One of the key benefits to automation is increased efficiency—you get more done with fewer resources and in a shorter amount of time. Another way to increase your efficiency is by having native abilities to track, measure, calculate, and report the benefits of the automation tool. Often times with automation, we trust the work was done but it can be hard to verify or quantify the returns. ROI analysis, if performed at all, is done manually through log analysis and complex spreadsheets. We want to take the lead in quantifying returns and help you easily understand the time savings, dollar savings, and true resource expansion associated with security automation and orchestration. After all, automation is awesome, but there is an added level of satisfaction when you know, with certainty, the technical and business impact that the solution is providing.
Some key metrics that are often used to calculate the ROI on an automation platform are:
- Time Saved
- Full Time Equivalents (FTEs) Gained
- Dollars Saved
Every task, action, decision, or other operation takes time when done manually. Simple things like gathering reputation data takes time, let alone analyzing that data. Every time the automation platform executes an action for the SOC, time is saved. After running several thousands of actions in a day, a common benchmark in many automated SOCs, the time savings begin to add up quickly.
There’s a finite, known amount of time in everyone’s day. Because of this, we can use the Time Saved metric and quickly calculate and present the FTE operational equivalent that the automation platform provides. This is particularly gratifying for the SOC team, as it quantifies how the processing capacity of the team has expanded. For example, a team of five analysts in a SOC can achieve the operational impact of 25 or 50 analysts.
One of the core goals of calculating ROI – how much money did the system save the organization? This is the question that anyone responsible for a budget in an organization wants answered. Using information such as Time Saved or FTEs Gained combined with an hourly rate or annual salary, the dollar-based ROI can be calculated and reported on.
Calculating Your Automation ROI
Tracking these metrics helps the SOC demonstrate and prove the efficiency of the platform, as well as support your buying criteria and decision making. They also serve as an important feedback mechanism in a scenario where the ROI is less than desirable. In such a scenario, you may begin to evaluate other repetitive tasks done by analysts that are ripe for automation and draft playbooks for those tasks, activate the playbook, and measure the ROI increase. Whether validating a decision already made or gaining feedback on improving SOC efficiency, ROI reporting is a critical attribute of the automation platform that requires monitoring.
Automation ROI Metrics Made Easy
In the latest Phantom platform, these metrics are available on the main dashboard and in the executive report. Variables that are used to calculate the ROI can be tuned to fit the organization. The ROI stats also can be calculated over variable periods of time such as over a day, week, month, or year.
With built-in ROI tracking in the Phantom 2.1 release, we encourage users to leverage this valuable reporting tool to demonstrate the value of security automation and orchestration. We’d also love to hear from you. Please provide feedback, via the Feedback mechanism in the Phantom Community site on other ROI metrics you find valuable.
We have a white paper available on this topic. Visit the Splunk resource section of Splunk.com and download the paper to learn:
- How to compute a realistic ROI in your environment
- Considerations for computing ROI in burst activity situations
- Use cases that are ideal to demonstrate strong ROI
Register and Download the White Paper here.