The Total Economic Impact™ Of Axonius

Cost Savings And Business Benefits Enabled By Axonius

A Forrester Total Economic Impact™ Study Commissioned By Axonius, March 2025

Switch between the study data and your organization’s custom data below. Answering the questions on the “Custom Data” tab will allow you to customize the analysis and estimate the potential impact of using Axonius at your organization.

Study Data Custom Data

Study Data

Total annual revenue

Assets in your current environment

Total hours spent managing, reconciling, and inventorying asset data and agents annually

Total hours spent identifying and reporting on device compliance annually (patching, upgrades, CVEs, etc.)

Security incidents and alerts per year

Hours spent investigating impacted assets per incident (blast radius)

Dedicated SecOps team members expected to use Axonius for asset data and device management

Anticipated Axonius platform users

Hours spent on evidence collection for compliance and audits annually per governance and risk team member

Expected enterprise integrations with Axonius in the initial implementation phase

Your Organization

Your Company Name

Total annual revenue

Assets in your current environment

Total hours spent managing, reconciling, and inventorying asset data and agents annually

Total hours spent identifying and reporting on device compliance annually (patching, upgrades, CVEs, etc.)

Security incidents and alerts per year

Hours spent investigating impacted assets per incident (blast radius)

Dedicated SecOps team members expected to use Axonius for asset data and device management

Anticipated Axonius platform users

Hours spent on evidence collection for compliance and audits annually per governance and risk team member

Expected enterprise integrations with Axonius in the initial implementation phase

Security and risk (S&R) professionals have long recognized the need to be proactive to prevent breaches, yet many remain stuck in reactive mode. Effective proactive security comes down to great data management, which is hindered by an overabundance of data sources and teams’ inability to sort through the noise. Proactive security teams must organize their approach to managing security data so they can effectively gain visibility, accurately prioritize, and communicate and track remediations across the organization.¹

Axonius enables total visibility and actionability over the end-to-end lifecycle of every type of technology asset. The product portfolio helps security, IT, and governance, risk, and compliance (GRC) teams preemptively tackle hard-to-spot exposures, misconfigurations, and operational challenges across their entire technology footprint — backed by a comprehensive asset data model. The Axonius Platform consists of five core products, including Cyber Assets, SaaS (software-as-a-service) Apps, Software Assets, Exposures, and Identities.

Axonius commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Axonius Cyber Assets.² The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Axonius Cyber Assets on their organizations.

Return on investment (ROI)

156%156%

Net present value (NPV)

$3.22M$3.22M

COOKIE ACCEPTANCE IS REQUIRED TO REGISTER FOR ACCESS TO DIGITAL ASSET

To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four decision-makers with experience using Axonius. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization that is a global, multibillion-dollar, B2B, and B2C organization with 40,000 employees.

generates $0 in annual revenue, manages 0 assets in its current environment, spends 0 hours investigating assets impacted per security incident, and is expected to dedicate 0 SecOps FTEs to use Axonius for asset data and device management. Custom results are based on your inputs and the TEI case study.

Prior to Axonius, interviewees relied on spreadsheets and information from their configuration management databases (CMDBs) to inventory their assets. Information security teams dedicated manual effort to maintain an accurate inventory, which continued to prove challenging as their organizations’ attack surfaces grew increasingly large, dynamic, and complex. With siloed security tools that created blind spots, teams at the interviewees’ organizations lacked comprehensive insight into device security posture, which led them to primarily focus on securing their “crown jewels.” The interviewees’ organizations did not effectively ascertain their overall attack surface.

After unifying their asset data sources with Axonius, interviewees uncovered and classified more assets than tracked in their organizations’ prior environments. Overall visibility into their attack surfaces increased. With access to correlated asset data, customized user dashboards, and automations driven by the Enforcement Center, interviewees’ organizations accelerated their vulnerability management and incident response investigations. Axonius also automated other routine workflows across the organizations, including risk management and compliance reporting, M&A research, and the enrichment of their existing CMDB. These operational efficiencies and strengthened security policy configurations resulted in improved asset security, ultimately reducing the risk of a breach for the interviewees’ organizations.

Key Findings

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:

Enhanced attack surface visibility. With Axonius, the composite organization classifies 150% more assets than identified in its prior environment. With improved visibility into the overall attack surface, the composite identifies devices that were obsolete but still had active endpoint licenses. This results in cost savings for the composite as it decommissions the licenses. Additionally, the composite saves 60% of the time previously dedicated to updating and maintaining an accurate asset inventory database by setting up Enforcement Center automations. Over three years, these combined benefits total $1.3 million in labor and cost savings.

For , this benefit could be worth over three years.

Accelerated vulnerability management investigation. By configuring asset dashboards and querying correlated assets, the composite’s security team saves 70% of the time previously required to investigate and prioritize the impacted assets when a critical vulnerability arises. The security team also saves 90% of the time previously dedicated to routine device compliance identification and reporting activities. Over three years, these combined benefits total $1.1 million in labor savings.

For , this benefit could be worth over three years.

Accelerated incident response investigation. The composite saves 60% of the time previously required to investigate security incidents. By relying on and trusting Axonius’ correlated asset data, the composite gains clarity in determining whether incidents are false positives or whether further remediation is necessary. Over three years, this benefit totals $2.1 million in labor savings.

For , this benefit could be worth over three years.

Automated risk management and compliance reporting. The composite automates preparation activities for routine leadership risk management meetings. The security team saves 75% of the time previously required to gather, analyze, and build presentations given Axonius’ preconfigured dashboards that display data in real time. Additionally, the governance and risk team saves 80% of the time previously dedicated to collecting evidence for compliance obligations and third-party audits. Over three years, these combined benefits total $84,000 in labor savings.

For , this benefit could be worth over three years.

Improved asset investigation workflows. Aside from improving vulnerability management and incident response activities, employees across the composite use Axonius to gain efficiency in their asset research and discovery workflows. Employees gain 80% efficiency across activities like M&A execution, driving consistencies with data in other systems and enriching CMDB datasets. Over three years, this benefit totals $671,000.

For , this benefit could be worth over three years.

Reduced risk of a security breach. With insights into device posture management (e.g., agent health and coverage) and strengthened vulnerability management practices, the composite’s asset security improves. This results in a 5% reduction in risk of external breaches with Axonius. Over three years, this benefit totals $63,000.

For , this benefit could be worth over three years.

Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:

Elevated value of cybersecurity team within organization. Cybersecurity teams use Axonius to support their IT and GRC colleagues across the composite organization to drive efficiencies in their own asset research workflows. This promotes cross-functional collaboration and elevates the cybersecurity team’s impact as a department.
Informed discussions with leadership around cyber risk quantification. A comprehensive and accurate understanding of the composite organization’s attack surface allows cybersecurity teams to effectively measure and quantify cyber risk. This not only better informs leadership but ultimately establishes risk-based business decision-making practices.
Formalized new standards and best practices. With new insights around devices and users, teams at the composite can standardize and create best practices to drive further operational efficiencies and defend the attack surface.
Provided a collaborative relationship with Axonius support. Aside from guiding onboarding and initial configuration of the platform, Axonius support helps teams continually realize new value for the composite. Axonius ensures new adapters and enforcements (remediation actions) are properly set up to address new use cases.

Costs. Three-year, risk-adjusted PV costs for the composite organization include:

Axonius fees. The composite organizations pays an annual fee of $775,000, which corresponds to its tier of 400,000 to 699,999 devices monitored in the platform. In addition to the Cyber Assets product, this fee includes SaaS hosting and Axonius Standard Support. Over three years, the composite pays $1.9 million to Axonius.

For , this cost could be over three years.

Implementation and ongoing management. Four security and operations (SecOps) resources support initial configuration and ongoing management of the platform. The composite organization connects 40 adapters initially. Each SecOps resource dedicates 2 hours per week to configuring new users and dashboards. Over three years, this totals $139,000 in labor.

For , this cost could be over three years.

The representative interviews and financial analysis found that a composite organization experiences benefits of $5.3 million over three years versus costs of $2.1 million, adding up to a net present value (NPV) of $3.2 million and an ROI of 156%.

“Axonius truly gives us an accurate representation of our assets and their health. This allows us to [create remediation actions] and really reduce our risk posture. I think that’s a huge win — it’s really valuable. I think the enforcement engine on top is what makes it kind of like the cherry on top.”

CISO, semiconductor manufacturing

“Axonius has definitely allowed us to know more about the environment than we knew before. It helps us see what we’re missing from some of our tool coverages. … I’d say it’s been fairly game changing.”

Cloud security engineer, financial services

Key Statistics

Return on investment (ROI)

156%156%

Benefits PV

$5.3M$5.3M

Net present value (NPV)

$3.2M$3.2M

Payback

6 months6 months months

Benefits (Three-Year)

Enhanced attack surface visibility Accelerated vulnerability management investigation Accelerated incident response investigation Automated risk management and compliance reporting Improved asset research workflows Reduced risk of security breach

TEI Framework And Methodology

From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in the Axonius Cyber Assets product.

The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Axonius Cyber Assets can have on an organization.

Due Diligence

Interviewed Axonius stakeholders and Forrester analysts to gather data relative to the platform.
Interviews

Interviewed four people at organizations using Axonius to obtain data about costs, benefits, and risks.
Composite Organization

Designed a composite organization based on characteristics of the interviewees’ organizations.
Financial Model Framework

Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Case Study

Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.

Disclosures

Readers should be aware of the following:

This study is commissioned by Axonius and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Axonius Cyber Assets. For the interactive functionality using Configure Data/Custom Data, the intent is for the questions to solicit inputs specific to a prospect’s business. Forrester believes that this analysis is representative of what companies may achieve with Axonius Cyber Assets based on the inputs provided and any assumptions made. Forrester does not endorse Axonius or its offerings. Although great care has been taken to ensure the accuracy and completeness of this model, Axonius and Forrester Research are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein. The interactive tool is provided ‘AS IS,’ and Forrester and Axonius make no warranties of any kind.

Axonius reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

Axonius provided the customer names for the interviews but did not participate in the interviews.

Consulting Team:

Sarah Lervold

Maria Kulikova

Drivers leading to the Axonius investment

Interviews

Role	Industry	Revenue	Employees	Axonius Products Deployed	Assets Adapters
Lead attack surface management engineer	Transportation services	$13.0 billion	100,000	Cyber Assets	~1 million 50
CISO	Semiconductor manufacturing	$17.5 billion	34,000	Cyber Assets	355,000 24
Cloud security engineer	Financial services	$7.6 billion	20,000	Cyber Assets SaaS Apps	552,000 54
Staff security engineer	Retail	$4.3 billion	25,000	Cyber Assets	120,000 38

Key Challenges

The interviewees acknowledged that asset management was important but recognized their organizations had gaps in visibility across their increasingly complex environments. Prior to deploying Axonius, the majority of interviewees relied on configuration management databases (CMBD), spreadsheets, and internal information-sharing systems to inventory their assets. Some interviewees’ organizations built custom scripting on top of these inventory tools in an effort to unify dispersed data, but much of the effort required to maintain these tools was manual and time intensive.

As their organizations’ attack surfaces evolved and included more assets to manage, interviewees noted that their information security teams remained in reactive mode. These teams often operated in silos, using a particular set of security tools to address their immediate needs — there were no “tool of tools.” This led the interviewees’ organizations to focus on protecting and securing only their “crown jewel assets” rather than ascertaining their complete attack surface. As Forrester research states: “Growing and diverse attack surfaces create disjointed, siloed security solutions. Technology ownership is increasingly decentralized from IT, meaning a wider spread of deployments requires a rush to discover and secure it.”³

The interviewees noted how their organizations struggled with common challenges, including:

Increasing complexity of their dynamic attack surface. Interviewees explained how the number and type of assets in their organizations’ environments continued to evolve in count and complexity. Interviewees also commented on the ways in which threat actors continued to get creative in their attack approaches as connectivity across their organizations increased. This precipitated a need for security teams — often already overburdened — to constantly keep up to date on these developments and new ways of defending their organizations’ assets. Put simply, the staff security engineer at the retail organization said, “It’s a new world.”

A primary focus on securing only “crown jewel assets.” Interviewees explained how their organizations were surprised at the number of assets Axonius identified and classified after setting up the appropriate adapters. Previously, these organizations focused on securing their most important assets and many went unidentified or unclassified in their existing inventory management tools. The lead attack surface management engineer at the transportation services organization, who characterized their environment prior to Axonius as “the dark times,” shared: ““[We went off] what we knew at the time. … just crown jewels … but it was the amplifying assets that support the network and the applications that get hacked. We didn’t know where the line in the sand ended really as far as shadow IT. We were just focusing on what we knew and the current threat landscape.”
Manual effort required to maintain accurate asset inventory. Interviewees explained that their organizations’ IT and security teams actively maintained their inventory databases to trust they were accurate and up to date. These activities included, for example, monitoring and building custom scripting and ensuring asset scanners were working properly. This required time that otherwise could have been dedicated to more proactive security tasks defending their attack surface. The lead attack surface management engineer at the transportation services organization said: “We operate with [an extensive] number of assets. It is hard to actively maintain a comprehensive CMBD or a change database of all assets.”

The CISO at the manufacturing organization told Forrester: “One of the gaps that we knew we had was asset management. … We have a product our operations team uses but it’s never in sync, it’s never accurate. It always has problems. A lot of scripts kind of keep it coupled together.”

A lack of visibility and insight across siloed tools. Forrester research states, “You cannot protect what you can’t see, but organizations see too many signals that lead to dead ends.”⁴ Interviewees explained that their IT and security teams often relied on datasets from disjointed tools when investigating a vulnerability or incident. This led to scenarios where the tools did not accurately report on impacted assets, ultimately delaying time to investigation and leading to poorly informed decision-making. The cloud security engineer at the financial services organization said: “Everything was siloed, and the team’s tools would only know about what was reported back with their tool. There was not a tool to check the tools.”

“If you know everything on the network but can’t do anything with it, it’s invalid in my opinion. That’s where Axonius started to shine a little bit more than the other products. I want to be able to manage what’s on my network and quantify risk.”

CISO, semiconductor manufacturing

Investment Objectives

The interviewees’ organizations searched for a solution that could:

Provide a clear and accurate representation of assets through a unified platform.
Monitor an extensive number of assets.
Meet evolving asset landscape needs, including the transition to the cloud.
Provide access to asset insights to drive automated remediation activity.
Help inform and quantify risk-based security decisions.

