The Total Economic Impact™ Of Microsoft Sentinel

Cost Savings And Business Benefits Enabled By Microsoft Sentinel

A Forrester Total Economic Impact™ Study Commissioned By Microsoft, December 2023

Switch between the study data and your organization’s custom data below. Answering the questions on the Custom Data tab will allow you to customize the analysis and estimate the potential impact of using Microsoft Sentinel at your organization.

Study Data Custom Data

Study Data

Company name

How many employees does your organization have?

How many logs do you estimate that your organization currently ingest daily? (in gigabytes, Gb)

How many new connections/integrations does your company build annually?

How many employees are on your security operations center (SOC) team?

How many employees are on your infrastructure and SIEM management team?

What are your annual estimated hardware and storage costs for on-premises infrastructure related to your current SIEM?

Please select your country

Your Organization

Company name

How many employees does your organization have?

How many logs do you estimate that your organization currently ingest daily? (in gigabytes, Gb)

How many new connectors/integrations does your company build annually?

How many employees are on your security operations center (SOC) team?

How many employees are on your infrastructure and SIEM management team?

What are your annual estimated hardware and storage costs for on-premises infrastructure related to your current SIEM?

Please select your country

The evolving landscape of cybersecurity threats and the increasing sophistication of malicious actors have created a pressing need for organizations to enhance their threat detection and response capabilities. Organizations need to efficiently collect, correlate, and analyze security data from various sources to identify and mitigate security incidents, which safeguards their digital assets and maintains operational continuity.

Microsoft Sentinel is an intelligent, comprehensive security information and event management (SIEM) solution for proactive threat detection, investigation, and response. As a cloud-based solution, Microsoft Sentinel enables organizations to eliminate extraneous security infrastructure and operational costs while scaling to meet organizational demands.

Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Microsoft Sentinel.¹ The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Microsoft Sentinel on their organizations.

To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four representatives with experience using Microsoft Sentinel. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization.

Prior to using Microsoft Sentinel, these interviewees noted how their organizations relied on legacy on-premises SIEM solutions. The prior solutions were expensive, required specialized staff, and failed to meet evolving security and compliance needs.

After the investment in Microsoft Sentinel, the interviewees saw a reduced total cost of ownership (TCO), strengthened their security profile, and recognized productivity improvements for security and support teams for their organizations.

Return on investment (ROI)

234%234%

Net present value (NPV)

$7.9M$7.9M

Key Findings

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:

Cost savings from discontinuing the legacy SIEM solution that reduce TCO by 44%. Compared to the legacy, on-premises SIEM solution, Microsoft Sentinel was less expensive when measured by per-GB data ingestion and licensing costs. Additionally, the composite organization avoids capital investments required for storing logs on-premises. Over three years, the composite’s SIEM cost savings are worth $5.1 million.

For , discontinuing the legacy SIEM solution might total over three years.

Increases in efficiency from the reduction of false positives by up to 79% and reduction of labor effort for advanced, multitouch investigations by 85%. Microsoft Sentinel’s AI-driven correlation engine and behavior-based analytics improves mean time to respond (MTTR) by reducing the number of false positives and the effort associated with advanced investigations. Microsoft Sentinel’s intuitive platform and prebuilt playbook enables junior analysts to level up their work, which allows senior analysts to focus on higher-priority tasks. Over three years, security operations center (SOC) efficiency improvements are worth $1.5 million to the composite organization.

For , increases in efficiency from the reduction of false positives and reduction of labor effort for advanced, multitouch investigations might total over three years.

Reductions in management efforts that result in the redeployment of 50% of infrastructure services professionals and 16% of legacy SIEM specialists. With Microsoft Sentinel’s cloud-native platform, the composite organization reallocates resources away from servicing on-premises infrastructure and towards other value-adding initiatives. Automatic updates, an intuitive and centralized platform, and a reduction in planning and maintenance mean reduced labor demands when compared to legacy on-premises SIEMs. Over three years, reduced management effort is valued at $1.1 million.

For , reductions in management efforts that result in the redeployment of infrastructure services professionals and legacy SIEM specialists might total over three years.

Reductions in time to configure and deploy new connections by 93%. Microsoft Sentinel comes with prebuilt SIEM content and out-of-the box functionality, reducing the need for time-consuming customer integration work. Reduced configuration time is valued at $618,000 over the three-year analysis.

For , reductions in time to configure and new connection deployments might total over three years.

Reduced the likelihood of a data breach by 35%. Microsoft Sentinel provides the composite organization with an easily scalable, cloud-based solution that enables better visibility into its risk profile. With faster MTTR, the organization can reduce the impact of cyber threats. Over three years, the reduced likelihood of a breach is worth $2.8 million.

For , reduced likelihood of a data breach might total over three years.

Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:

Reduced compliance costs. Interviewees reported that using Microsoft Sentinel allowed them to automate the collection and analysis of security data, which streamlined compliance reporting. Some interviewees noted that without Microsoft Sentinel, their organization would have worked with external consultants to meet their compliance requirements.
Ease of use. Interviewees shared that Microsoft Sentinel’s user-friendly interface enabled their organizations to hire security staff without highly specialized expertise. Because Microsoft Sentinel automated many complex processes, security professionals with more general IT knowledge could effectively use the platform to detect and respond to threats. In turn, this enabled organizations to staff their security teams quickly and in a cost-effective manner.

Costs. Three-year, risk-adjusted PV costs for the composite organization include:

Flexible, consumption-based pricing that costs $2.9 million over three years. The composite organization can scale up its data ingestion much faster with Microsoft Sentinel and have greater control over costs, which results in a 44% reduction in TCO over legacy solutions. The pricing for the composite organization is based on daily ingestion rates of 500 to 1,500 GB.

For , flexible, consumption-based pricing might total over three years.

Deployment costs that include a deployment team and professional services totaling $424,000. These costs include an eight-person deployment team working four months to deploy and configure Microsoft Sentinel alongside professional services.

For , deployment costs that include a deployment team and professional services might total over three years.

Training costs for existing staff and new hires totaling $45,000. This includes average training costs of $2,000 per security professional, including professional services, materials, and productivity loss.

For , training costs for existing staff and new hires might total over three years.

The representative interviews and financial analysis found that a composite organization experiences benefits of $11.2 million over three years versus costs of $3.4 million, adding up to a net present value (NPV) of $7.9 million and an ROI of 234%.

might experience benefits of over three years versus costs of , adding up to an NPV of and an ROI of 0%.

TCO reduction

44%44%

“Every analyst says that Microsoft Sentinel is really intuitive and much easier to navigate around the screen and to do deep dives into the telemetry behind the alert. My personal view from anecdotal experience talking to my analysts is that they all find Microsoft Sentinel much easier to get to grips with and much easier to use on a day-to-day basis.”

Head of SOC, government

Key Statistics

Return on investment (ROI)

234%234%

Benefits PV

$11.2 million$11.2 million

Net present value (NPV)

$7.9 million$7.9 million

Payback

<6<6 months

Benefits (Three-Year)

Cost savings from legacy SIEM for licensing, storage, and infrastructure SOC team efficiency gains Management efficiencies Reduced time to deploy and configure with Microsoft Sentinel Avoided and reduced impacts of security breach

TEI Framework And Methodology

From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Microsoft Sentinel.

The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Microsoft Sentinel can have on an organization.

Due Diligence

Interviewed Microsoft stakeholders and Forrester analysts to gather data relative to Microsoft Sentinel.
Interviews

Interviewed four representatives at organizations using Microsoft Sentinel to obtain data about costs, benefits, and risks.
Composite Organization

Designed a composite organization based on characteristics of the interviewees’ organizations.
Financial Model Framework

Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Case Study

Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.

Disclosures

Readers should be aware of the following:

This study is commissioned by Microsoft and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Microsoft Sentinel.

Microsoft reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

Microsoft provided the customer names for the interviews but did not participate in the interviews.

Consulting Team:

Sam Conway

Matt Dunham

Drivers leading to the Microsoft Sentinel investment

Interviews

Role	Industry	Region	Revenue	Daily Ingest
CISCO	Financial services	US	$6.5 billion	13 TB
Head of SOC	Government	UK	N/A	365 GB
IT director	Healthcare	US	$50 million	120 GB
CISO	Healthcare	US	$1.5 billion	500 GB

Key Challenges

Prior to their investment in Microsoft Sentinel, the interviewees’ organizations relied on legacy on-premises SIEM solutions. The interviewees noted how their organizations struggled with common challenges, including:

Expensive and inflexible legacy solutions. Interviewees said their organizations experienced high costs as they attempted to scale their SIEM solutions. Being on-premises meant existing infrastructure and the large capital investments required to meet growing rates of data ingestion limited deployments. The CISO at a financial services firm stated: "With the old solution, it was fighting tooth and nail just to be able to create the headroom to get the data in. Now we don't have to focus on that part of the problem. We can just focus on how we use the data."
Needed to meet compliance in highly regulated industries. The interviewees noted that their organizations' legacy solutions either lacked some capabilities or otherwise made it difficult to meet compliance standards within their industries. The IT director at a healthcare firm stated: "The evaluation criteria [for Microsoft Sentinel] was built on what our particular pain points were. The very first thing we started off with was compliance. Where do we stand from a compliance standpoint? Are we checking off the boxes for HIPAA, ISO [International Organization for Standardization], and SOC 2?"
Difficulty finding specialized skills for legacy solutions. Interviewees noted that their organizations' legacy solutions required more expensive and hard-to-find SOC analysts because they required specialized skills for usage. The head of SOC for a government agency explained: "We were struggling to recruit [legacy solution] trained specialists and I think Microsoft Sentinel was deemed to be an easier [option] for an SOC manned by apprentices and junior grades. It was a much easier tool for them to understand."
Limited visibility and performance issues. Interviewees noted that legacy solutions did not provide the full visibility their organizations' teams needed, and they experienced some outages and performance issues. The head of SOC for a government agency stated: "Endpoint and laptops weren't being monitored by [our legacy solution] in the past. So it was a major change for us to get endpoint telemetry into [Microsoft] Defender and then into Microsoft Sentinel so we could actually see what our users are doing. We've improved and matured our protective monitoring.

Concerning outages, the CISO for a financial services firm detailed: “[Our legacy solution] was going down five, six times a month. I think we’ve had one major Microsoft Sentinel outage, and it wasn’t even Microsoft Sentinel, it was like Azure Active Directory had a problem and we couldn’t log in. Our data was still flowing. It’s infinitely easier to maintain than the on-prem [legacy solution].”

“The reason we have Microsoft Sentinel is because of its proactive predictive abilities. It is able to respond to threats faster than a human can. We actually were able to stop significant threats that hit other organizations and keep our organization running. Microsoft Sentinel was one of the tools in our Microsoft tool bag that really kept us running as an organization. It kept our operations running.”

