{"id":24200,"date":"2024-03-20T16:00:52","date_gmt":"2024-03-21T00:00:52","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/03\/20\/news-17930\/"},"modified":"2024-03-20T16:00:52","modified_gmt":"2024-03-21T00:00:52","slug":"news-17930","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/03\/20\/news-17930\/","title":{"rendered":"Microsoft Sentinel delivered 234% ROI, according to new Forrester study"},"content":{"rendered":"

Credit to Author: Rob Lefferts| Date: Tue, 19 Mar 2024 16:00:00 +0000<\/strong><\/p>\n

In an era defined by rapid technological advancements and digital transformation, protecting it all remains a top challenge. From sophisticated hacking attempts by state-sponsored actors to opportunistic cybercriminals exploiting weaknesses in software and infrastructure, cyberthreats demand constant vigilance and innovative solutions. Traditional security information and event management (SIEM) solutions are complex to implement and have high costs associated with deploying, maintaining, and scaling. They struggle to collect, correlate, and analyze data from disparate sources in real-time, making them an inefficient choice for modern security operations.<\/p>\n

To protect your entire multicloud, multiplatform digital estate, consider Microsoft Sentinel<\/a>, a modern, comprehensive SIEM solution built on the cloud and enriched by AI to rapidly uncover sophisticated cyberthreats and respond at machine speed. Microsoft Sentinel offers a complete security operations solution that is powerful, highly efficient and economic than other SIEM solutions.<\/p>\n

To evaluate the benefits of Microsoft Sentinel, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact\u2122 (TEI) study<\/a>. Using the methodology of the TEI framework, Forrester consultants evaluated the cost, benefits, and flexibility of Microsoft Sentinel and developed a framework that organizations can use to evaluate the potential financial impact on their organizations. <\/p>\n

In this study, Forrester found that interviewees achieved some notable advantages from their investment in Microsoft Sentinel, including increasing the productivity of their security teams, simplifying operations, decreasing their total cost of ownership, and realizing a return on investment (ROI) of 234%.<\/strong> Here are some other major findings for a composite organization based on what interviewed organizations reported.<\/p>\n

1. Reducing time-to-value compared to other SIEM solutions <\/h2>\n

Deploying Microsoft Sentinel\u2014and finessing it after implementation\u2014is faster because of the solution\u2019s prebuilt playbooks, automation, and other SIEM tools. Microsoft Sentinel reduced the time to configure and deploy new connections by 93%, with time saved in configuration valued at $618,000 during the three-year period Forrester analyzed. <\/strong> <\/p>\n

\n

“It took us about five years to get to be a six terabyte on-prem customer [with out previous solution]. It took us two months to set up Microsoft Sentinel and another two months to be at data-ingestion parity. It was insane.”<\/em><\/p>\n

\u2014CISO, financial services<\/cite><\/p><\/blockquote>\n

This out-of-the-box functionality also includes simplified data connections and integrations that make it easier and faster to connect Microsoft Sentinel with your non-Microsoft systems, saving the time that employees might otherwise spend doing integration work. Valuable connections can be made across users, devices, apps, and infrastructure. Find even more integrations with Copilot for Security<\/a>. <\/p>\n

2. Increasing the efficiency of the SOC <\/h2>\n

Microsoft Sentinel makes it easier for security practitioners at all levels of expertise to detect, investigate, and respond effectively to cyberthreats. The solution harnesses an AI-driven correlation engine and offers a unified set of tools to more easily monitor, manage, and respond to incidents. <\/strong>Those interviewed praised Microsoft Sentinel\u2019s interface for being easy to use (no specialized security expertise necessary). Because of Sentinel\u2019s process automation, security professionals with less IT knowledge can effectively use the platform to detect and respond to cyberthreats.  <\/p>\n