“I’m still in charge of Axonius at my organization six years later. I want to keep this product [under my purview]. Normally I’ll do a POC [proof of concept] and hand it off to somebody else. But Axonius does so many cool things that information security can help with or that can help with information security.”

Staff security engineer, retail

Composite Organization

Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:

Description of composite. The composite is a public, multibillion-dollar organization that is business-to-consumer (B2C) and business-to-business (B2B). It has global operations, 40,000 employees, and a cybersecurity team with 75 employees.

Deployment characteristics. The composite organization connects 40 adapters to Axonius during initial implementation. It begins using Axonius Cyber Assets as well as the Enforcement Center feature in Year 1. The composite continues to connect additional adapters over time.

Key Assumptions

Multibillion-dollar organization
B2B and B2C
40,000 employees
500,000 assets on Axonius Cyber Assets
40 initial adapters

Quantified benefit data as applied to the composite

Total Benefits

Ref.	Benefit	Year 1	Year 2	Year 3	Total	Present Value
Atr	Enhanced attack surface visibility	$570,326 $570,326	$475,826 $475,826	$520,376 $520,376	$1,566,529 $1,566,529	$1,302,690 $1,302,690
Btr	Accelerated vulnerability management investigation	$432,851 $432,851	$432,851 $432,851	$432,851 $432,851	$1,298,553 $1,298,553	$1,076,436 $1,076,436
Ctr	Accelerated incident response investigation	$839,808 $839,808	$839,808 $839,808	$839,808 $839,808	$2,519,424 $2,519,424	$2,088,478 $2,088,478
Dtr	Automated risk management and compliance reporting	$33,696 $33,696	$33,696 $33,696	$33,696 $33,696	$101,088 $101,088	$83,797 $83,797
Etr	Improved asset investigation workflows	$270,000 $270,000	$270,000 $270,000	$270,000 $270,000	$810,000 $810,000	$671,450 $671,450
Ftr	Reduced risk of security breach	$25,403$25,403	$25,403$25,403	$25,403$25,403	$76,210$76,210	$63,174$63,174
	Total benefits (risk-adjusted)	$2,172,085$2,172,085	$2,077,585$2,077,585	$2,122,535$2,122,535	$6,371,804$6,371,804	$5,286,025$5,286,025

Enhanced Attack Surface Visibility

Evidence and data. Forrester research states: “Gaining visibility is a continuous process of discovery. But once teams discover a new asset, they need to gather information about its context.”⁵ Interviewees explained how Axonius identified and classified significantly more assets (inclusive of networking devices, endpoints, user identities, and cloud assets) in their organizations’ environments than previously identified in their CMBD or manual spreadsheet tracking tools. After connecting their existing security tools to Axonius, their organizations gained a clear and accurate picture of their true attack surfaces. Through Axonius’ Enforcement Center, which enabled the interviewees’ organizations to take remediation action on assets, their teams saved significant time in maintaining accurate and real-time asset inventories. With improved visibility, interviewees also explained how their organizations were able to decommission asset licenses no longer in use, leading to cost savings:

The lead attack surface management engineer at the transportation services explained: “Our team saw the writing on the wall where Axonius is able to perform better and get the assets quicker [than our CMBD]. Axonius is really automated. I don’t need to go in and change and maintain a bunch of CI [continuous integration] tables. We sort of made our own CMDB in a way.”
This interviewee also said: “It would take hundreds of hours to get to the level of data that Axonius has, and you would have to redo it every time. It’s not just once you set up a spreadsheet with the data available. You still have to do that again with the next iteration of data. Whereas Axonius does everything for you, presents everything in an actionable manner. We built this Enforcement Center action to automatically tag the owner of the asset. Without this, owners don’t tag their assets, and it becomes shadow IT. Nobody knows who owns what.”
The CISO at the semiconductor manufacturing organization said, “We were able to remove around 35 ETLs [extract, transform, load] and I think 12 different scripts that were basically doing data management just to try to get our assets into the CMDB.” When asked how many assets Axonius identified, the CISO responded: “It was substantially more than we thought and even projected. Our CMDB had around 120,000 assets. That was mainly IT solutions, servers, clients. Some of the stuff that we’ve kind of cobbled together in [another insights tool] was pulling like 180,000 [to] 200,000 depending on the day.” The interviewee noted Axonius identified approximately 355,000 assets for their organization.
The CISO continued: “We had this decommissioning process that we thought was working quite well. We were running like 6,000 assets that we thought were decommissioned. I was like blown away when I heard that number and, honestly, shocked.”
The cloud security engineer at the financial services organization shared an example: “[With Axonius] automations, we were able to pull serial numbers from different platforms that had information that was not being fed into our CMDB. We cleaned up somewhere just shy of about 8,000 devices that were in that unclassed hardware table. I believe a lot of that was from mergers and acquisitions.”
The staff security engineer at the retail organization said: “We’ve got quite a bit into private and public cloud. Axonius has helped out quite a bit in just understanding that landscape because it was quite a bit different than a traditional metal on frame in a data center type situation.”

Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:

The composite organization identifies 200,000 assets in its prior environment (prior to deploying Axonius). Each year the asset count grows 10%.
With Axonius, the number of assets identified and classified increases by 150%.
Ten percent of the newly identified assets are endpoints.
The cost per endpoint license that was decommissioned with Axonius in place is $50.
The composite decommissions 40% of the endpoint licenses in Year 1 and 30% in Years 2 and 3.
The SecOps team dedicates 1,040 hours annually to inventory asset data and managing custom scripts in the prior environment. With Axonius, the composite gains 60% efficiency in these tasks.
The average fully burdened annual salary for SecOps professionals is $150,000. The fully burdened hourly rate for these professionals is $72.
Seventy-five percent of the work is recaptured for productive activities.

Risks. The size of this benefit may vary among organizations depending on:

The number of assets identified in the prior environment and their annual growth rate.
The percentage of newly identified assets that are endpoints.
The cost per endpoint license and rate of decommissioning these licenses over time.
The salaries for SecOps resources.

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.3 million.

For , this benefit may have a three-year, risk-adjusted total PV of .

150%

Increase in assets identified and classified with Axonius

The following table shows custom results for .

Enhanced Attack Surface Visibility

Ref.	Metric	Source		Year 1	Year 2	Year 3
A1	Assets identified in prior environment	CompositeComposite		200,000200,000	220,000220,000	242,000242,000
A2	Increase in assets identified with Axonius	InterviewsTEI case study		150%150%	150%150%	150%150%
A3	Assets identified with Axonius	A1*(1+A2)		500,000500,000	550,000550,000	605,000605,000
A4	Newly identified/classified assets	A3-A1		300,000300,000	330,000330,000	363,000363,000
A5	Percentage of newly identified/classified assets that are endpoints	A4*10%		30,00030,000	33,00033,000	36,30036,300
A6	Cost per endpoint license that was not previously decommissioned	AssumptionTEI case study		$50 $50	$50 $50	$50 $50
A7	Percentage of licenses decommissioned annually	CompositeTEI case study		40%40%	30%30%	30%30%
A8	Subtotal: Decommissioned endpoint licenses	A5A6A7		$600,000 $600,000	$495,000 $495,000	$544,500 $544,500
A9	Hours dedicated to inventory asset data and manage custom scripts in prior environment	CompositeComposite		1,0401,040	1,0401,040	1,0401,040
A10	Improvement with Axonius	InterviewsTEI case study		60%60%	60%60%	60%60%
A11	Hours recaptured with Axonius	A9*A10		624624	624624	624624
A12	Fully burdened hourly rate for a SecOps professional	CompositeTEI standard		$72 $72	$72 $72	$72 $72
A13	Productivity recapture	TEI Methodology		75%75%	75%75%	75%75%
A14	Subtotal: Asset inventory efficiencies	A11A12A13		$33,696 $33,696	$33,696 $33,696	$33,696 $33,696
At	Enhanced attack surface visibility	A8+A14		$633,696 $633,696	$528,696 $528,696	$578,196 $578,196
	Risk adjustment	↓10%
Atr	Enhanced attack surface visibility (risk-adjusted)			$570,326 $570,326	$475,826 $475,826	$520,376 $520,376
Three-year total: $1,566,529 $1,566,529			Three-year present value: $1,302,690 $1,302,690

