This weblog explores the operational and monetary impression of Cisco Vulnerability Management from a Forrester TEI™ research carried out by Forrester Consulting and commissioned by Cisco.
Oh, the torture of not having a robust risk-based vulnerability administration answer in place.
You know what I’m speaking about. Relying on ineffective and unmanageable CVSS, homegrown scoring programs, vendor scoring, or a mix of these choices that can assist you attempt to prioritize the mountain of vulnerabilities in your setting. It results in numerous complications and never numerous progress to point out.
Even extra, it negatively impacts the working relationship between Security and IT, particularly when one crew is passing over a laundry record of vulnerabilities to the opposite with minimal context and understanding of enterprise impression.
But it doesn’t must be this manner. Cisco Vulnerability Management (previously Kenna.VM) takes a risk-based method to vulnerability prioritization that is fueled by information science, enabling Security and IT groups to focus their restricted assets on actual danger and remediate extra effectively.
An April 2023 Total Economic ImpactTM research carried out by Forrester Consulting and commissioned by Cisco discovered that Cisco Vulnerability Management delivered a 125% return on funding (ROI) over three years, and a payback interval of simply 6 months for that funding.
Customers Interviewed for This Study
Forrester interviewed 5 Cisco Vulnerability Management clients (Figure 1) and fashioned a composite group primarily based on their traits to research the monetary and operational impacts of Cisco Vulnerability Management. The composite group is a world group with $10 billion in annual income, 100,000 property coated by Cisco Vulnerability Management, and 10 safety analyst FTEs.
The research uncovered that, after adopting Cisco Vulnerability Management, clients remodel their vulnerability administration packages by streamlining their safety and IT operational effectivity and decreasing the chance of knowledge breaches.
Let’s dig into the findings.
20% Reduction in Risk of Breach
Breaches. No one likes them, however they exist. Forrester discovered that Cisco Vulnerability Management decreased the chance of breach by serving to the composite group’s safety and IT operation groups prioritize their efforts and deal with probably the most crucial vulnerabilities. In doing so, these groups cut back the time it takes to remediate vulnerabilities and implement automation to proactively tackle potential safety points. Over three years, the composite group reduces the chance of breach by 20%, with financial savings price $1.5 million.
A senior supervisor of enterprise vulnerability administration in leisure and media explains, “When you’ve got 100 things to look at and they are all critical, nothing is critical. With [Cisco Vulnerability Management], we are able to say, ‘No, focus on these 10 to 15 things, not 100.’”
12% Increase in Security Analyst Efficiency
With Cisco Vulnerability Management, safety analysts deal with probably the most crucial vulnerabilities, optimize how they allocate assets to handle vulnerabilities, and higher talk the significance to their IT groups and management. As a results of these advantages, safety analysts for the composite group improve their productiveness by 12%, price about $276,000 over three years.
As said by the worldwide head of cyber vulnerability administration in a monetary providers group, “The benefit is not just about reducing [vulnerability] volume, it’s about shifting attention to what really needs to be focused on. The business also understands the criticality and is pushing those remediations. [Cisco Vulnerability Management] helped us improve maturity, reduce risk, and help focus on what’s important.”
Additionally, safety groups expertise stronger cross-functional communication and collaboration with their IT and management groups when utilizing Cisco Vulnerability Management.
“We’ve seen about 14 hours a day of time savings spread out amongst the whole team after you factor in all the back-and-forth explanations through emails, meetings, and leadership briefs,” says senior supervisor of enterprise vulnerability administration, leisure and media. “Now, we just point people to a dashboard that leverages the vulnerability intelligence from [Cisco Vulnerability Management].”
7,800 Hours Saved Annually by IT Operations
Oftentimes, Security and IT groups are confronted with competing priorities. And when not numerous context is being shared with IT that explains why sure fixes are wanted, remediation can decelerate.
The Forrester TEI stories that Cisco Vulnerability Management helps the composite group’s IT groups prioritize probably the most crucial vulnerabilities, saving them time in remediation. Cross-team collaboration between safety and IT teams improves, which streamlines operations and empowers IT assets to personal extra of the vulnerability administration course of. This saved IT Operations 7,800 hours yearly and saved the composite group $514,000 over three years.
The director of safety surveillance and vulnerabilities administration informed Forrester: “Of the vulnerabilities that are [Cisco Vulnerability Management] related, [our remediation teams] spend at least half the time that they used to spend on vulnerability management. I’d say if they [previously] spent 15 to 20 minutes to understand the vulnerability, open the file, look for the target host, with [Cisco Vulnerability Management], they probably cut that time by half.”
More Benefits Beyond the Numbers
In addition to the quantified findings uncovered, the composite group noticed a number of unquantified advantages, together with improved management visibility and communication, in addition to improved collaboration between safety and IT.
What’s extra, Forrester additionally discovered that Cisco Vulnerability Management improved the worker expertise by serving to groups tie their efforts to enterprise impression and cut back guide effort on tedious duties. “The benefit is not just about reducing [vulnerability] volume, it’s about shifting attention to what really needs to be focused on. The business also understands the criticality and is pushing those remediations, says a global head of cyber vulnerability management in financial services. “[Cisco Vulnerability Management] helped us improve maturity, reduce risk, and help focus on what’s important.”
Forrester Proves Cisco Vulnerability Management’s Value with 125% ROI Over 3 Years
Forrester’s monetary evaluation of Cisco Vulnerability Management highlights financial savings of $2.32 million for the composite group over a three-year interval, and a 125% return on funding (ROI).
Cisco Vulnerability Management makes use of information science to take a risk-based method to prioritization and it’s working. Customers at this time are not guessing the place to focus their remediation efforts. They can simply establish the areas of great danger and take motion, resulting in faster time to worth.
Interested in studying extra? Read the complete research >
Source: The Total Economic Impact of Cisco Vulnerability Management, an April 2023 commissioned research carried out by Forrester Consulting on behalf of Cisco.
We’d love to listen to what you assume. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: