A Forrester Total Economic ImpactTM Study Commissioned By Tanium, December 2023
Security and IT pros are struggling to keep pace with an expanding attack surface. Hybrid work, the rise of bring-your-own-device, rampant cloud adoption, and a continued interest in the internet of things (IoT) is making vulnerability and patch management more difficult than ever.1 Tanium aims to help organizations overcome this challenge through its XEM platform approach, which provides organizations with real-time visibility and control of their endpoint environment, while maintaining security controls and performance.
The Tanium XEM platform identifies, prioritizes, and remediates IT and security issues in real time from a single console. IT and security teams are enabled to control all endpoints in their environment through streamlined workflows, and increased efficiency, and reduced complexities through the displacement of multiple point solutions. Furthermore, organizations can track and reduce their endpoint risk over time, reclaim unused software assets, and reduce the likelihood of a breach or fine.
Tanium commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying the Tanium XEM Platform. The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Tanium XEM on their organizations.2
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed five customers with experience using Tanium XEM. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results of organizations ranging from 2,200 to 140,000 endpoints into a single composite organization, which has 40,000 employees and 48,000 endpoints.
Interviewees said that prior to using Tanium XEM, their organizations had multiple complex and decentralized solutions along with manual processes throughout their endpoint management workflows. However, prior attempts to manage their endpoint environment yielded limited success, restricting visibility into their endpoint environment and security vulnerabilities. These limitations led to high costs in software licensing and tools, overworked FTEs, security incidents or breaches, agent bloat that reduced device performance, and time-consuming data reconciliations across disjointed tools.
After deploying Tanium XEM, the interviewees were able to automate and centralize their endpoint management processes. Key results from the investment include software reclamation savings, endpoint management efficiency savings, risk mitigation cost avoidance, and tool consolidation savings.
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
The representative interviews and financial analysis found that the composite organization experiences benefits of $18.07 million over three years versus costs of $5.5 million, adding up to a net present value (NPV) of $12.57 million and an ROI of 228%.
Return on investment (ROI):
Benefits PV:
Net present value (NPV):
Payback:
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Tanium XEM.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Tanium XEM can have on an organization.
Interviewed Tanium XEM stakeholders and Forrester analysts to gather data relative to Tanium XEM.
Interviewed five representatives at organizations using Tanium XEM to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Readers should be aware of the following:
This study is commissioned by Tanium and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study and an ROI calculator powered by Forrester available through Tanium to determine the appropriateness of an investment in Tanium XEM.
Tanium reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Tanium provided the customer names for the interviews but did not participate in the interviews.
Consulting Team:
Nikoletta Stergiou
Adam Birnberg
Role | Industry | Region | Average annual revenue (USD) and number of employees | Number of endpoints |
---|---|---|---|---|
Head of enterprise IT and information technology | Retail | Headquartered in the UK, global operations | $6.8 billion | 17,000 |
Vice president | Banking | Headquartered in the US, global operations | $34.9 billion | 140,000 |
Cyber principal | Insurance | Headquartered in Canada, global operations | $12.4 billion | 75,000 to 80,000 |
Lead cyber security engineer | Insurance | Headquartered in the US | $35 billion | 40,000 |
Vice president and CISO of information technology | Healthcare | Headquartered in the US | $400 million | 2,200 |
Interviewees highlighted several challenges in their environment before Tanium, including limited visibility, manual processes, security and compliance vulnerabilities, and technical debt. Complex and decentralized legacy solutions limited endpoint visibility, posing challenges in enforcing consistent security measures and effectively managing endpoints across the organization’s network. This led to vulnerabilities, the potential for security breaches, and difficulties in troubleshooting. In some cases, interviewees noted their organization had manual endpoint management processes that were inefficient and time-consuming, as team members had to physically check and patch devices.
As a result of inefficient legacy solutions and processes, interviewees described poor cyber hygiene that left their organization exposed to potential security incidents and breaches — emphasizing the importance of effective endpoint management to reduce the likelihood of such breaches. For interviewees whose organizations were involved in M&A activity, technical debt hindered their adaptability and maintenance, leading to costly integrations and potential vulnerabilities.
The interviewees noted how their organizations struggled with common challenges, including:
Limited endpoint visibility. Interviewees highlighted limited endpoint visibility despite multiple solutions — this made it difficult to enforce consistent security measures and manage endpoints across the organization’s network effectively. Thus, their organizations were exposed to vulnerabilities, potential security breaches, and faced difficulties in troubleshooting and resolving issues. The lead cybersecurity engineer at an insurance company noted: “In our prior environment, there was a lack of EDR [endpoint detection and response] visibility in all the endpoints. Most server folks had no knowledge of what Tanium XEM was essentially doing, but here we are collecting data from endpoints and our security team was able to utilize that information from improved visibility.”
Furthermore, the cyber principal at an insurance company described the impact that decentralized solutions can have on a large organization, “Our company, like many global companies, suffers from a problem around specifically large amounts of distribution and different ways things are done in different countries, locales, and regions for our IT.”
The interviewees’ organizations searched for a solution that could:
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the five interviewees, and it is used to present the aggregate financial analysis in the next section. Other organizations may deploy Tanium XEM as a cloud-based solution and with other characteristics that may impact benefits and costs. The composite organization has the following characteristics:
Description of composite. The composite organization is headquartered in the United States and has global operations. It has 40,000 employees and 48,000 endpoints. On average, the composite has one acquisition per year.
Deployment characteristics. The composite organization seeks a solution for endpoint management and security to gain visibility, control, and protection over endpoints. It deploys Tanium XEM as an on-premises solution. The organization invests in the Core X1 tier which includes Tanium Core and the Asset, Discover, and Benchmark modules. It also chooses to add solutions including Endpoint Management (Provision, Patch, and Deploy modules), Risk & Compliance (Comply, Integrity Monitor, Reveal modules), and Incident Response (Threat Response and Impact modules).
Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|
Atr | Successful software reclamation | $1,944,000 | $1,944,000 | $1,944,000 | $5,832,000 | $4,834,440 |
Btr | Increased endpoint management efficiency | $224,640 | $449,280 | $673,920 | $1,347,840 | $1,081,850 |
Ctr | Reduced software vulnerabilities | $3,216,638 | $3,216,638 | $3,216,638 | $9,649,915 | $7,999,303 |
Dtr | Improved endpoint management and security tool consolidation | $1,406,250 | $1,687,500 | $1,968,750 | $5,062,500 | $4,152,188 |
Total benefits (risk-adjusted) | $6,791,528 | $7,297,418 | $7,803,308 | $21,892,255 | $18,067,781 |
Evidence and data. Interviewees described the impact that Tanium XEM had on software reclamation through the solution’s comprehensive visibility and control over endpoints. With Tanium XEM, interviewees could identify and assess unused, underutilized, and unauthorized software on endpoints, allowing for effective reclamation efforts. They noted how Tanium XEM’s endpoint management capabilities enabled their teams to remotely uninstall software, which ensured that licenses were efficiently reclaimed and reduced software costs.
Modeling and assumptions. Based on the customer interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $4.83 million.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
A1 | Number of endpoint devices | Composite | 48,000 | 48,000 | 48,000 | |
A2 | Percentage of endpoints with reclaimable software | Composite | 20% | 20% | 20% | |
A3 | Percentage of endpoints successfully reclaimed with Tanium | Interviews | 90% | 90% | 90% | |
A4 | Average reclamation value per endpoint | Composite | $250 | $250 | $250 | |
At | Successful software reclamation | A1*A2*A3*A4 | $2,160,000 | $2,160,000 | $2,160,000 | |
Risk adjustment | ↓10% | |||||
Atr | Successful software reclamation (risk-adjusted) | $1,944,000 | $1,944,000 | $1,944,000 | ||
Three-year total: $5,832,000 | Three-year present value: $4,834,440 |
Evidence and data. Interviewees described the impact of automation and real-time data with Tanium XEM to increase efficiencies across endpoint management. With Tanium XEM, they could save on hiring multiple FTEs dedicated toward endpoint management activities such as software deployment, patching, and security assessments.