Accelerated Vulnerability Management Investigation

Evidence and data. Interviewees explained their organizations’ increasing focus on adopting and establishing vulnerability management practices, particularly given the transition to more cloud-based workstreams. With Axonius, security teams at the interviewees’ organizations built custom dashboards in order to identify vulnerable assets and used queries to make risk-based decisions on how to assign priority to these assets. Interviewees explained that using Axonius to gather complete asset data rather than their vulnerability management tools saved significant time during investigations. Axonius also saved the interviewees’ organizations time when performing routine device compliance checks in order to get ahead of potential impacts from vulnerabilities.

The lead attack surface management engineer at the transportation services said: “Say a certain zero day comes out or a certain threat actor is using some kind of flavor of software, Axonius can spit out a full report of what assets have this software presented. We’ll know exactly the short list of machines we need to secure or patch up. It really enables us to act quickly. It’s a single-pane-of-glass view. I don’t need to log in to 700 different applications to figure it out. Axonius has it all. To create one asset report within our vulnerability management tool, it probably takes 45 minutes of frustratingly clicking and pressing refresh whereas [with] Axonius, it’s mere minutes.”

“Within less than 10 seconds, I can see exactly what software’s on what device, what’s vulnerable to certain CVs [critical vulnerabilities]. I can query half a million assets so quickly. I know what lies where and it’s invaluable because there’s no hiding really anymore.”

Lead attack surface management engineer, transportation services

The CISO at the semiconductor manufacturing organization said: “Being able to quickly pivot to the Known Exploited Vulnerabilities from CISA (Cybersecurity and Infrastructure Security Agency) is also tremendously helpful. … I now have this telemetry on my WAF [web application firewall] and SQL [structured query language] injections are going after it. Now, I have this data from Axonius telling me it also has vulnerabilities for SQL. That will trigger basically what we’re calling an emergency patch process where we just take it off the line. I can now connect the dots because of the visibility provided by [Axonius].”
The cloud security engineer at the financial services organization said: “We’ve built in some custom searches that can go in and tell us what endpoints have a piece of vulnerable software that might be showing up faster than running a full system scan of all of our systems using some of our vulnerability tools.”

“Axonius really shows you where your holes are and enables you to get a broad view quickly. It changes your tune about how to deploy defence in depth and in your security stack. You have to prioritize now because you know where the issues are.”

Lead attack surface management engineer, transportation services

Sharing an example, the cloud security engineer said: “One of the last ones we investigated was a vulnerability from an acquired company. We were able to find out that particular configuration was not enabled on that platform by looking in Axonius. We weren’t having to do zero-day patching. Yes, we’re going to update it and patch it. But we can then make a risk-based approach to say that this current configuration does not meet what is being exploited on the zero day.”
The staff security engineer at the retail organization said: “Every day there’s some new crazy big deal. Each time our CISO would come to us and ask about a vulnerability, we might spend $10,000 in human hours for each incident. We’ve got basically six or eight people from all different teams, not including our own security staff, to figure out this problem. This would happen probably once a month.”
The staff security engineer at the retail organization said: “Any moment in time I can click a button, and I can see whether or not were in compliance with these devices. Previously, this would take days or weeks because it was all manual. … We don’t want people with unpatched devices, not running antivirus, and we don’t let them. Axonius has helped us with understanding that compliance.”

Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:

The composite investigates 48 critical vulnerabilities annually.
It took 40 hours to manually investigate and prioritize impacted assets per vulnerability in the prior environment. With Axonius, the composite gains 70% efficiency in these tasks.
Each SecOps professional dedicates 156 hours annually to device compliance identification and reporting. With Axonius, the composite gains 90% efficiency in these tasks.
Five SecOps professionals support critical vulnerability management investigation and device compliance investigation and reporting.

The average fully burdened annual salary for SecOps professionals is $150,000. The fully burdened hourly rate for these professionals is $72.
Ninety percent of the work is recaptured for productive activities.

Risks. The size of this benefit may vary among organizations depending on:

The number of critical vulnerabilities investigated annually and the amount of time required to investigate.
The amount of time dedicated to device compliance identification and reporting activities.
The number of SecOps professionals and their salaries.

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.1 million.

For , this benefit may have a three-year, risk-adjusted total PV of .

70%

Improvement in time to investigate and prioritize assets impacted by vulnerabilities

The following table shows custom results for .

Accelerated Vulnerability Management Investigation

Ref.	Metric	Source		Year 1	Year 2	Year 3
B1	Critical vulnerabilities to investigate	CompositeScaled to A3		4848	4848	4848
B2	Hours to manually investigate and prioritize impacted assets per vulnerability in prior environment	InterviewsTEI case study		4040	4040	4040
B3	Improvement with Axonius	Interviews		70%70%	70%70%	70%70%
B4	SecOps resources	CompositeComposite		55	55	55
B5	Fully burdened hourly rate for a SecOps professional	CompositeTEI standard		$72 $72	$72 $72	$72 $72
B6	Subtotal: Vulnerability management investigation efficiencies	B1B2B3B4B5		$483,840 $483,840	$483,840 $483,840	$483,840 $483,840
B7	Hours dedicated to device compliance identification and reporting in the prior environment	CompositeComposite		156156	156156	156156
B8	Improvement with Axonius	InterviewsTEI case study		90%90%	90%90%	90%90%
B9	Subtotal: Device compliance identification efficiencies	B7B8B4*B5		$50,544 $50,544	$50,544 $50,544	$50,544 $50,544
B10	Productivity recapture	TEI Methodology		90%90%	90%90%	90%90%
Bt	Accelerated vulnerability management investigation	(B6+B9)*B10		$480,946 $480,946	$480,946 $480,946	$480,946 $480,946
	Risk adjustment	↓10%
Btr	Accelerated vulnerability management investigation (risk-adjusted)			$432,851 $432,851	$432,851 $432,851	$432,851 $432,851
Three-year total: $1,298,553 $1,298,553			Three-year present value: $1,076,436 $1,076,436

Accelerated Incident Response Investigation

Evidence and data. Aside from driving efficiencies for vulnerability management investigation, interviewees explained how Axonius played a role when responding to incidents. These incidents were events (but not material breaches) that triggered alerts for the security team to investigate. With enhanced visibility and an understanding of how to effectively query the asset data, interviewees noted that incident responders reduced the time required to investigate the assets impacted by these incidents and accurately determine whether the incident was a false positive or whether it required further remediation.