The total value of efficiency improvements to the security operations center of a composite organization was $1.5 million over three years. <\/strong>The solution is intuitive enough to use that junior analysts can tackle investigation basics while senior analytics tackle higher-priority tasks, according to Forrester findings. A prebuilt playbook helps further.  <\/p>\n

Microsoft Sentinel capabilities, including its behavior-based analytics, enable you to boost the mean time to respond (MTTR) as you decrease false positives and minimize the work required of advanced investigations. <\/strong>In fact, Forrester found that Microsoft Sentinel helped to reduce false positives by up to 79% and decrease the work required for advanced, multitouch investigations by 85%<\/strong>. <\/strong>These are critical metrics when every second counts in triage and response.<\/p>\n

\n

\u201cThe reason we have Microsoft Sentinel is because of its proactive predictive abilities. It is able to respond to threats faster than a human can. We actually were able to stop significant threats that hit other organizations and keep our organization running. Microsoft Sentinel was one of the tools in our Microsoft tool bag that really kept us running as an organization. It kept our operations running<\/em>.\u201d<\/p>\n

\u2014CISO, healthcare<\/cite><\/p><\/blockquote>\n

3. Reduce total cost of operation <\/h2>\n

Implementing Microsoft Sentinel offers several cost savings opportunities, according to interviewees. <\/strong>One quantified benefit from the study found that the composite organization’s potential cost savings gained\u00a0by discounting their current legacy SIEM solution and switching to Microsoft Sentinel could account for realized savings of up to $5.1 million over three years<\/strong>. This is attributed to Microsoft Sentinel\u2019s lower per-GB data ingestion and licensing costs that enables customers to avoid the capital investments necessary to store logs on-premises.\u00a0<\/p>\n

Microsoft Sentinel offers smoother deployment because of its prebuilt playbooks, queries, data connections, and free ingestion for certain Microsoft logs including Office 365 audit logs, Azure activity logs, and Microsoft Threat Protection alerts. The more intuitive nature of Microsoft Sentinel makes it easier to onboard employees to the technology.\u00a0\u00a0<\/p>\n

\n

\u201cCompared to [our on-premises solution] when we were paying for infrastructure, the savings are significant. Essentially one year of [legacy solution] costs are three years of Microsoft Sentinel costs<\/em>.\u201d<\/p>\n

\u2014CISO, financial services<\/cite><\/p><\/blockquote>\n

Interviewees also shared that Microsoft Sentinel helped them decrease compliance costs. They did this by streamlining compliance reporting through the automation capabilities of Sentinel for security data collection and analysis. The alternative option would likely have been to bring in external consultants.  <\/p>\n

4. Minimizing management effort <\/h2>\n

In interviews with management teams at the organizations, they reported saving time on planning and maintenance, allowing for more time on other critical projects. That\u2019s due to the way the solution decreased the size and complexity of their on-premises infrastructure. The value of this reduced management amounts to $1.1 million for a composite organization over three years and enabled the redeployment of 50% of infrastructure services professionals and 16% of legacy SIEM specialists. <\/strong>Automatic updates and the platform\u2019s intuitive and centralized nature contribute to lessening the demand for labor.  <\/p>\n

\n

\u201cIn the raw maintenance of the SIEM, it\u2019s pretty hands off. When there is an issue, we open up a case with Microsoft and they assume the burden of trying to fix the issue. I don\u2019t have to maintain staff for that anymore<\/em>.\u201d<\/p>\n

\u2014CISO, financial services<\/cite><\/p><\/blockquote>\n

The advantages of Microsoft Sentinel <\/h2>\n

With its modern, cloud-native features and innovations, Microsoft Sentinel has helped organizations like yours deploy faster, increase the efficiency of their threat investigations, save on deployment and training, and gain efficiency in security management. Explore the Total Economic Impact\u2122 Of Microsoft Sentinel Study<\/a> for more analyst findings as well as to read the perspectives of Sentinel users interviewed in the study. <\/p>\n

And to learn more about Microsoft Security, see:<\/p>\n