SECURITY

What’s Your Automation ROI?

Splunk By Splunk May 04, 2017

One of the key benefits to automation is increased efficiency—you get more done with fewer resources and in a shorter amount of time. Another way to increase your efficiency is by having native abilities to track, measure, calculate, and report the benefits of the automation tool.  Often times with automation, we trust the work was done but it can be hard to verify or quantify the returns. ROI analysis, if performed at all, is done manually through log analysis and complex spreadsheets.  We want to take the lead in quantifying returns and help you easily understand the time savings, dollar savings, and true resource expansion associated with security automation and orchestration. After all, automation is awesome, but there is an added level of satisfaction when you know, with certainty, the technical and business impact that the solution is providing.

Key Metrics

Some key metrics that are often used to calculate the ROI on an automation platform are:

  1. Time Saved
  2. Full Time Equivalents (FTEs) Gained
  3. Dollars Saved

Time Saved

Every task, action, decision, or other operation takes time when done manually.  Simple things like gathering reputation data takes time, let alone analyzing that data.  Every time the automation platform executes an action for the SOC, time is saved.  After running several thousands of actions in a day, a common benchmark in many automated SOCs, the time savings begin to add up quickly.

 

2.1-Dashboard-ROI-Metric-Time-SavedTime Saved Widget in Phantom 2.1 Dashboard

 

FTEs Gained

There’s a finite, known amount of time in everyone’s day.  Because of this, we can use the Time Saved metric and quickly calculate and present the FTE operational equivalent that the automation platform provides.  This is particularly gratifying for the SOC team, as it quantifies how the processing capacity of the team has expanded.  For example, a team of five analysts in a SOC can achieve the operational impact of 25 or 50 analysts.  

 

2.1-Dashboard-ROI-Metric-FTE-GainedFull-Time-Equivalents Gained Widet in Phantom 2.1 Dashboard

 

Dollars Saved

One of the core goals of calculating ROI – how much money did the system save the organization?  This is the question that anyone responsible for a budget in an organization wants answered.  Using information such as Time Saved or FTEs Gained combined with an hourly rate or annual salary, the dollar-based ROI can be calculated and reported on.

 

2.1-Dashboard-ROI-Metric-Dollars-SavedDollars Saved Widget in Phantom 2.1 Dashboard

 

Calculating Your Automation ROI

Tracking these metrics helps the SOC demonstrate and prove the efficiency of the platform, as well as support your buying criteria and decision making. They also serve as an important feedback mechanism in a scenario where the ROI is less than desirable.  In such a scenario, you may begin to evaluate other repetitive tasks done by analysts that are ripe for automation and draft playbooks for those tasks, activate the playbook, and measure the ROI increase.  Whether validating a decision already made or gaining feedback on improving SOC efficiency, ROI reporting is a critical attribute of the automation platform that requires monitoring.  

Automation ROI Metrics Made Easy

In the latest Phantom platform, these metrics are available on the main dashboard and in the executive report.  Variables that are used to calculate the ROI can be tuned to fit the organization.  The ROI stats also can be calculated over variable periods of time such as over a day, week, month, or year.  

 

 

 

2.1-Dashboard-ROI-Metrics

 

 

 

With built-in ROI tracking in the Phantom 2.1 release, we encourage users to leverage this valuable reporting tool to demonstrate the value of security automation and orchestration. We’d also love to hear from you. Please provide feedback, via the Feedback mechanism in the Phantom Community site on other ROI metrics you find valuable.  

Next Steps

We have a white paper available on this topic. Visit the Splunk resource section of Splunk.com and download the paper to learn:

  • How to compute a realistic ROI in your environment
  • Considerations for computing ROI in burst activity situations
  • Use cases that are ideal to demonstrate strong ROI

Register and Download the White Paper here.

----------------------------------------------------
Thanks!
Chris Simmons

----------------------------------------------------
Thanks!
Chris Simmons

Splunk
Posted by

Splunk

TAGS
Orchestration & Automation (SOAR)
Show All Tags
Show Less Tags