The lead attack surface management engineer at the transportation services organization said: “We know exactly where our issues lie and how to fix them. … It’s really been extremely valuable because it saves us time. With an incident, seconds, minutes, hours matter. The longer you wait, the larger the blast radius could be. There’s a cost associated with incidents, and Axonius really enables you to be quick. If a particular domain controller was popped, our investigative team can get all the amplifying information without the need to go to an active directory tool and contact many different colleagues for help.”
The staff security engineer at the retail organization said: “In the old world, I would say [it would take] maybe three to four days [to resolve an incident]. The problem with the old world was you’d have so many incidents that some would just sit there and not even be taken care of. Nowadays, we see something come in and we can investigate it and close it out and move on to the next thing. [Axonius] has helped us address all the incidents in a reasonable time instead of having a lag before we actually get to them.”
The staff security engineer provided a concrete example: “For incident response, Axonius has been great because it really helps us pinpoint what we need to look into and it kind of takes away the unknowns. For example, if an employee clicked on a suspicious item and security got an alert, previously, it’s like, ‘What systems did the employee access?’ We don’t even know what the employee does. Well, in Axonius, because we’ve got all the user data in addition to the device data, I can say, ‘Okay, this is her and this is her picture, this is her manager, I can’t get ahold of April because her computer is messed up. I’ve got her manager’s phone number right here.’ So, all these other data sources, it’s all in Axonius — we can just look at it all from here and it saves so much time.”

Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:

The composite investigates 2,000 security incidents annually.
It took 12 hours to manually investigate and prioritize impacted assets per incident in the prior environment. With Axonius, the composite gains 60% efficiency in these tasks.
The average fully burdened annual salary for SecOps professionals is $150,000. The fully burdened hourly rate for these professionals is $72.
Ninety percent of the work is recaptured for productive activities.

Risks. The size of this benefit may vary among organizations depending on:

The number of security incidents investigated annually and the amount of time required to investigate.
The extent to which Axonius is used to investigate security incidents.
The number of SecOps professionals and their salaries.

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.1 million.

For , this benefit may have a three-year, risk-adjusted total PV of .

60%

Improvement in time to investigate impacted assets during incident

The following table shows custom results for .

Accelerated Incident Response Investigation

Ref.	Metric	Source		Year 1	Year 2	Year 3
C1	Security incidents	CompositeComposite		2,0002,000	2,0002,000	2,0002,000
C2	Hours to investigate impacted assets during an incident in prior environment	InterviewsInterviews		1212	1212	1212
C3	Improvement with Axonius	InterviewsTEI case study		60%60%	60%60%	60%60%
C4	Fully burdened hourly rate for a SecOps professional	CompositeTEI standard		$72 $72	$72 $72	$72 $72
C5	Productivity recapture	TEI Methodology		90%90%	90%90%	90%90%
Ct	Accelerated incident response investigation	C1C2C3C4C5		$933,120 $933,120	$933,120 $933,120	$933,120 $933,120
	Risk adjustment	↓10%
Ctr	Accelerated incident response investigation (risk-adjusted)			$839,808 $839,808	$839,808 $839,808	$839,808 $839,808
Three-year total: $2,519,424 $2,519,424			Three-year present value: $2,088,478 $2,088,478

Automated Risk Management And Compliance Reporting

Evidence and data. Interviewees explained how their security organizations were required to communicate risk information during internal team meetings and to company leadership on a routine basis. This included presenting up-to-date information on device compliance, asset vulnerabilities, incident response, and overall security risk posture. With Axonius, interviewees explained how their teams saved significant time in generating necessary reports for such presentations given the platform’s easy-to-access, built-in dashboards and report generation functionality. Automated report generation also supported governance and risk teams required to conduct evidence collection for compliance obligations and third-party audits.

The lead attack surface management engineer at the transportation organization said: “It’s like a silver bullet. It honestly is. From a security perspective, you always have to fight the people that own the infrastructure because of no budget and risk. Axonius allows us to present [risk and vulnerability] information in a clear, concise picture. It makes it really easy to generate decks when the data is four clicks away.”
The lead attack surface management engineer continued: “With Axonius we can reach teams and say, ‘Hey, these certain assets are supposed to have [endpoint protection] but they don’t. Here’s the report. Put it on there.’ It gives us the evidence to present to teams weekly. With Axonius, we were able to look at a single pane of glass and realize where our security stack lacks deployment and where it needs a shore up.”
The CISO at the semiconductor manufacturing organization said: “Our ITRM [IT risk management] reviews, are conducted quarterly. It used to be kludgy metrics that teams presented to me and my leaders and a lot of those have been rebuilt through Axonius. I’ve heard anecdotes like, ‘Oh, this is really helpful. I can just go to a page and know what’s not in compliance,’ so there is definitely downstream value.”
The cloud security engineer at the financial services organization said: “[In the prior environment], we’re talking days of gathering data and building reports. [With Axonius], once we have the datasets in and dashboards built, it’s basically instantaneous. Users can come in and click to download CSV [comma-separated values] of lists that meet their use case and get ready to work without having to go generate all the reporting that they were doing previously.”

“Axonius has been very helpful with the time to delivery for an audit. The data we now have is very accurate. It used to be an instrusive [process].”

Staff security engineer, retail

Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:

The composite holds 16 risk management meetings annually.
It took 8 hours to prepare for each meeting in the prior environment. Five SecOps professionals were dedicated to supporting meeting preparation. With Axonius, the composite gains 75% efficiency on these tasks.
The average fully burdened annual salary of SecOps professionals is $150,000. The fully burdened hourly rate for these professionals is $72.
The composite dedicates 80 hours annually to evidence collection for compliance obligations and third-party audits in the prior environment. Five governance and risk professionals support these tasks. With Axonius, the composite gains 80% efficiency on these tasks.
The average fully burdened annual salary of a governance and risk professional is $100,000. The fully burdened hourly rate for these professionals is $48.
Seventy-five percent of the work is recaptured for productive activities.

Risks. The size of this benefit may vary among organizations depending on:

The extent to which an organization spends time on risk management meeting preparation, evidence collection, and third-party audits.
The number of SecOps professionals and governance and risk professionals and their salaries.

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $84,000.

For , this benefit may have a three-year, risk-adjusted total PV of .

The following table shows custom results for .

Automated Risk Management And Compliance Reporting

Ref.	Metric	Source		Year 1	Year 2	Year 3
D1	SecOps resources	CompositeComposite		55	55	55
D2	Frequency of risk management meetings	InterviewsTEI case study		1616	1616	1616
D3	Hours dedicated to preparation per meeting in prior environment	InterviewsTEI case study		88	88	88
D4	Improvement with Axonius	InterviewsTEI case study		75%75%	75%75%	75%75%
D5	Fully burdened hourly rate for a SecOps professional	AssumptionTEI standard		$72 $72	$72 $72	$72 $72
D6	Subtotal: Security team efficiencies	D1D2D3D4D5		$34,560 $34,560	$34,560 $34,560	$34,560 $34,560
D7	Governance and risk team members	CompositeScaled to D1		55	55	55
D8	Hours spent on evidence collection for compliance obligations and third-party audits in prior environment	InterviewsInterviews		8080	8080	8080
D9	Improvement with Axonius	InterviewsTEI case study		80%80%	80%80%	80%80%
D10	Fully burdened hourly rate for a governance and risk team member	CompositeTEI standard		$48 $48	$48 $48	$48 $48
D11	Subtotal: Governance and risk team efficiencies	D7D8D9*D10		$15,360 $15,360	$15,360 $15,360	$15,360 $15,360
D12	Productivity recapture	TEI Methodology		75%75%	75%75%	75%75%
Dt	Automated risk management and compliance reporting	(D6+D11)*D12		$37,440 $37,440	$37,440 $37,440	$37,440 $37,440
	Risk adjustment	↓10%
Dtr	Automated risk management and compliance reporting (risk-adjusted)			$33,696 $33,696	$33,696 $33,696	$33,696 $33,696
Three-year total: $101,088 $101,088			Three-year present value: $83,797 $83,797

