The Total Economic Impact Of Tenable SecurityCenter Continuous View

A Forrester Total Economic Impact Study Commissioned By Tenable Project Directors: Bob Cormier Adam Schlegel August 2016 The Total Economic Impact Of Tenable SecurityCenter Continuous View Cost Savings And Business Benefits Enabled By Tenable SecurityCenter Continuous View

You have reached the end of this excerpt. Please complete the form to access the entire document or visit http://www.tenable.com/whitepapers/the-total-economic-impact-of-tenablesecuritycenter-continuous-view

Table Of Contents Executive Summary... 3 Disclosures... 4 TEI Framework And Methodology... 5 Analysis... 6 Financial Summary... 17 About Tenable SecurityCenter CV: Overview... 18 Appendix A: Total Economic Impact Overview... 20 Appendix B: Glossary... 21 ABOUT FORRESTER CONSULTING Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in scope from a short strategy session to custom projects, Forrester s Consulting services connect you directly with research analysts who apply expert insight to your specific business challenges. For more information, visit forrester.com/consulting. 2016, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional information, go to www.forrester.com.

3 Executive Summary Tenable Network Security commissioned Forrester Consulting to conduct a Total Economic Impact (TEI) study to examine the potential return on investment (ROI) enterprises may realize by deploying Tenable SecurityCenter Continuous View (CV). The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Tenable SecurityCenter CV within their organizations. To better understand the benefits, costs, and risks associated with an investment in a Tenable SecurityCenter CV deployment, Forrester interviewed an existing customer with 1.5 years of experience using SecurityCenter CV. This Organization has a US-based private cloud hosting business supported by two data centers located in Michigan and Texas. The interviewed Organization has requested to remain anonymous. Tenable SecurityCenter CV leverages multiple sensors and an advanced analytics engine to continuously discover and monitor assets, identify system vulnerabilities, and monitor networks in real time for advanced threats, providing Tenable SecurityCenter CV helped the Organization achieve the following benefits (riskand present value [PV]-adjusted) over three years, totaling $527,262: IT labor savings from automated alerts, notifications, and reporting $32,767. IT labor savings from continuous vulnerability assessment $163,837. IT labor savings from other asset security management and monitoring efficiencies $327,674. Cost avoidance of retired security tool $2,984. In addition, the return on the Organization s investment in SecurityCenter CV (ROI) was a very favorable 323%, and the company was able to pay back its investment in a very quick four months. organizations with a holistic view of enterprise health and enabling them to rapidly respond to security breaches. For more details on Tenable SecurityCenter CV, see the section titled: Tenable SecurityCenter CV: Overview. Prior to implementing SecurityCenter CV, the Organization used a Tenable Nessus scanner to identify system vulnerabilities, which enabled it to scan servers at a point in time and did not support security and asset health trend analysis. Additionally, in order to demonstrate security performance levels to private cloud hosting customers, the Organization maintained a set of written scripts for reporting purposes, requiring significant manual effort to generate reports for customers and the Organization s management team. TENABLE SAVES IT TIME AND MONEY BY INTEGRATING DISPARATE SECURITY INTELLIGENCE TOOLS INTO A CONTINUOUS VIEW OF ENTERPRISE SECURITY Our interview and subsequent financial analysis found that the Organization experienced the risk-adjusted ROI, benefits, and costs shown in Figure 1. The analysis points to risk-adjusted benefits of $527,262 over three years versus costs of $124,636, equating to a net present value (NPV) of $402,626. The risk-adjusted ROI was a very favorable 323%, and the organization was able to pay back its investment in SecurityCenter CV in a very quick four months. FIGURE 1 Financial Summary Showing Three-Year Risk-Adjusted Results ROI: 323% Payback period: four months Benefits PV: $527,262 Costs PV: $124,636 NPV: $402,626

4 Source: Forrester Research, Inc. Benefits associated with SecurityCenter CV. The Organization experienced the following risk- and present valueadjusted benefits over the three years, totaling $527,262 (further described in the Benefits section): IT labor savings from automated alerts, notifications, and reporting: $32,767. IT labor savings from continuous vulnerability assessment: $163,837. IT labor savings from other asset security management and monitoring efficiencies: $327,674. Cost avoidance of retired security tool: $2,984. Costs associated with SecurityCenter CV. The Organization experienced the following risk- and present value-adjusted costs over the three years, totaling $124,636 (further described in the Costs section) Labor cost to implement, manage, and support SecurityCenter CV: $59,935. SecurityCenter CV software licensing, annual maintenance, and training fees: $64,701. If the risk-adjusted ROI and NPV of costs and benefits still demonstrate a compelling business case, it raises confidence that the investment is likely to succeed because the risks that threaten the project have been taken into consideration and quantified. The risk-adjusted numbers should be taken as realistic expectations, as they represent the expected values considering risk. Assuming normal success at mitigating risk, the risk-adjusted numbers should more closely reflect the expected outcome of the investment. Disclosures The reader should be aware of the following: The study is commissioned by Tenable and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis. Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the report to determine the appropriateness of an investment in Tenable SecurityCenter CV. Tenable reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester's findings or obscure the meaning of the study. The customer name for the interview was provided by Tenable. Tenable did not participate in the customer interview.

5 TEI Framework And Methodology INTRODUCTION From the information provided in the interviews, Forrester has constructed a Total Economic Impact (TEI) framework for those organizations considering implementing Tenable SecurityCenter CV. The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. APPROACH AND METHODOLOGY Forrester employed four fundamental elements of TEI in modeling the Tenable SecurityCenter CV solution: benefits, costs, flexibility, and risks. Forrester took a multistep approach to evaluate the impact that Tenable SecurityCenter CV can have on an organization (see Figure 2). Specifically, we: Interviewed Tenable marketing, sales, and product management stakeholders, along with Forrester analysts, to better understand the marketplace for network and asset security solutions and the value proposition for SecurityCenter CV. Conducted an in-depth interview with the Organization s Linux engineering resource responsible for the deployment and maintenance of SecurityCenter CV to obtain data with respect to costs, benefits, and risks. Constructed a financial model representative of the interview using the TEI methodology. The financial model is populated with the cost and benefit data obtained from the interview. Risk-adjusted the financial model based on issues and concerns the Organization highlighted in the interview. Risk adjustment is a key part of the TEI methodology. While the Organization provided cost and benefit estimates, some categories included partial projections or a broad range of responses, or had a number of internal forces that might have raised or lowered costs and benefits. For that reason, each cost and benefit has been risk-adjusted and is detailed in each relevant section. Given the increasing sophistication that enterprises have regarding ROI analyses related to IT investments, Forrester s TEI methodology serves to provide a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology. FIGURE 2 TEI Approach Perform due diligence Conduct customer interviews Construct financial model using TEI framework Write case study Source: Forrester Research, Inc. This is an excerpt. Please complete the form to access the entire study,