CISO, healthcare

Composite Organization

Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the four interviewees, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:

Description of composite. The composite organization is based in the United States with global operations. The composite organization operates in a highly regulated industry with billions of dollars in annual revenue and 10,000 employees. The organization’s SOC team is comprised of 15 full-time employees, while six people make up its infrastructure and SIEM maintenance team. As a large organization, it ingests around 500 GB of data each day in Year 1, scaling to 1 TB per day in Year 2 and 1.5 TB per day in Year 3

Deployment characteristics. The composite organization starts with a proof of concept (POC) to test Microsoft Sentinel against its legacy solution. After a successful trial, the organization begins deployment with a team of eight FTEs who spend four months of their time working with the help of contracted professional services to get Microsoft Sentinel up and running. The organization has a team of two FTEs dedicated to annual enhancements and adds 40 new connections each year. As part of a highly regulated industry, the organization retains logs for 12 months.

Key Assumptions

Highly regulated
Global operations
10,000 employees
Ingests 500 GB per day in Year 1
Switching from legacy on-premises solution

For : 0 employees Ingests 0 GB per day in Year 1

Quantified benefit data as applied to the composite

Total Benefits

Ref.	Benefit	Year 1	Year 2	Year 3	Total	Present Value
Atr	Cost savings from legacy SIEM for licensing, storage, and infrastructure	$1,320,025$1,320,025	$2,117,550 $2,117,550	$2,915,075 $2,915,075	$6,352,650 $6,352,650	$5,140,203 $5,140,203
Btr	SOC team efficiency gains	$506,107 $506,107	$614,510 $614,510	$727,772 $727,772	$1,848,389 $1,848,389	$1,514,742 $1,514,742
Ctr	Management efficiencies	$457,083 $457,083	$457,083 $457,083	$457,083 $457,083	$1,371,249 $1,371,249	$1,136,698 $1,136,698
Dtr	Reduced time to deploy and configure with Microsoft Sentinel	$248,608 $248,608	$248,608 $248,608	$248,608 $248,608	$745,823 $745,823	$618,251 $618,251
Etr	Avoided and reduced impacts of security breach	$1,060,416 $1,060,416	$1,136,298 $1,136,298	$1,218,318 $1,218,318	$3,415,032 $3,415,032	$2,818,444 $2,818,444
	Total benefits (risk-adjusted)	$3,592,238 $3,592,238	$4,574,049 $4,574,049	$5,566,856 $5,566,856	$13,733,143 $13,733,143	$11,228,338 $11,228,338

Cost Savings From Legacy SIEM For Licensing, Storage, And Infrastructure

Evidence and data. The interviewees’ organizations eliminated their legacy SIEM solutions, which reduced licensing costs for log ingestion and storage. Furthermore, moving to a cloud-based system meant the organizations no longer needed to store their log data on-premises and invest in costly infrastructure.

The CISO of a financial services firm stated: "The costs were astronomical with [the legacy solution] in terms of hardware. Now I've got this clean dashboard where I can look at direct consumption all the time. I don't have to upgrade servers anymore."
The head of SOC for a government agency explained: "We're ingesting more than we ever thought we would and we're probably doing it more cheaply than [we would with] some of the other tools. Our costs are growing, but they would have grown with whichever solution we went with. It's fair to say we have saved a lot because a lot of our new applications are hosted within Azure."
The CISO of a healthcare firm detailed, "When we decommissioned [the legacy solution], we had some costs that came back to us because we didn't need all the hardware that we had."

Modeling and assumptions. For the composite organization, Forrester assumes:

The composite ingests security logs at a rate of 500 GB per day in Year 1. This scales to 1 TB per day in Year 2 and 1.5 TB per day in Year 3.

ingests security logs at a rate of 0 GB per day in Year 1. This scales to 0 GB per day in Year 2 and 0 GB per day in Year 3.

The composite organization removes all SIEM-related infrastructure from its on-premises environment. This includes servers, storage, forwarders, indexers and search heads, and costs associated with disaster recovery (DR) and licensing.
For DR purposes, the composite retains redundant security logs for 12 months. This doubles the amount of storage needed compared to ingestion.
Log ingestion costs in composite organization's legacy solution were $2.20 per GB per day. Its storage costs were $1.20 per TB per day.
Operating expenses cost 10% of capitalized infrastructure costs.

Risks. Organizations may experience results that differ from those presented in the financial model due to:

Volume of logs ingested.
Cost of legacy SIEM licensing and on-premises storage requirements.
Cost and size of on-premises infrastructure related to legacy SIEM.

Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $5.1 million.

For , this benefit might have a three-year, risk-adjusted PV of .

Cost Savings From Legacy SIEM For Licensing, Storage, And Infrastructure

Ref.	Metric	Source	Year 1	Year 2	Year 3
A1	Logs ingested daily in GB	CompositeComposite	500 500	1,000 1,000	1,5001,500
A2	Log ingestion costs in the legacy solution	Composite	$401,500 $401,500	$803,000 $803,000	$1,204,500 $1,204,500
A3	Storage costs in the legacy solution	Composite	$438,000 $438,000	$876,000 $876,000	$1,314,000 $1,314,000
A4	Subtotal: Avoided legacy SIEM vendor costs	A2+A3	$839,500 $839,500	$1,679,000 $1,679,000	$2,518,500 $2,518,500
A5	Avoided hardware costs for on-premises infrastructure and storage related to legacy SIEM	CompositeComposite	$500,000 $500,000	$500,000 $500,000	$500,000 $500,000
A6	Avoided operating expenses for on-premises infrastructure (HVAC, power, etc.)	A5*10%	$50,000 $50,000	$50,000 $50,000	$50,000 $50,000
A7	Subtotal: Avoided hardware and operation costs for on-premises infrastructure	A5+A6	$550,000 $550,000	$550,000 $550,000	$550,000 $550,000
At	Cost savings from legacy SIEM for licensing, storage, and infrastructure	A4+A7	$1,389,500 $1,389,500	$2,229,000 $2,229,000	$3,068,500 $3,068,500
	Risk adjustment	↓5%
Atr	Cost savings from legacy SIEM for licensing, storage, and infrastructure (risk-adjusted)		$1,320,025 $1,320,025	$2,117,550 $2,117,550	$2,915,075 $2,915,075
Three-year total: $6,352,650 $6,352,650			Three-year present value: $5,140,203 $5,140,203