Modeling and assumptions. Based on the customer interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $1.08 million.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
B1 | Number of endpoint management FTEs | Composite | 10 | 10 | 10 | |
B2 | Percentage of efficiency improvement with Tanium XEM | Interviews | 20% | 40% | 60% | |
B3 | Average fully burdened annual salary of an endpoint management FTE | Composite | $156,000 | $156,000 | $156,000 | |
B4 | Productivity recapture | Composite | 80% | 80% | 80% | |
Bt | Increased endpoint management efficiency | B1*B2*B3*B4 | $249,600 | $499,200 | $748,800 | |
Risk adjustment | ↓10% | |||||
Btr | Increased endpoint management efficiency (risk-adjusted) | $224,640 | $449,280 | $673,920 | ||
Three-year total: $1,347,840 | Three-year present value: $1,081,850 |
Evidence and data. Interviewees highlighted how Tanium XEM’s patch management and software deployment capabilities mitigated risk and improved their organization’s overall security posture by automating patch deployment, assessing vulnerabilities, and providing real-time data. Patch management included fixing underlying operating system vulnerabilities while software deployment capabilities fixed, installed, or removed third-party software. Interviewees described the effectiveness of patching with Tanium XEM, which ensured endpoints were protected with the latest patches. Ultimately, the improvement in OS and third-party software reduced the risk of potential security incidents and/or breaches.
Modeling and assumptions. Based on the customer interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $8 million.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | ||
---|---|---|---|---|---|---|---|
C1 | Cost of a security breach | Forrester research | $2,167,400 | $2,167,400 | $2,167,400 | ||
C2 | Annual frequency of security breaches | Forrester research | 3 | 3 | 3 | ||
C3 | Percentage of security breaches as a result of software vulnerabilities, use of weak or stolen credentials, and exploitation of lost/stolen assets | Forrester research | 60% | 60% | 60% | ||
C4 | Reduction in software vulnerabilities with Tanium XEM patching | Interviews | 97% | 97% | 97% | ||
Ct | Reduced software vulnerabilities | C1*C2*C3*C4 | $3,784,280 | $3,784,280 | $3,784,280 | ||
Risk adjustment | ↓15% | ||||||
Ctr | Reduced software vulnerabilities (risk-adjusted) | $3,216,638 | $3,216,638 | $3,216,638 | |||
Three-year total: $9,649,915 | Three-year present value: $7,999,303 |
Evidence and data. Interviewees described cost savings for their organization related to the consolidation of various security and endpoint management tools in their prior environment. With Tanium XEM, some tools were completely eliminated as a result of Tanium XEM’s comprehensive coverage in areas including asset management, compliance management, incident response, patch management, threat protection, and data discovery.
Modeling and assumptions. Based on the customer interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $4.15 million.
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
D1 | Number of legacy solutions | Composite | 5 | 5 | 5 | |
D2 | Average licensing cost per legacy solution | Composite | $625,000 | $625,000 | $625,000 | |
D3 | Percent of legacy solutions decommissioned with Tanium | Interviews | 50% | 60% | 70% | |
Dt | Improved endpoint management and security tool consolidation | D1*D2*D3 | $1,562,500 | $1,875,000 | $2,187,500 | |
Risk adjustment | ↓10% | |||||
Dtr | Improved endpoint management and security tool consolidation (risk-adjusted) | $1,406,250 | $1,687,500 | $1,968,750 | ||
Three-year total: $5,062,500 | Three-year present value: $4,152,188 |
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer can take advantage of additional Tanium XEM Use Cases and derive incremental business value, including:
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).
Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|---|
Etr | Licensing | $0 | $2,016,000 | $2,016,000 | $2,016,000 | $6,048,000 | $5,013,494 |
Ftr | Internal implementation and training | $61,050 | $0 | $0 | $0 | $61,050 | $61,050 |
Gtr | Internal ongoing management | $0 | $171,600 | $171,600 | $171,600 | $514,800 | $426,744 |
Total costs (risk-adjusted) | $61,050 | $2,187,600 | $2,187,600 | $2,187,600 | $6,623,850 | $5,501,288 |
Evidence and data. Tanium offers a range of packages which include a Core Tier and Solutions that can be added to provide additional functionality and capabilities. These packages cover areas such as asset management, compliance management, incident response, patch management, threat protection, and data discovery. Each package is designed to address specific IT and security challenges, allowing organizations to enhance their overall cybersecurity and endpoint management capabilities.
Modeling and assumptions. Based on the customer interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $5.01 million.
