumption $100,100 $100,100 $100,100
A7 Subtotal: Total internal cost of productivity loss A2*(A5/2080)*A6 $300,781 $300,781 $300,781
Btr Consolidation and simplification of security stack (risk-adjusted) $450,000 $450,000 $450,000
C2 Time saved per real threat (days) Assumption 2.5 2.5 2.5
C4 Fully loaded annual salary of a cybersecurity analyst Assumption $100,100 $100,100 $100,100
Total Costs
Ref. Cost Initial Year 1 Year 2 Year 3 Total Present Value
Annual subscription
Dtr $0 $400,000 $400,000 $400,000 $1,200,000 $994,741
cost
Initial and ongoing
Etr $7,277 $970 $970 $970 $10,187 $9,689
costs
Total costs (risk-
$7,277 $400,970 $400,970 $400,970 $1,210,187 $1,004,430
adjusted)
Risk adjustment 0%
INITIAL AND ONGOING COSTS Modeling and assumptions. For the financial
Evidence and data. The interviewees revealed the analysis, Forrester assumes that:
f ollowing about their organizations’ use of SES
• The implementation of SES Complete features
Complete:
requires one FTE for one full day.
• Initial costs the composite organization incurs
• Seventeen team members spent one full day on
included the internal labor required for
initial training.
implementation and the training of the team on
new product features. • Ongoing management requires one day per
month f or one FTE with a fully loaded salary of
• Ongoing costs include management of the SES
$100,100.
Complete platform and relationship.
Risks. Initial and ongoing costs will vary with:
“With SES Complete, we are able • The salary levels, depending on skillset or
to do more with less. We are geographical location.
Etr Initial and ongoing costs (risk-adjusted) $7,277 $970 $970 $970
$4.0 M
$3.0 M
These risk-adjusted ROI,
NPV, and payback period
$2.0 M values are determined by
applying risk-adjustment
factors to the unadjusted
$1.0 M
results in each Benefit and
Cost section.
-$1.0 M
Initial Year 1 Year 2 Year 3
ROI 437%
Payback period
<6
(months)
PAYBACK PERIOD