The total business impact of Sumo Logic Cloud SIEM

We enable our customers to monitor, troubleshoot and resolve operational issues and security threats to their cloud or hybrid environments with our machine data analytics suite. Our users already know that Sumo Logic can help them dramatically improve the security and economy of their organization.

We wanted to give credible proof to those who are not yet familiar with our tool, so we commissioned Forrester Consulting to conduct their Total Economic Impact (TEI) study, which examines the potential return-on-investment enterprises may realize by deploying our solution. TEI provides a framework to evaluate the potential financial impact of Sumo Logic’s solution for their organizations.

Methodology

The research was based on interviews with enterprises organizations who have been using Sumo Logic for several years for their security operations for your modern application, multicloud, and hybrid architecture.

The report prepared by Forrester looks at a number of these companies in concert, examining their financial data over a period of three consecutive years.

The companies interviewed by Forrester provide a wide range of B2B and B2C services and are housed using either cloud or hybrid architecture. They represent the following industries such as ecommerce, supply chain, and technology sectors.

Forrester also looked at a number of use cases, which included:

• identifying operations issues and security threats
• conducting root-cause analysis and investigation
• automating incident response
• gaining visibility into system health
• discovering business insights about tools and users

It’s important to note that before deploying Sumo Logic Cloud SIEM, these companies used monitoring tools without log and machine data aggregation and analytics.

Key findings

Looking specifically at security use cases, Forrester found the following:

#1 Reduction of security threats by 81%

Sumo Logic helped reduce the time of vulnerability to security threats by as much as 81%, thanks to faster identification and resolution. According to The Ponemon Institute, the average breach costs $7.35M in 2017. Our solution helps reduce the hours of vulnerability and avoid over $300k in financial risk!

#2 Incident response time reduced to only 30 minutes

This applies to detected threats that required manual intervention. As much as 25% of threats were resolved automatically, saving an average of two hours per threat! Overall, SecOps teams identified and resolved security threats significantly faster, enabling organizations to recapture almost $645k in productivity.

#3 Improved detection and response

With Sumo Logic Cloud SIEM, 90% of minor issues were repaired in only five minutes! The other 10% were automatically identified and resolved. Our solution also helped save time and energy for security teams: critical issues that previously required four hours could be repaired in only 30 minutes by a six-person team. This means that the overall productivity of DevOps members allowed the recapture of some $1.4M for minor issues and a further $1.1M for critical issues.

The economic impact

Let’s take a closer look at six of the most pertinent security challenges and how Sumo Logic helped improve their overall security landscape within the organizations examined.

Reduction of labor to resolve minor issues

Almost a quarter of all the benefits that Sumo Logic brings to an organization are about reducing the number of hours required to resolve minor incidents. The companies examined took a phased approach to rolling out Sumo Logic, first deploying it within 20 applications in Year 1, followed by 50 in Year 2 and 100 in Year 3. Key highlights include:

• The solution was used to automate identification and response for 10% of issues, cutting off about 45 minutes of manual labor per issue.

• For the remaining 90% of minor incidents, Sumo Logic reduced the response time to just five minutes per issue.

• These savings resulted in a total reduction of 310 hours of labor to resolve minor issues per application, per year.

Reduction of labor to resolve critical issues

This amounts to 18% of the total benefits stemming from the deployment of Sumo Logic. We’d like to highlight that:

• Incident response time was slashed to only 30 minutes, from an average of four hours in the case of a six-person team.
• Organizations were able to recapture 50% of time savings as productivity.

Reduction of labor to resolve potential security threats

The four organizations interviewed by Forrester were conservatively estimated to collectively face about 10,000 security threats per year. It took them an average of two hours to eliminate the threat.

Reducing the number of hours to resolve potential security threats constituted 10% of the total benefits of Sumo Logic Cloud SIEM. The following were observed:

• With automated response protocols, the need for manual intervention from security response teams was reduced by 25%.
• This means that by the third year in operation, SIEM helped save 5,000 labor hours.
• The remaining 75% of issues were addressed within 30 minutes, saving about 1.5 hours per issue.
• This translates to 11,250 labor hours saved in the third year in operation.
• Companies also recaptured 50% of time savings as productivity.

Reduction of financial risk of security breaches

Forrester estimates the likelihood for a US-based company to fall victim to a breach within a year is 6%, at a cost of $441k.

The four organizations examined by Forrester were conservatively estimated to face about 10,000 threats per year (collectively), or 20,000 hours of vulnerability, as the average incident response time was about two hours before Sumo Logic was deployed.

After companies acquired Sumo Logic, they observed:

• The total hours required to resolve security threats were significantly reduced by 41% in the second year post deployment, and 81% in the third year after deployment.
• This can be translated to $181K in risk avoided in the second year and some $357K in the third year.

Reduction of labor to comply with internal audits

The four organizations under investigation conducted approximately one internal audit per month. With Sumo Logic, that number was reduced by 75% in the third year of operation, thanks to demonstrated improved monitoring capabilities as well as detection and incident response times. In addition:

• The time required to gather data on compliance was reduced to just two hours and could be performed by one employee. Originally, this task had to be performed by two full-time employees during a full business day.
• This time further decreased to only 30 minutes required in the third year.
• The organizations were able to recapture 50% of the saved labor hours for other productive tasks.

Cost avoidance of an alternative log aggregation solution

Every interviewed customer admitted they required alternative tools to undergo log analysis prior to the deployment of Sumo Logic. The alternative log aggregation solutions did perform all the required tasks, but they could not scale and required significant administration effort to keep them functioning. By adopting Sumo Logic, customers were able to eliminate their on-premises open source tool deployments along with their reallocated system administration tasks. What’s more:

• Organizations saved a total of $10K during the first year because they no longer needed an open source log analytics tool and could therefore eliminate several servers.
• Organizations were further able to reallocate to other systems administration functions the headcount required to keep the log analytics solution running.

Conclusions

Sumo Logic Cloud SIEM adds a number of security benefits to any organization that help dramatically improve operational efficiency.

Sumo Logic can help reduce threats by as much as 81% and enables critical issue response within 30 minutes.

Investing in our solution will bring significant financial benefits and quick payback, depending on the nature and scale of your business.