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
E1 | Number of endpoints | Composite | 0 | 48,000 | 48,000 | 48,000 | |
E2 | Cost per endpoint | Composite | $0 | $40 | $40 | $40 | |
Et | Licensing | E1*E2 | $0 | $1,920,000 | $1,920,000 | $1,920,000 | |
Risk adjustment | ↑5% | ||||||
Etr | Licensing (risk-adjusted) | $0 | $2,016,000 | $2,016,000 | $2,016,000 | ||
Three-year total: $6,048,000 | Three-year present value: $5,013,494 |
Evidence and data. Interviewees discussed internal implementation and training costs associated with Tanium XEM. Depending on the size of their organization, interviewees estimated deployment from under a month to several months with several FTEs dedicated toward the implementation as it was deployed as an on-premises solution. Interviewees also highlighted that training was subjective and up to users to dedicate time toward learning the Tanium XEM platform.
While some organizations deployed Tanium XEM on-prem, other organizations may deploy it as a cloud-based solution. This would reduce overall internal implementation, training, and ongoing support costs.
Modeling and assumptions. Based on the customer interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $61,000.
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
F1 | Number of endpoint management FTEs implementing Tanium | Composite | 2 | 0 | 0 | 0 | |
F2 | Number of hours spent on implementation | Composite | 250 | 0 | 0 | 0 | |
F3 | Average fully burdened hourly rate per FTE | Composite | $75 | $0 | $0 | $0 | |
F4 | Subtotal: Internal implementation | F1*F2*F3 | $37,500 | $0 | $0 | $0 | |
F5 | Number of Tanium users | Composite | 30 | 0 | 0 | 0 | |
F6 | Number of training hours | Composite | 8 | 0 | 0 | 0 | |
F7 | Subtotal: Internal training | F3*F5*F6 | $18,000 | $0 | $0 | $0 | |
Ft | Internal implementation and training | F4+F7 | $55,500 | $0 | $0 | $0 | |
Risk adjustment | ↑10% | ||||||
Ftr | Internal implementation and training (risk-adjusted) | $61,050 | $0 | $0 | $0 | ||
Three-year total: $61,050 | Three-year present value: $61,050 |
Evidence and data. Interviewees estimated their organization’s ongoing management of the Tanium platform to several FTEs. In some cases, FTEs dedicated partial time toward the ongoing management while larger organizations dedicated more time. The vice president and CISO of information technology described minimal ongoing management effort: “The beauty of Tanium XEM is that it’s not a solution you need to manage. I call those solutions pets. You must nourish and feed them, but Tanium XEM is a hunting bird, so you put in what you want it to go hunt and it reports back.”
Modeling and assumptions. Based on the customer interviews, Forrester assumes the following about the composite organization:
Risks. Forrester recognizes that these results may not be representative of all experiences and that results will vary depending on the following factors:
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $427,000.
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
G1 | Number of FTEs | Composite | 0 | 2 | 2 | 2 | |
G2 | Percentage of time spent on ongoing management of Tanium XEM | Composite | 0% | 50% | 50% | 50% | |
G3 | Average annual FTE fully burdened salary | Composite | $0 | $156,000 | $156,000 | $156,000 | |
Gt | Internal ongoing management | G1*G2*G3 | $0 | $156,000 | $156,000 | $156,000 | |
Risk adjustment | ↑10% | ||||||
Gtr | Internal ongoing management (risk-adjusted) | $0 | $171,600 | $171,600 | $171,600 | ||
Three-year total: $514,800 | Three-year present value: $426,744 |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
---|---|---|---|---|---|---|
Total costs | ($61,050) | ($2,187,600) | ($2,187,600) | ($2,187,600) | ($6,623,850) | ($5,501,288) |
Total benefits | $0 | $6,791,528 | $7,297,418 | $7,803,308 | $21,892,255 | $18,067,781 |
Net benefits | ($61,050) | $4,603,928 | $5,109,818 | $5,615,708 | $15,268,405 | $12,566,493 |
ROI | 228% | |||||
Payback period (months) | Less than 6 |
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
1 Source: “Assess Your Vulnerability Risk Response And Patch Management Maturity,” Forrester Research, Inc., July 10, 2023.
2 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
3 This cost is inclusive of average remediation and reporting labor costs, average costs of response and notification, fines, damages, compliance costs, customer compensation, average lost business revenues and additional costs to acquire customers, and end-user downtime as it relates to a security breach across the organization; Source: Forrester Consulting Cost Of A Security Breach Survey, Q4, 2020.
4 Source: Forrester’s Security Survey, 2022.
Cookie Preferences
Accept Cookies
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.
Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.
Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.
Please see our
Privacy Policy for more information.