Determining the ROI of XDR
For many years, defining the return on investment (ROI) for a cybersecurity project, including the ROI of Extended Detection and Response (XDR), was challenging. It was not easy to describe the actual value of many of the protections that were implemented in an organization. Too often, the explanation about how a product could improve security was a nebulous description of what might happen in the absence of that protection.
Cybersecurity professionals struggled when the C-Level executives requested quantitative metrics to justify a budgetary expense. Now, newer models of Extended Detection and Response (XDR) provide cybersecurity professionals with quantitative results to show the benefits of this approach. The quantitative findings shared below were gathered from a survey of 100 IT and security executives from within the Pulse community, conducted on behalf of Cisco.
A Critically Necessary Part of Their Infrastructure
The most prominent finding from the survey is that the majority (75%) of respondents agreed that XDR is a critical part of their security architecture. The highest-ranking component of XDR was endpoint detection and response. This has important implications, especially since so many organizations are now considering a hybrid work environment, sharing remote and traditional office-based work arrangements.
Faster Detection Means Faster Response
Given that endpoint protection was at the top of the XDR value equation, there was also a positive correlation in the ability to remediate threats. 75% of the survey respondents indicated that they experienced up to 30% faster response times in finding and remediating threats. That’s a significant increase in the ability to prevent the spread of threats within an organization.
Faster Detection and Response Means Saved Hours
To put the value of faster detection into sharper perspective and therefore show the significant ROI of XDR, most respondents to the survey agreed that the reduction in response time resulted in saved time for their security teams. This equated to up to 30 hours—nearly one full work-week. In monetary terms, that is a significant savings. Not only is time saved with the XDR solution, but productivity was also increased, according to more than 65% of survey respondents.
Much of an analyst’s time can be wasted chasing false alarms. Reducing time spent on that task means their resources can be spent on more productive activities that more significantly and more strategically benefit the organization. Less time wasted also reduces burnout among team members.
A Single Vendor for a Comprehensive Solution
Cost-savings can extend beyond the amount of time it takes to remediate problems. Eighty percent of our survey respondents indicated that vendor reduction results in financial savings. Nearly half (49%) answered that savings ranged from $25,000 to more than $100,000 annually.
Integration Increases XDR Value
Many times, a product can possess all of the features to improve security, increase production, and add value, only to fail because it does not integrate into the existing infrastructure. Our survey showed that XDR integration improved the organization’s security posture, integrating and aggregating information from existing security tools. In fact, integration was the one feature that respondents called out as the most valuable capability within their XDR solution.
Specific ROI of XDR to Present to the C-Level
If your company is like most, the C-Suite requires compelling data about how to spend money. Fortunately, with the results of the Pulse survey, there are now quantitative numbers to support the value of bolstering your security posture with an XDR approach that utilizes the features you’ll find in Cisco’s SecureX. Whether your organization consists of 10,000+ employees, or less than 1,000 employees, an XDR solution can make a difference that adds tangible value to your security organization.
Learn more about Cisco’s XDR approach
While the Cisco strategy around growing it’s security footprint makes sense here, the article still does not highlight in any way how SecureX reduces false positives which for any IT personnel can and will become the biggest headache moving forward when it comes to XDRs.
Hi Arsal,
Thank you for your comment. Check out this blog series to read about the way SecureX reduces false positives and how to leverage SecureX for relevant and extended detections. https://blogs.cisco.com/tag/relevant-and-extended-detection-with-securex