SOC Team Efficiency Gains

Evidence and data. Microsoft Sentinel’s AI-powered correlation engine and user behavior analytics gave SOC analysts at the interviewees’ organizations a prioritized view of the organization. It elevated high-priority threats and reduced false positives. Automation then enabled the SOC team to respond to these alerts rapidly with built-in orchestration of common tasks. As a result, interviewees noted a significant reduction in MTTR, with some seeing up to a 97% improvement.

The CISO of a financial services firm stated: "We have 157 automation rules right now. Each one of those rules is taking a mundane task off the plate of our analysts. We're talking significant time savings."
The IT director of a healthcare firm explained: "Analysts are not going in there to look for vulnerabilities actively and continuously. No, the system does that for them. At the end of the day, is it effective monitoring? Oh, 110% it is. Is it effective remediation? Yes, as long as we build these particular rules in the system."
The head of SOC for a government agency explained the continuous improvement in MTTR they had seen since the organization implemented Microsoft Sentinel and said, "We've gone from one to two days to half an hour on average."
The CISO of a healthcare firm stated: "When we get an alert that's significant, it probably takes no more than 15 minutes for us to respond. The beauty of what my engineer has done is that we've got a playbook for 95% to 98% of the issues. The activity and action is already being taken before my engineer even sees it."

Modeling and assumptions. For the composite organization, Forrester assumes:

The SOC team has 15 full-time employees with an average fully burdened salary of $94,500. The team grows by roughly 10% each year.

has a SOC team of 0 full-time employees.

SOC analysts previously spent 25% of their time with the legacy solution triaging false positives. Microsoft Sentinel's ML-enabled correlation engine and automation capabilities significantly reduce false positives and the effort spent on them. The number of false positives falls 60% in Year 1 and grows to 79% by Year 3.
SOC analysts previously spent 25% of their time doing advanced, multitouch investigations (including escalations) with the legacy solution. With Microsoft Sentinel's intuitive user interface and prebuilt playbooks and queries, SOC analysts can perform more advanced investigations on their own and faster.
The average salary for new hires falls by 10% due to the ability to hire more junior analysts with Microsoft Sentinel.

Risks Organizations may experience results that differ than those presented in the financial model due to:

Size and average salary of SOC team.
Average time SOC analysts spend on false positives and advanced investigations.
Maturity and capabilities of legacy SIEM solution.

Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV of $1.5 million.

For , this benefit might have a three-year, risk-adjusted PV of .

SOC Team Efficiency Gains

Ref.	Metric	Source	Year 1	Year 2	Year 3
B1	SOC team (FTE)	CompositeComposite	1515	1717	1919
B2	Time spent investigating false positives with the legacy solution	Composite	25%25%	25%25%	25%25%
B3	Reduced false positives with Microsoft Sentinel	Composite	60%60%	69%69%	79%79%
B4	Average fully burdened salary of an SOC analyst	$94,5001.35$94,5001.35	$94,500 $94,500	$94,500 $94,500	$94,500 $94,500
B5	Subtotal: Analyst efficiency from fewer false positives	B1B2B3*B4	$212,625 $212,625	$277,121 $277,121	$356,182 $356,182
B6	SOC analyst time dedicated to advanced/multitouch investigations with the legacy solution	Composite	25%25%	25%25%	25%25%
B7	Reduced labor effort for advanced/multitouch investigations - better correlations, searchability, dashboard info etc.	Composite	85%85%	85%85%	85%85%
B8	Subtotal: Analyst efficiency related to faster MTTR	B1B4B6*B7	$301,219 $301,219	$341,381 $341,381	$381,544 $381,544
B9	New analyst hires	B1*15%	22	33	33
B10	Reduced average salary for SOC analysts with Microsoft Sentinel	Composite	10%10%	10%10%	10%10%
B11	Subtotal: SOC analyst salary savings	B9B4B10	$18,900 $18,900	$28,350 $28,350	$28,350 $28,350
Bt	SOC team efficiency gains	B5+B8+B10	$532,744 $532,744	$646,853 $646,853	$766,076 $766,076
	Risk adjustment	↓5%
Btr	SOC team efficiency gains (risk-adjusted)		$506,107 $506,107	$614,510 $614,510	$727,772 $727,772
Three-year total: $1,848,389 $1,848,389			Three-year present value: $1,514,742 $1,514,742

Management Efficiencies

Evidence and data. Microsoft Sentinel’s cloud-based SIEM reduced the size and complexity of the on-premises infrastructure for the interviewees’ organizations, which eliminated both planning and maintenance efforts associated with the legacy SIEM deployment. Interviewees highlighted that management teams spent less time on maintenance and spent more time adding value to the business.

The CISO of a financial services firm stated: "In the raw maintenance of the SIEM, it's pretty hands off. When there is an issue, we open up a case with Microsoft and they assume the burden of trying to fix the issue. I don't have to maintain staff for that anymore."
The CISO of a healthcare firm explained, "I can build what I need as I need it and I don't need five FTEs to manage it."