Improved Asset Investigation Workflows

Evidence and data. Aside from vulnerability management and investigation response, interviewees described many use cases where other teams within their organizations used Axonius. These users saved time in their day-to-day workflows by accessing Axonius to query assets and configure automatic reports based on correlated asset data. Examples of these workflows included merger and acquisition asset discovery activity, driving consistencies with data in other systems, and enriching particular datasets in their organizations’ CMBDs. Many of these activities were performed on a regular basis.

The lead attack surface management engineer at the transportation organization said: “We have a bunch of mergers and acquisitions and we’re utilizing this tool heavily to quickly ascertain and remediate different, expanded attack surfaces. This tool is not going away. No shot.”
The cloud security engineer at the financial services organization echoed the same workflow: “We’ve used it around with mergers and acquisitions. We put in a tunnel adapter on the company that we’ve acquired and now we’re gathering information about their active directory and anything else that we could find in their environment to see where their actual benchmark of their security programs have been.”
The CISO at the semiconductor manufacturing organization said, “I brought on a few of our infrastructure operations architects, and they actually were singing inspirations, primarily because of all the efficiencies that they gained on the back end.”
The cloud security engineer at the financial services organization said: “We’re not getting the same number of correlation points [as we do with Axonius] from our CMDB, which is the by-the-bank definition the source of truth for everything in the environment. The teams can take this information [from Axonius] and get [answers] a whole lot faster.”
The staff security engineer at the retail organization said: “Several other teams in IT now leverage Axonius. I would say the endpoint teams use it the most, then the server teams and the storage teams. They now know that all the information they could want is in Axonius. For example, once we teach teams how to use an enforcement to update serial numbers and they get comfortable with the enforcement, we can show them how it will save so much time.”

“What completely sold Axonius to me is that it saves our teams so much time. They can focus on other tasks instead of all this manual research. You do a little work upfront to automate [the research]. It’s almost like magic.”

Staff security engineer, retail

Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:

50 employees across the composite organization use Axonius and 10% of their workload involves IT asset research or discovery.
With Axonius, these users realize 80% efficiencies in their research tasks.
The average fully burdened annual salary for a user is $100,000.
Seventy-five percent of the work is recaptured for productive activities.

Risks. The size of this benefit may vary among organizations depending on:

The number of Axonius users and their salaries.
The extent to which the users’ work pertains to IT asset investigation and discovery.

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $671,000.

For , this benefit may have a three-year, risk-adjusted total PV of .

“We now have data to make better decisions. A lot of times that decision is to fix a process, build a process, or automate decisions.”

CISO, semiconductor manufacturing

80%

Improvement in IT asset investigation and discovery workflows across the organization

The following table shows custom results for .

Improved Asset Investigation Workflows

Ref.	Metric	Source		Year 1	Year 2	Year 3
E1	Axonius users	CompositeComposite		5050	5050	5050
E2	Average percentage of workload that involves IT asset investigation or discovery	CompositeTEI case study		10%10%	10%10%	10%10%
E3	Improvement with Axonius	InterviewsTEI case study		80%80%	80%80%	80%80%
E4	Fully burdened annual salary for a user	CompositeTEI standard		$100,000 $100,000	$100,000 $100,000	$100,000 $100,000
E5	Productivity recapture	TEI Methodology		75%75%	75%75%	75%75%
Et	Improved asset investigation workflows	E1E2E3E4E5		$300,000 $300,000	$300,000 $300,000	$300,000 $300,000
	Risk adjustment	↓10%
Etr	Improved asset investigation workflows (risk-adjusted)			$270,000 $270,000	$270,000 $270,000	$270,000 $270,000
Three-year total: $810,000 $810,000			Three-year present value: $671,450 $671,450

Reduced Risk Of A Security Breach

Evidence and data. According to Forrester research, “Fixing the right weaknesses will result in fewer breaches, increasing customer trust while decreasing incident response and cyber insurance costs.”⁶ Interviewees explained that aside from the operational efficiencies described above, improved device posture and improved vulnerability management practices led to a reduction in risk of external breach for their organizations.

Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:

The composite has a 69% chance of experiencing one or more breaches per year.⁷
The mean cumulative cost of breaches for the composite is $3.8 million annually.⁸
The percentage of breaches originating from external attacks is 57.7%, of which 42% are addressable with Axonius.⁹
With Axonius, the composite reduces its risk of a breach from external attack by 5%.

Risks. The size of this benefit may vary among organizations depending on the extent to which a security breach impacts the organization and its associated cost.

Results. To account for these risks, Forrester adjusted this benefit downward by 20%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $63,000.

For , this benefit may have a three-year, risk-adjusted total PV of .

The following table shows custom results for .

Reduced Risk Of A Security Breach

Ref.	Metric	Source		Year 1	Year 2	Year 3
F1	Likelihood of experiencing one or more breaches per year	Forrester ResearchForrester Research		69%69%	69%69%	69%69%
F2	Mean cumulative cost of breaches	Forrester ResearchForrester Research		$3,798,000$3,798,000	$3,798,000$3,798,000	$3,798,000$3,798,000
F3	Percentage of breaches originating from external attacks	Forrester Research		57.7%57.7%	57.7%57.7%	57.7%57.7%
F4	Percentage of external attacks addressable with Axonius	Forrester Research		42%42%	42%42%	42%42%
F5	Subtotal: Annual risk exposure addressable with Axonius	F1F2F3*F4		$635,081$635,081	$635,081$635,081	$635,081$635,081
F6	Reduced risk of breaches from external attacks with Axonius	InterviewsTEI case study		5%5%	5%5%	5%5%
Ft	Reduced risk of security breach	F5*F6		$31,754$31,754	$31,754$31,754	$31,754$31,754
	Risk adjustment	↓20%
Ftr	Reduced risk of security breach (risk-adjusted)			$25,403$25,403	$25,403$25,403	$25,403$25,403
Three-year total: $76,210$76,210			Three-year present value: $63,174$63,174

Unquantified Benefits

Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:

