The Total Economic Impact™ Of Palo Alto Networks Network Security Solutions

Palo Alto Networks’ Network Security solutions provide the same level of protection against the latest form of threats for any users working from anywhere. Network Security includes: 1) Prisma Secure Access Service Edge (SASE), which provides security for all applications used by an organization, regardless of the location of the user; 2) Next-Generation Firewalls (NGFW), a variety of hardware and software firewall solutions that provide Zero Trust experience monitoring of both north-south and east-west traffic; and 3) Cloud-Delivered Security Services (CDSS), a set of solutions offering specialized security depending on different user cases and designed to defend against known, unknown, and advanced evasive threats.

Palo Alto Networks commissioned Forrester Consulting to conduct three Total Economic Impact™ (TEI) studies and examine the potential return on investment (ROI) enterprises may realize by deploying Palo Alto Networks’ Prisma SASE, NGFW, and CDSS.¹ The purpose of these studies is to provide readers with a framework to evaluate the potential financial impact of the various Network Security solutions on their organizations.

To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four representatives from four organizations with experience using Prisma SASE, six representatives from five organizations using NGFW, and four representatives from four organizations using CDSS. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization across the three separate studies that is a distributed enterprise with 50,000 employees, of who 33% are remote or hybrid, and $7 billion in annual revenue.

Prior to using the Network Security solutions, these interviewees noted how their organizations typically worked with inconsistent and incomplete security, poor user experiences due to how traffic was backhauled to data centers, and poor scalability as organizations increasingly adopted hybrid work and cloud services. Security environments were often monitored by a variety of point solutions that were individually effective yet did not integrate well together, so they failed to provide complete and cohesive coverage across the tech stack, leaving significant gaps and vulnerabilities.

Additionally, the lack of a unified platform and next-generation firewall capabilities left the organizations stuck in a cycle of devoting valuable resources to management, operations, and maintenance activities while work on new initiatives and enhancements fell by the wayside.

After the investment in the different Network Security solutions, the customers were able to realize various operational efficiencies across different activities, which significantly reduced investigational effort and freed up valuable resources to focus on enhancements and securing more of the network.

Key results from the investments for the interviewees included efficiency gains for IT, security, and network operations teams; business users; and in-store workers. Further, interviewees’ organizations benefitted from a reduced likelihood of a data breach, as well as reduced costs associated with licensing and managing legacy point-solution infrastructure.

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:

• Reduced the volume of security incidents requiring manual investigation by 25% to 60%, decreased mean time to resolution (MTTR) by 20%, and reduced number of endpoint devices requiring reimaging.
  • Prisma SASE: By moving to Prisma SASE, the composite organization is able to ease the load from members of the SecOps and NetOps team. This is a result of the managed service aspect of the solution as well as various activity automations that can be implemented in the process.
  • NGFW: The composite organization automates previously manual processes, defines better rules for alerts, and improves visibility into network traffic, which results in security and IT operations teams quickly identifying and responding to potential threats.
  • CDSS: The composite organization is able to track the performance and usage of the different implemented solutions across the organization in one place, further enhancing the SecOps and IT ops teams’ ability to quickly identify and respond to potential threats.
• Improved productivity of end users by 8% with better system availability and less intrusion to the network.
  • Prisma SASE: End users who are working remotely or outside the organization’s physical office site see productivity gains from having less disruptions caused by security activities and experience overall better system availability of their environment. This is a product of better integration and compatibility of the different Palo Alto Networks solutions as well as overall performance.
  • NGFW: Next-Generation Firewalls delivers a seamless working experience for end users regardless of location. End users saw time savings in remote logins, a reduction in security incidents causing business disruptions and downtime, and increased network availability and performance.
  • CDSS: As CDSS spans different use cases, end users whose work is related to them realize fewer disruptions caused by its security investigations as well as just overall improved environment system availability.
• Decreased likelihood of a data breach by 50% after three years.
  • Prisma SASE: By replacing multiple disconnected security solutions with a single integrated solution, Prisma SASE better fills previous security gaps that exist at the composite organization.
  • NGFW: The comprehensive and seamless support provided by Next-Generation Firewalls and other Palo Alto Networks solutions delivers comprehensive Zero Trust security for the entire composite organization. As a result, it carries less risk and is less likely to experience a costly breach, even as the volume and sophistication of threats continues to rise.
  • CDSS: The different tools that fall under CDSS provide a more secure environment for various activities and use cases across the composite organization, decreasing the likelihood of a significant data breach.
• Avoided and rationalized security infrastructure.
  • Prisma SASE: The composite organization is able to discontinue solutions related to providing remote access to remote, hybrid, or distributed workers. This includes remote access, secure gateway, or web proxy.
  • NGFW: The composite organization retires its legacy firewall solution, allowing for a less complex architecture of its cybersecurity environment.
  • CDSS: As CDSS spans multiple use cases, the majority of vendor consolidation benefit realized is related to CDSS, allowing the composite organization to consolidate its spending on security tech stack vendors.
• Reallocated roughly 50% full-time security professionals to higher-value initiatives due to management efficiencies from a common platform. Using Panorama, Palo Alto Networks’ common management solution, the composite organization realizes efficiencies for its employees who manage the different tools (Prisma SASE, NGFW, and the different CDSS). As a result, the composite organization can potentially repurpose certain employee time or even entire team members to other prioritized or higher-value work.

Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:

• Improved visibility in the security environment. With Palo Alto Networks monitoring and tracking various security activities and use cases across the organization, the composite organization realizes improved visibility to its security environment. In addition to the time savings and efficiencies related to this visibility, the composite organization also has more robust information to act on or react to, which allows it to further improve its situation when necessary.
• Better integration with tools and platforms in the security tech stack. The composite organization benefits from the fact that the many Palo Alto Networks’ solutions integrate better with one another across the different tools implemented in the environment. In addition to the productivity gain quantified above, this also gives peace of mind to the SecOps, IT ops, and NetOps teams. It positions the composite organization for further development of its security environment.
• Better employee experience. The combination of the increased visibility and better integration means that the composite organization improves the employee experience. All employees, whether part of the security organization or general end users, realize some sort of ease, comfort, and confidence that they are well protected from potential attacks and threats. In addition to the productivity boost quantified above, this can also potentially improve their attachment to the organization and the brand from the perspective of both internal and external stakeholders.

Costs. Three-year, risk-adjusted PV costs for the composite organization include:

• Installation and deployment costs. Time and labor are required to deploy and install the various components of the Palo Alto Networks solution throughout the composite organization.
• Training costs and ongoing management time investment. Palo Alto Networks requires less training than legacy solutions since the provided training was more effective and efficient. It allows employees to get up to speed faster and expand their skill sets. Once trained, the team spends some time maintaining and managing the system on an ongoing basis.
• Palo Alto Networks annual licensing costs.
  • Prisma SASE: The cost for Prisma SASE includes payment for Prisma Access, Prisma SD-WAN hardware appliance, and the subscription, all of which are impacted by the number of branches where it is installed.
  • NGFW: Firewall costs include initial hardware costs and ongoing subscription and services costs required for both hardware and software firewalls and Panorama. Software firewalls are billed by usage in a credits system.
  • CDSS: The composite organization is able to purchase hardware upfront and leverage three-year contract terms to add the CDSS, helping reduce the overall costs of NGFW; IPS/IDS; SWG; web proxy; VPN; Advanced URL Filtering; malware analysis (e.g., sandboxing); and DNS, SaaS application, and Enterprise IoT Security solutions. Combining this with services like Prisma Access allows the CDSS to be extended for branch offices or remote workers, and the composite organization can scale up and down based on usage and needs.

Financial Summary

Prisma SASE

The representative interviews and financial analysis found that a composite organization experiences benefits of $7.45 million over three years versus costs of $2.09 million, adding up to a net present value (NPV) of $5.36 million and an ROI of 257%.

NGFW

The representative interviews and financial analysis found that a composite organization experiences benefits of $14.11 million over three years versus costs of $4.29 million, adding up to a net present value (NPV) of $9.82 million and an ROI of 229%.

CDSS

The representative interviews and financial analysis found that a composite organization experiences benefits of $12.85 million over three years versus costs of $2.81 million, adding up to a net present value (NPV) of $10.04 million and an ROI of 357%.