Modeling and assumptions. For the composite organization, Forrester assumes:

A team of six employees was previously responsible for managing and maintaining the on-premises SIEM infrastructure.

has a team of 0 full-time employees responsible for managing and maintaining the on-premises SIEM infrastructure.

There were three FTEs previously responsible for activities including the management of data connections, indexers and search heads, forwarders, capacity planning, updates and patching, and any system troubleshooting. With Microsoft Sentinel, these FTEs were reallocated.
An additional FTE, about 16% of the team, who specializes in the legacy solution is reallocated and can move off maintenance. They help fine-tune and improve Microsoft Sentinel SIEM performance.
The FTEs were paid an average fully burdened salary of $121,500 per year.

Risks. Organizations may experience results that differ than those presented in the financial model due to:

Scope of legacy deployment and size of management team.
The speed at which the organization deploys Microsoft Sentinel and retires its legacy solution.
Average salary for IT management team.

Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV of $1.1 million.

For , this benefit might have a three-year, risk-adjusted PV of .

Management Efficiencies

Ref.	Metric	Source	Year 1	Year 2	Year 3
C1	FTE on infrastructure and SIEM management team	CompositeComposite	66	66	66
C2	Reallocated infrastructure services professionals from no longer doing on-prem maintenance	Composite	50%50%	50%50%	50%50%
C3	Reallocated legacy solution specialist	Composite	16%16%	16%16%	16%16%
C4	Average salary on the management team	$90,0001.35$90,0001.35	$121,500 $121,500	$121,500 $121,500	$121,500 $121,500
Ct	Management efficiencies	((C1C2)+(C1C3 ))*C4	$481,140 $481,140	$481,140 $481,140	$481,140 $481,140
	Risk adjustment	↓5%
Ctr	Management efficiencies (risk-adjusted)		$457,083 $457,083	$457,083 $457,083	$457,083 $457,083
Three-year total: $1,371,249 $1,371,249			Three-year present value: $1,136,698 $1,136,698

“When Microsoft Sentinel came out through Microsoft, we took a look at it. It had absolutely everything that we needed, and I have a very proactive predictive strategy within my environment where I hate being reactive. … If we wait until we have something happen, we’ve already lost. Microsoft Sentinel has given us that ability.”

CISO, healthcare

Reduced Time To Deploy And Configure With Microsoft Sentinel

Evidence and data. Microsoft Sentinel’s prebuilt playbooks, queries, automation, and other SIEM tools gave the interviewees’ organizations a head start in deployment and fine-tuning. Simplified data connections and integrations with many non-Microsoft systems reduced the time and effort involved with ingesting new data sources and allowed the organizations to cover more of their networks faster and with predictable monthly costs.

The CISO of a financial services firm stated: "Microsoft Sentinel has got all these really great integrations with the entire productivity suite of Microsoft. I think that differentiates it from some of the other platforms, [especially] if you're using Microsoft productivity solutions like Teams. Nowadays, someone can pick up Microsoft Sentinel and they have a full suite of connectors that they can just select, follow the guidance for, and integrate. It opened up a gateway to integrate with our data science work that we're doing at the firm as well, which is fantastic. It was very easy for our security operations center to customize the tool specifically those use cases."
The CISO of a healthcare firm stated: "[Microsoft Sentinel] integrates with everything. We probably have about 70 core systems, patient applications, obviously, infrastructure applications, things like that. It integrates with all of it. A lot of the other tools you have to pay for the integration. [Our previous solution] would have taken us six months to get [an integration] in. With Microsoft Sentinel, it takes us like five days because Microsoft does the legwork behind the scenes to build the integrations, build the connectors, do all that stuff, and they just provide it."

Modeling and assumptions. For the composite organization, Forrester assumes:

The composite organization builds 40 new connectors for integration annually.
With the legacy solution, the composite organization required an average of 120 FTE hours to build and deploy a new connector. Microsoft Sentinel reduces this to 8 hours, a 93% cut in time.
The average fully burdened salary on the management team conducting this work is $121,500.

Risks. Organizations may experience results that differ than those presented in the financial model due to:

Size, complexity, and specific requirements of the SIEM deployment.
Size and cost of deployment team.
Number of data source connections.

Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV of $618,000.

For , this benefit might have a three-year, risk-adjusted PV of .

Reduced Time To Deploy And Configure With Microsoft Sentinel

Ref.	Metric	Source	Year 1	Year 2	Year 3
D1	New connectors/integrations per year	CompositeComposite	4040	4040	4040
D2	Hours to develop and deploy new connectors on legacy solution	Composite	120120	120120	120120
D3	Hours to set up connector on Microsoft Sentinel	Composite	88	88	88
D4	Time savings for configuration and deployment of integrations/connectors	D1*(D2-D3)	4,4804,480	4,4804,480	4,4804,480
D5	Average salary of the management team	C5	$121,500 $121,500	$121,500 $121,500	$121,500 $121,500
Dt	Reduced time to deploy and configure with Microsoft Sentinel	D4*(D5/2080)	$261,692 $261,692	$261,692 $261,692	$261,692 $261,692
	Risk adjustment	↓5%
Dtr	Reduced time to deploy and configure with Microsoft Sentinel (risk-adjusted)		$248,608 $248,608	$248,608 $248,608	$248,608 $248,608
Three-year total: $745,823 $745,823			Three-year present value: $618,251 $618,251

Avoided And Reduced Impacts Of Security Breaches

Evidence and data. Microsoft Sentinel provided interviewees’ organizations with improved network coverage and visibility through easy connections to more data sources, free ingestion for some Microsoft logs, and flexible and predictable monthly pricing. This gave the organizations a better understanding of their risk profile and allowed them to prevent incidents. Microsoft Sentinel enabled organizations to adopt a proactive security strategy, and its robust capabilities allowed analysts to react faster and limit the costs of a successful attack. Interviewees noted that with Microsoft Sentinel they felt more secure and better prepared to defend against attacks than with their legacy solutions.