Elevated value of cybersecurity team within organization. Interviewees noted their cybersecurity teams used Axonius to support other departments across their organizations with their use cases related to asset identification and insights. This promoted cross-collaboration and elevated the impact of the cybersecurity teams. The attack surface management engineer at the transportation services organization said: “From [the beginning of deployment], we had quick win after quick win. It made my team look like superstars.”
Informed discussions with leadership around cyber risk quantification. Forrester research states, “Your single biggest risk is that you don’t know how much risk you’re exposed to. Cyber risk quantification (CRQ) involves modeling risk scenarios and finally quantifying their business impact”.¹⁰ With improved visibility into and understanding of the organizations’ attack surface, the interviewees noted their cybersecurity teams could more accurately quantify and communicate about cyber risk to leaders. This ultimately informed better long-term business decisions. The CISO at the semiconductor manufacturing organization said: “I noticed this factory is making this many millions a day and I was able to articulate and quantify the volume of risk we’re holding by not patching these systems. I never knew that until I had this solution. Now I can make a better risk-informed decision. That’s what helped me sell [Axonius] to our CIO.”
Formalized new standards and best practices. The Axonius dashboards provided teams with easy access to new insights on device posture. This allowed for creation of best practices which further supported defending the attack surface. Interviewees shared two examples:
- The lead attack surface management engineer at the transportation services organization said: “Axonius enables us to find devices that aren’t authorized on the network. We didn’t think [this was an issue before]. We’ve realized that the issue is more rampant than anything. It has changed how we kind of search and alert employees.”
- The staff security engineer at the retail organization explained that sometimes, employees would not send back their equipment when leaving the company, adding, “The new initiative allows our equipment and HR team to work together with Axonius in the middle to locate all employee equipment.”
Provided a collaborative relationship with Axonius support. Axonius’ support team enabled the interviewees’ organizations to both meet their customized, defined goals set during onboarding and realize additional value from newly discovered use cases while configuring dashboards on the platform. The staff security engineer at the retail organization said, “It turns out that Axonius solved a lot of problems we didn’t even think about.”
- The attack surface management engineer at the transportation services organization said: “The tool performed just as explained. I’ve run into the problem where we’ve onboarded other tools and [they underdeliver]. Axonius literally has delivered at every point.”
- The staff security engineer at the retail organization said: “The turnaround is one of the great things about their engineering team. They’re extremely responsive. That’s what makes them wonderful to work with as a company. … They do very well with helping to customize our needs as a customer.”

“[Axonius] is the primary source of truth when it comes to metrics pushing to try to get risk communicated all the way up to the executive committee. Our CEO has seen reports from this tool.”

Lead attack surface management engineer, transportation services

Interview Spotlight

Axonius SaaS Apps

The Axonius Asset Cloud consists of multiple products, including Axonius Cyber Assets and Axonius SaaS Apps. The SaaS Apps product is designed to provide a consolidated view into SaaS asset inventory and usage, minimizing SaaS app risk.

The cloud security engineer noted their financial services organization deployed Axonius SaaS Apps in addition to Cyber Assets. This interviewee explained that their organization had a federal mandate to ensure all SaaS infrastructure met configuration monitoring standards in their upcoming audits. As a result, they invested in Axonius SaaS Apps.

Prior to deployment, the cloud security engineer said their organization had little prior visibility into configurations and often relied on self-assertions when asked a question. The interviewee said, “We didn’t have insight into all those applications until we really connected our tools [into Axonius] to see what the settings were.”

In one year since deployment, the financial services organization realized the following value:

The ability for SaaS owners to more accurately understand the settings and configurations across their deployed SaaS apps.
The ability for identity and access management teams to assess and report on orphaned SaaS accounts.

The cloud security engineer said, “We went from unknown unknowns or known unknowns to now knowing what these configurations are actually set to versus having a SaaS owner saying, ‘We’re good, we’re following the standards.’”

This interviewee also stated that their organization plans to connect more of their SaaS applications via adapters to better understand how these applications differ from their organization’s security standards and meet the federal mandate in upcoming audits.

Flexibility

The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Axonius and later realize additional uses and business opportunities, including:

Onboarding additional platform users. Interviewees expressed excitement for adding new users to Axonius to further device knowledge and management across their departments. New users may also gain efficiencies in their asset related workflows through use and customization of dashboards. The CISO at the semiconductor manufacturing organization said, “It’s on our roadmap to open this up to our manufacturing owners and lab owners for them to understand the assets they manage.”
Ingesting additional data via new adapters. Interviewees explained how the number of adapters the Axonius team built into the platform increased exponentially over the last few years. As new adapters were onboarded, teams could correlate additional asset data to produce more insights. The staff security engineer at the retail organization said: “You don’t want certificates to expire. We are working to leverage Axonius to send out notifications. We’re currently in development with their team on an adapter for active directory certificate services.”
Explore new use cases. Given the breadth of use cases supported by Axonius, interviewees shared their intentions of exploring new ways to meet their initiatives by setting up enforcements. The staff security engineer at the retail organization provided an example: “We’ve onboarded a cloud-native application protection platform. We’re kind of changing our approach to cloud security. Our next big initiative where Axonius will be involved is how do we add those configuration-type vulnerabilities into our existing vulnerability management process.”

Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).

“My biggest risk is if there was a world in my future where we didn’t have Axonius. There’s no other product that does [asset management] as well as Axonius does.”

Staff security engineer, retail

Quantified cost data as applied to the composite

Total Costs

Ref.	Cost	Initial	Year 1	Year 2	Year 3	Total	Present Value
Gtr	Axonius fees	$0 $0	$775,000 $775,000	$775,000 $775,000	$775,000 $775,000	$2,325,000 $2,325,000	$1,927,310 $1,927,310
Htr	Implementation and ongoing management	$60,480 $60,480	$31,450 $31,450	$31,450 $31,450	$31,450 $31,450	$154,829 $154,829	$138,691 $138,691
	Total costs (risk-adjusted)	$60,480 $60,480	$806,450 $806,450	$806,450 $806,450	$806,450 $806,450	$2,479,829 $2,479,829	$2,066,001 $2,066,001

Axonius Fees

Evidence and data. Interviewees paid license fees based on the number of devices monitored in the Axonius Platform. The Axonius Platform fee includes:

SaaS hosting.
One or more of Axonius Cyber Assets, Software Assets, SaaS Apps, Exposures, and Identities.
Either Axonius Standard or Premium support.

Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:

The composite organization pays $775,000 annually, which includes SaaS hosting, features like Enforcement Center, and Axonius Platform Standard Support.
Pricing may vary. Contact Axonius for additional details.

Risks. This cost may vary among organizations depending on:

The number of assets discovered in Axonius.
The number of Axonius products purchased.
Any negotiated discounts.

Results. This cost yields a three-year total PV (discounted at 10%) of $1.9 million.

For , Axonius fees may have a three-year, risk-adjusted total PV of .

The following table shows custom results for .

Axonius Fees

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
G1	Axonius fees	AxoniusAxonius		$775,000 $775,000	$775,000 $775,000	$775,000 $775,000
Gt	Axonius fees	G1	$0 $0	$775,000 $775,000	$775,000 $775,000	$775,000 $775,000
Three-year total: $2,325,000 $2,325,000			Three-year present value: $1,927,310 $1,927,310

Implementation And Ongoing Fees

Evidence and data. Interviewees explained that initial implementation was a straightforward process for their organizations. Axonius support collaborated with their teams to connect their existing security tools to Axonius via adapters. On an ongoing basis, interviewees explained that their teams dedicated time to configuring new dashboards, introducing new users on the platform, and configuring additional adapters and new enforcements.

The CISO at the semiconductor manufacturing organization said: “It was around 5 hours per adapter. If the adapter was directly copied over from our POC, it took 30 minutes to get on it. Some of the new adapters took a little bit of time to correlate the data and do test checks.”
The lead attack surface management engineer at the transportation services said: “Before Axonius I was working with spreadsheets and file systems. I knew next to nothing about APIs. Onboarding was an easy on-ramp. I was able to go from zero to now acting as the Axonius expert here.”
The staff security engineer at the retail organization said, “There is nothing you can throw at our [Axonius] TAM [Technical Account Manager] that doesn’t get solved.”

