The Total Economic Impact™ of Microsoft SIEM and XDR

Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realise by deploying Microsoft SIEM and XDR. The study provides a framework to evaluate the potential financial impact of Microsoft SIEM and XDR on their organisations.

Total benefits: $17.68 million

To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four representatives with experience using Microsoft SIEM and XDR. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organisation with 8 000 total employees and 10 security professionals.

Prior to using Microsoft SIEM and XDR, interviewees’ organisations lacked efficient means of identifying, investigating, and responding to potential threats. Prior best-of-breed tooling created added time costs to security professionals, budget costs to the organisations, and productivity costs to organisations’ wider employee bases.

After the investment in Microsoft SIEM and XDR, the interviewees noted that they reduced their mean times to investigate and respond to threats, reduced the risk of a material security breach, enabled additional productivity for general employees, and reduced their IT organisations’ spend on security point solutions.

Key Findings

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organisation include:

Reducing time to investigate threats by 65% and reducing time to respond to threats by 88%. Microsoft SIEM and XDR’s integrated approach to security threat investigation and response makes these workflows more efficient for the composite organisation’s security professionals. They no longer need to jump through multiple tools to identify threats, while security automation features further enhance response workflows.
Reducing the time to create a new workbook by 90% and the time to onboard new security professionals by 91%. Microsoft SIEM and XDR’s integrated approach makes additional security professional workflows more efficient as well. As SIEM logs are integrated throughout the suite of solutions, workbook creation is nearly automated, while a singular login enables new security professionals to onboard nearly 16 weeks faster.
Reducing the risk of a material breach by 60%. With more efficient security investigation and response workflows, improved security response automation, and the increased ability to protect all computing environments, including multicloud protection, the composite reduces the risk of breaches with an annual impact of $1.6 million saved.
Improving productivity of other employees by almost 68 000 total hours annually. Microsoft SIEM and XDR also prevents negative impacts to other employees from inefficient security processes. For example, the composite saves 4 000 hours annually thanks to IT professionals’ new ability to self-serve regarding security updates and recommendations. It also enables remote security-based troubleshooting on employee machines and reduces the number of security agents running on them, saving nearly 64 000 hours annually in end user productivity.
Saving almost $1.6 million annually from vendor consolidation. The Microsoft SIEM and XDR investment also enables the composite to reduce the cost of its prior SIEM ($560 000), the associated on-premises infrastructure (over $360 000), three XDR point solutions ($192 000), and the ongoing labour cost to manage these ($480 000).

Unquantified benefits. Benefits that are not quantified in this study include:

Improved visibility. Microsoft SIEM and XDR’s integration also improves the composite’s visibility into its security environment, enabling a better cross-organisational understanding of its security posture and enabling it to perform better at penetration tests.
Improved compliance. Microsoft SIEM and XDR also allows compliance teams to leverage self-service in their compliance checks and provides additional visibility into where customer data is flowing and how it is being used, enabling the composite to improve its compliance.
Improved IT asset management. The composite also improves its IT asset management practices thanks to Microsoft SIEM and XDR’s enablement of active asset discovery and visibility into groups of assets by function.
Microsoft support. Lastly, the composite benefits from its relationship with Microsoft support, enabling it to provide feedback and early suggestions for feature requests, which would go on to improve the functionality of Microsoft SIEM and XDR.

If you would like to benefit from adopting Microsoft SIEM and XDR, chat to the iSSC team.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Key Findings

Related Posts