The CISO of a financial services firm stated: "Well, our regulators certainly seem to think [our security has] improved. They love what we're doing. We don't get issued findings on it anymore. The results of penetration tests have been much better. We've gone from days to hours in terms of dwell time and detection time. The logic apps have saved us a tremendous amount of time."
The head of SOC for a government agency explained: "The impact of cyberattacks can only be minimized by early detection. It seemed to all like Microsoft Sentinel [was] optimizing [our] chances of early detection by using cutting-edge technology."
The CISO of a healthcare firm stated: "Microsoft Sentinel gives us that early detection [and says]: 'Hey, something doesn't feel right. Something doesn't look right.' Then my team jumps into the Defender to say, 'Okay, something is going wrong.' Now we can respond before it gets too big. [When it comes to a lot] of the ransomware stuff, I think that we probably would not have been able to defend against it without Microsoft Sentinel and the integration with Defender."

Modeling and assumptions. For the composite organization, Forrester assumes:

The average cost of a security breach is estimated to be $62 per employee. The estimated annual amount of security breaches for a firm of this size is 3.2 times per year. ²
The composite organization has 10,000 employees in Year 1, with headcount growing at 5% annually.
In the event of a breach, 25% of employees would be impacted with 3.6 hours of productivity lost per event. ³ The average hourly wage for business users is $48.

Risks. Organizations may experience results that differ than those presented in the financial model due to:

Size, industry, and geography of organization.
Average employee salaries.
Maturity and capabilities of the legacy SIEM solution.

Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV of $2.8 million.

For , this benefit might have a three-year, risk-adjusted PV of .

Avoided And Reduced Impacts Of Security Breaches

Ref.	Metric	Source	Year 1	Year 2	Year 3
E1	Estimated cost of single security breach, excluding productivity	Forrester research, CompositeForrester research, Composite	3.2$620,000	3.2$651,000	3.2$683,550
E2	Estimated annual security breaches	Forrester research	3.23.2	3.23.2	3.23.2
E3	Reduced likelihood of a breach due to improved visibility, threat hunting capabilities, and response times	Interviews	35%35%	35%35%	35%35%
E4	Subtotal: Value of avoided breaches due to Microsoft Sentinel	E1E2E3	$694,400 $694,400	$729,120 $729,120	$765,576 $765,576
E5	Number of internal employees	Composite, 5% growth YoY	10,00010,000	10,50010,500	11,02511,025
E6	Average hourly salary for business users	Benchmarks, 5% growth YoY	$48 $48	$50 $50	$53 $53
E7	Diminished/lost user productivity during breach (hours)	Forrester survey	3.63.6	3.63.6	3.63.6
E8	Percentage of employees impacted per breach	Composite	25%25%	25%25%	25%25%
E9	Avoided lost internal productivity due to Sentinel reducing risk	(E2E3)(E5E6E7*E8)	$483,840 $483,840	$533,434 $533,434	$588,111 $588,111
Et	Avoided and reduced impacts of security breach		$1,178,240 $1,178,240	$1,262,554 $1,262,554	$1,353,687 $1,353,687
	Risk adjustment	↓10%
Etr	Avoided and reduced impacts of security breach (risk-adjusted)		$1,060,416 $1,060,416	$1,136,298 $1,136,298	$1,218,318 $1,218,318
Three-year total: $3,415,032 $3,415,032			Three-year present value: $2,818,444 $2,818,444

Unquantified Benefits

Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:

Reduced compliance costs. Microsoft Sentinel enabled the automation of security data collection and analysis and facilitated real-time compliance monitoring for interviewees' organizations. With Microsoft Sentinel, organizations could identify and address compliance concerns promptly, which reduced the risk of penalties and audit-related expenses. Some interviewees shared that their organization would have had to rely on expensive third-party consultants to meet their compliance requirements without Microsoft Sentinel. The CISO of a healthcare firm stated: "[Microsoft Sentinel] is really giving us the insight to do [compliance tasks] ourselves so we do not have to get consultants. … We're much more independent." The CISO went on to say that their organization would spend approximately $500,000 per year on compliance consultants prior to Microsoft Sentinel.
Ease of use. Interviewees highlighted that Microsoft Sentinel's user-friendly interface made hiring security and IT staff a simpler process. Their organizations did not have to rely on security staff with highly specialized expertise. The head of SOC for a government agency shared that their organization was struggling to recruit security professionals with experience specific to their previous solution but stated that Microsoft Sentinel allowed them to rely on more junior security professionals. The interviewee stated: "Being able to put junior staff in front of Microsoft Sentinel was a compelling case. … It's not as daunting as [our previous solution]."

Flexibility

The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Microsoft Sentinel and later realize additional uses and business opportunities, including:

Additional compliance cost savings from using log tiering. Customers can employ log tiering with Microsoft Sentinel to reduce their compliance costs by optimizing the storage and retention of security logs. By configuring log tiering policies, organizations can automatically move less critical logs to cold storage tiers, which cost less, while retaining more critical data in higher-performance storage options. This allows customers to meet their compliance requirements while lowering their overall storage expenses. The CISO of a healthcare firm described the early benefits their organization saw from using log tiering: "When you log tier, it helps with evaluation of those logs and helps with understanding what you have to go after first. So, it's a huge savings."
Reduced costs from federated search capabilities. Several interviewees reported that their organizations were planning to begin using Microsoft Sentinel's federated search capabilities to reduce their egress costs. With federated search, customers can access and analyze security data from various sources directly within Microsoft Sentinel's platform, reducing the need for data replication and transfers. By minimizing data egress, customers can lower their network bandwidth and storage costs and optimize their cloud expenditure.

Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).

Quantified cost data as applied to the composite

Total Costs

Ref.	Cost	Initial	Year 1	Year 2	Year 3	Total	Present Value
Ftr	Microsoft Sentinel costs	$0$0	$607,257$607,257	$1,196,874$1,196,874	$1,795,311$1,795,311	$3,599,442$3,599,442	$2,890,048$2,890,048
Gtr	Deployment costs	$392,700 $392,700	$12,758 $12,758	$12,758 $12,758	$12,758 $12,758	$430,973 $430,973	$424,426 $424,426
Htr	Training costs	$31,500 $31,500	$4,200 $4,200	$6,300 $6,300	$6,300 $6,300	$48,300 $48,300	$45,258 $45,258
	Total costs (risk-adjusted)	$0 $0	$607,257 $607,257	$1,196,874 $1,196,874	$1,795,311 $1,795,311	$3,599,442 $3,599,442	$2,890,048 $2,890,048

Microsoft Sentinel Costs

Evidence and data. With Microsoft Sentinel, interviewees’ organizations had predictable monthly costs and flexible pricing options, and they no longer needed to deal with capacity restrictions and scaling challenges. Organizations could leverage Microsoft’s flexible pricing to minimize monthly costs. Additionally, with no on-premises hardware or locked-in contracts, they could shift SIEM costs from capex to opex.

Modeling and assumptions. Organizations may experience results that differ from those presented in the financial model due to:

It ingests 500 GB per day in Year 1, then scales to 1 TB per day in Year 2 and 1.5 TB per day in Year 3.

ingests security logs at a rate of 0 GB per day in Year 1. This scales to 0 GB per day in Year 2 and 0 GB per day in Year 3.

It must store all logs for 12 months.
Forrester calculated pricing by using Microsoft Sentinel's price calculator for the US East region.
Ingestion for Office 365 audit logs, Azure activity logs, and alerts from Microsoft Threat Protection solutions (all of which typically represents about 2% of total log volume) are free with Microsoft Sentinel.

Risks. The third section details the potential risks that can impact the cost. These can be both qualitative and quantitative. State the risks in bullet form. Refer to Best Practices.

Amount of data ingested and length of retention.
Region where logs are ingested and stored.

Results. To account for these risks, Forrester adjusted this cost upward by 0%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.9 million.

For , this cost might have a three-year, risk-adjusted PV of .

Microsoft Sentinel Costs

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
F1	Daily logs ingested in GB	A1	0	500 500	1,0001,000	1,5001,500
F2	Microsoft Sentinel costs	Composite	0	$607,257 $607,257	$1,196,874 $1,196,874	$1,795,311 $1,795,311
F3	Cost to ingest Microsoft logs (Azure activities, Office 365, Microsoft security alerts, etc.)	Composite	0	$0 $0	$0 $0	$0 $0
Ft	Microsoft Sentinel costs	F2	$0 $0	$607,257 $607,257	$1,196,874 $1,196,874	$1,795,311 $1,795,311
	Risk adjustment	0%
Ftr	Microsoft Sentinel costs (risk-adjusted)		$0 $0	$607,257 $607,257	$1,196,874 $1,196,874	$1,795,311 $1,795,311
Three-year total: $3,599,442 $3,599,442			Three-year present value: $2,890,048 $2,890,048

Deployment Costs

Evidence and data. Deploying Microsoft Sentinel was faster and easier for the interviewees’ organizations than deploying their legacy SIEM solutions. With Microsoft Sentinel’s prebuilt playbook, queries, data connections, and free ingestion for some Microsoft logs (Office 365 audit logs, Azure activity logs, and alerts from Microsoft Threat Protection solutions), organizations could start using Microsoft Sentinel with minimal effort for free and scale up from there.

Modeling and assumptions. This section explains how the modeling is done.

A team of eight FTEs spends four months deploying and configuring Microsoft Sentinel. That includes establishing connections to all applications and hardware, automating some false positives, and deploying playbooks and other SIEM content to assist SOC analysts.
The organization allocates $50,000 in professional services in the initial period to ensure a smooth transition to Microsoft Sentinel from the on-premises legacy solution.
Once deployed, two FTEs spend 5% of their time per year managing and maintaining the platform.

Risks. Organizations may experience results that differ from those presented in the financial model due to:

Size and complexity of legacy SIEM solution.
Types of data connections needed to fully deploy Microsoft Sentinel.
How much help is needed from professional services to successfully transfer from the legacy SIEM to Microsoft Sentinel.

Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV of $424,000.

For , this cost might have a three-year, risk-adjusted PV of .

“It took us about five years to get to be a six terabyte on-prem customer [with our previous solution]. It took us two months to set up Microsoft Sentinel and another two months to be at data-ingestion parity. It was insane."