“Even in the POC we started to show some value almost immediately.”

CISO, semiconductor manufacturing

Modeling and assumptions. For the financial analysis as applied to the composite organization, Forrester assumes:

Four SecOps resources are involved with initial configuration and ongoing management of Axonius.
The composite sets up 40 adapters during initial configuration. Each adapters takes 5 hours to configure for a total of 200 hours per SecOps professional.
The fully burdened hourly rate for a SecOps professional is $72.
Each SecOps professional dedicates 104 hours annually to ongoing management and configuration of Axonius.

Risks. The cost of this benefit may vary among organizations depending on:

The number of adapters configured.
The number of team members dedicated to configuration and optimization and their salaries.

Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $139,000.

For , Axonius fees may have a three-year, risk-adjusted total PV of .

The following table shows custom results for .

Implementation And Ongoing Management

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
H1	SecOps resources	CompositeComposite	44	44	44	44
H2	Hours dedicated to implementation per SecOps resource	InterviewsInterviews	200200
H3	Hours dedicated to ongoing management and configuration per SecOps resource	InterviewsTEI case study		104104	104104	104104
H4	Fully burdened hourly rate for a SecOps professional	CompositeTEI standard	$72 $72	$72 $72	$72 $72	$72 $72
Ht	Implementation and ongoing management	(H1H2H4)+(H1H3H4)	$57,600 $57,600	$29,952 $29,952	$29,952 $29,952	$29,952 $29,952
	Risk adjustment	↑5%
Htr	Implementation and ongoing management (risk-adjusted)		$60,480 $60,480	$31,450 $31,450	$31,450 $31,450	$31,450 $31,450
Three-year total: $154,829 $154,829			Three-year present value: $138,691 $138,691

Consolidated Three-Year, Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Total costs Total benefits Cumulative net benefits Initial Year 1 Year 2 Year 3

The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.

These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.

Cash Flow Analysis (Risk-Adjusted)

	Initial	Year 1	Year 2	Year 3	Total	Present Value
Total costs	($60,480)($60,480)	($806,450)($806,450)	($806,450)($806,450)	($806,450)($806,450)	($2,479,829)($2,479,829)	($2,066,001)($2,066,001)
Total benefits	$0 $0	$2,172,085$2,172,085	$2,077,585$2,077,585	$2,122,135$2,122,135	$6,371,804$6,371,804	$5,286,025$5,286,025
Net benefits	($60,480)($60,480)	$1,365,635$1,365,635	$1,271,135$1,271,135	$1,315,685$1,315,685	$3,891,975$3,891,975	$3,220,024$3,220,024
ROI						156%156%
Payback						<6<6

Appendix A: Total Economic Impact

Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.

Total Economic Impact Approach

Benefits represent the value the solution delivers to the business. The TEI methodology places equal weight on the measure of benefits and costs, allowing for a full examination of the solution’s effect on the entire organization.
Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”

PRESENT VALUE (PV)

The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
NET PRESENT VALUE (NPV)

The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
RETURN ON INVESTMENT (ROI)

A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
DISCOUNT RATE

The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
PAYBACK PERIOD

The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.

The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.

Appendix B: Supplemental Material

Related Forrester Research

Predictions 2025: Cybersecurity, Risk, And Privacy, Forrester Research, Inc., Oct 1, 2024.

Plan Your Critical Vulnerability Response, Forrester Research, Inc., October 17, 2024.

Appendix C: Endnotes

¹ Source: The Three Principles Of Proactive Security, Forrester Research, Inc., May 1, 2024.

² Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.

³ Source: The Attack Surface Management Solutions Landscape, Forrester Research, Inc., May 16, 2024.

⁴ Source: The Attack Surface Management Solutions Landscape, Forrester Research, Inc., May 16, 2024.

⁵ Source: The Four Steps For More Proactive Security, Forrester Research, Inc., May 1, 2024.

⁶ Ibid.

⁷ Source: Forrester’s Security Survey, 2024. Base: 641 Security decision-makers with network, data center, app security, or security operations responsibilities at companies with $1B+ in annual revenue. Forrester annually assesses cybersecurity metrics through interviews, surveys, and expertise in the field. Analyses are provided with information rooted with specific datasets most accurately applied to the situations that have been collected in the study.

⁸ Source: Forrester’s Security Survey, 2024. Base: 606 Security decision-makers with network, data center, app security, or security ops responsibilities at companies with $1B+ in annual revenue. Forrester annually assesses cybersecurity metrics through interviews, surveys, and expertise in the field. Analyses are provided with information rooted with specific datasets most accurately applied to the situations that have been collected in the study.

⁹ Source: Forrester’s Security Survey, 2024. Base: 1,542 Security decision-makers who have experienced a breach in the past 12 months. Forrester annually assesses cybersecurity metrics through interviews, surveys, and expertise in the field. Analyses are provided with information rooted with specific datasets most accurately applied to the situations that have been collected in the study.

¹⁰ Source: Build The Business Case For Cyber Risk Quantification, Forrester Research, Inc., May 31, 2024.

ABOUT FORRESTER CONSULTING

Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.

© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.

Cookie Settings

This website uses cookies to deliver functionality and enhance your experience. GDPR requires that we obtain your consent before activating these cookies. Please accept the use of cookies or review your cookie settings now.

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.

Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.

Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.

Please see our Privacy Policy for more information.

Customize These Results

Customize These Results

Executive Summary

Registration Required To Continue

Key Findings

Table Of Contents

Key Statistics

156%156%

$5.3M$5.3M

$3.2M$3.2M

6 months6 months months

Benefits (Three-Year)

TEI Framework And Methodology

Due Diligence

Interviews

Composite Organization

Financial Model Framework

Case Study

Disclosures

The Axonius Customer Journey

Drivers leading to the Axonius investment

Interviews

Key Challenges

Investment Objectives

Composite Organization

Key Assumptions

Analysis Of Benefits

Quantified benefit data as applied to the composite

Total Benefits

Enhanced Attack Surface Visibility

Enhanced Attack Surface Visibility

Accelerated Vulnerability Management Investigation

Accelerated Vulnerability Management Investigation

Accelerated Incident Response Investigation

Accelerated Incident Response Investigation

Automated Risk Management And Compliance Reporting

Automated Risk Management And Compliance Reporting

Improved Asset Investigation Workflows

Improved Asset Investigation Workflows

Reduced Risk Of A Security Breach

Reduced Risk Of A Security Breach

Unquantified Benefits

Interview Spotlight

Axonius SaaS Apps

Flexibility

Analysis Of Costs

Quantified cost data as applied to the composite

Total Costs

Axonius Fees

Axonius Fees

Implementation And Ongoing Fees

Implementation And Ongoing Management

Financial Summary

Consolidated Three-Year, Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Cash Flow Analysis (Risk-Adjusted)

Appendixes

Appendix A: Total Economic Impact

Total Economic Impact Approach

PRESENT VALUE (PV)

NET PRESENT VALUE (NPV)

RETURN ON INVESTMENT (ROI)

DISCOUNT RATE

PAYBACK PERIOD

Appendix B: Supplemental Material

Appendix C: Endnotes

ABOUT FORRESTER CONSULTING