CISO, financial services

Deployment Costs

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
G1	Professional services	Composite	$50,000$50,000	0	0	0
G2	FTEs on the deployment team	Composite	88	0	0	0
G3	Months to deploy	Composite	44	0	0	0
G4	FTEs on the enhancement team	Composite	0	2.02.0	2.02.0	2.02.0
G5	Time spent on new data connections and enhancements	Composite	0	5%5%	5%5%	5%5%
G6	Management team fully burdened salary	C5	$121,500 $121,500	$121,500 $121,500	$121,500 $121,500	$121,500 $121,500
Gt	Deployment costs	G1+(G2G6/12G3)+(G4G5G6)	$374,000 $374,000	$12,150 $12,150	$12,150 $12,150	$12,150 $12,150
	Risk adjustment	↑5%
Gtr	Deployment costs (risk-adjusted)		$392,700 $392,700	$12,758 $12,758	$12,758 $12,758	$12,758 $12,758
Three-year total: $430,973 $430,973			Three-year present value: $424,426 $424,426

Training Costs

Evidence and data. Interviewees highlighted that Microsoft Sentinel was more intuitive and easier to train staff on than prior solutions. Their organizations devoted limited resources in onboarding existing staff and new hires, with the total investment being less than that for older on-premises solutions.

Modeling and assumptions. For the composite organization, Forrester assumes:

The organization trains all of its existing SOC team during the initial deployment of Microsoft Sentinel. New hires are also trained as they join the team. There are 15 members of the SOC team in the initial period, and it trains two new members in Year 1 and three new members each in Year 2 and Year 3.
Costs associated with the training program total $2,000 per trainee. While Microsoft provides ample documentation and self-service courses, the organization invests in some professional services and third-party materials. Training costs are inclusive of these services, materials, and the productivity loss of analysts as they train.

Risks. Organizations may experience results that differ from those presented in the financial model due to the size of their team and existing skills.

Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV of $45,000.

For , this cost might have a three-year, risk-adjusted PV of .

Training Costs

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
H1	Initial staff trained	B1	15	0	0	0
H2	New hires trained	B9	0	22	33	33
H3	Training cost per person		$2,000 $2,000	$2,000 $2,000	$2,000 $2,000	$2,000 $2,000
Ht	Training costs	(H1+H2)*H3	$30,000 $30,000	$4,000 $4,000	$6,000 $6,000	$6,000 $6,000
	Risk adjustment	↑5%
Htr	Training costs (risk-adjusted)		$31,500 $31,500	$4,200 $4,200	$6,300 $6,300	$6,300 $6,300
Three-year total: $48,300 $48,300			Three-year present value: $45,258 $45,258

Consolidated Three-Year Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Total costs Total benefits Cumulative net benefits

The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.

These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.

Cash Flow Analysis (Risk-Adjusted)

	Initial	Year 1	Year 2	Year 3	Total	Present Value
Total costs	$424,200$424,200	$624,215$624,215	$1,215,932$1,215,932	$1,814,369 $1,814,369	$4,078,715 $4,078,715	$3,359,732 $3,359,732
Total benefits	$0 $0	$3,592,238 $3,592,238	$4,574,049 $4,574,049	$5,566,856 $5,566,856	$13,733,143 $13,733,143	$11,228,338 $11,228,338
Net benefits	($424,200)($424,200)	$2,968,024 $2,968,024	$3,358,117 $3,358,117	$3,752,487 $3,752,487	$9,654,428 $9,654,428	$7,868,606 $7,868,606
ROI						234%234%
Payback (months)						<6<6

Appendix A: Total Economic Impact

Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.

Total Economic Impact Approach

Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”

PRESENT VALUE (PV)

The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
NET PRESENT VALUE (NPV)

The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
RETURN ON INVESTMENT (ROI)

A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
DISCOUNT RATE

The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
PAYBACK PERIOD

The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.

The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.

Appendix B: Endnotes

¹ Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.

² Source: Forrester Consulting Cost Of A Cybersecurity Breach Survey, Q1 2021.

³ Source: Ibid

ABOUT FORRESTER CONSULTING

Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.

© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.

Cookie Settings

This website uses cookies to deliver functionality and enhance your experience. GDPR requires that we obtain your consent before activating these cookies. Please accept the use of cookies or review your cookie settings now.

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.

Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.

Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.

Please see our Privacy Policy for more information.

Customize These Results

Customize These Results

Executive Summary

Key Findings

Table Of Contents

Key Statistics

234%234%

$11.2 million$11.2 million

$7.9 million$7.9 million

<6<6 months

Benefits (Three-Year)

TEI Framework And Methodology

Due Diligence

Interviews

Composite Organization

Financial Model Framework

Case Study

Disclosures

The Microsoft Sentinel Customer Journey

Drivers leading to the Microsoft Sentinel investment

Interviews

Key Challenges

Composite Organization

Key Assumptions

Analysis Of Benefits

Quantified benefit data as applied to the composite

Total Benefits

Cost Savings From Legacy SIEM For Licensing, Storage, And Infrastructure

Cost Savings From Legacy SIEM For Licensing, Storage, And Infrastructure

SOC Team Efficiency Gains

SOC Team Efficiency Gains

Management Efficiencies

Management Efficiencies

Reduced Time To Deploy And Configure With Microsoft Sentinel

Reduced Time To Deploy And Configure With Microsoft Sentinel

Avoided And Reduced Impacts Of Security Breaches

Avoided And Reduced Impacts Of Security Breaches

Unquantified Benefits

Flexibility

Analysis Of Costs

Quantified cost data as applied to the composite

Total Costs

Microsoft Sentinel Costs

Microsoft Sentinel Costs

Deployment Costs

Deployment Costs

Training Costs

Training Costs

Financial Summary

Consolidated Three-Year Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Cash Flow Analysis (Risk-Adjusted)

Appendixes

Appendix A: Total Economic Impact

Total Economic Impact Approach

PRESENT VALUE (PV)

NET PRESENT VALUE (NPV)

RETURN ON INVESTMENT (ROI)

DISCOUNT RATE

PAYBACK PERIOD

Appendix B: Endnotes

ABOUT FORRESTER CONSULTING