If Gartner says it's 60 euros per hour for an engineer to do an investigation on a threat, we are saving thousands of hours per FTE per year, because we can run a query and find all these results within seconds. We can block it within minutes, immediately reducing the mean time to detect and mean time to response from 270 average days to 270 seconds. 

On the licensing side, it has good pricing. On the ecosystem side, we don't need to go with the niche player and pay them a lot higher than Cisco is charging us. So in these two or three segments, we are saving costs. But in terms of ROI, for three years we never got ransomware. Even a single incident can cost us millions. We are a wholesale industry from B2B, so we pick from the factories, deliver a route to the businesses, and if we don't deliver, they will not have masks to wear during Corona. We are critical for the supply chain, and that definitely would cost us millions.

So far, Cisco has saved all these costs in business disruptions, the restore cost, and then it has the lowest price possible on the security ecosystem. All these factors have enabled us to have a great ROI from the Cisco ecosystem.

We have seen return on our investment with this tool. The amount of stuff that it detects and blocks has been very valuable.

We have indeed seen a return on investment for the Cisco Secure solution we have implemented. We've seen the benefits in terms of earning money, but also in terms of extending our services and turnover in many cases.

I don't have the details, but I would say the solution gives us an ROI.

We do not measure that on a product basis. We have a growth rate with a company that lies between 15% to 30% each year in our services and profits. It definitely adds to that as well. It's year-on-year, so we're doing quite well, and it's partly because of Cisco.

I talked to a lot of customers and a lot of them get a good return on investment with Secure Endpoint. They're limited in the capacity of the manpower that they have in those resources, and Secure Endpoint allows them to do those integrations and not just deal with alert fatigue. It provides valuable information that they can make good actual decisions on.

Certainly, from a protection standpoint, we have seen ROI. It's doing what we want it to do and it's protecting us and the clients who have it installed. Neither they nor we have been compromised and that's the greatest testament of all.

Because I was able to get on top of our ransomware attack fairly quickly, I was able to restore stuff from backups. Disruption is time, and we are a time-based business. We have done the numbers. If we had 100 technical people at X amount of dollars per hour charge-out rate, then that gives us an hourly cost as a very rudimentary way of working out hourly cost. Therefore, if we're down for half a day, or even a day, then we can very quickly work out how many dollars we will lose every time we get taken down by an this type of attack.

We haven't paid any ransoms because we didn't need to and we wouldn't do that. However, the other side of that is the downtime, assessing the damage, fixing it up, and then all the subsequent tidying up that goes on afterward, which can go on for a while. It would probably be a couple of days of lost productivity, which is not a huge amount in terms of time, but dollar-wise for a small to medium-businesses, it can be quite substantial in a month.

We haven't had to spend time dealing with too many threats. That time is minimized in terms of how much we need to spend.

The solution has decreased our time to remediate. We do a lot of stuff automatically, but we can manually go in and apply remediation straightaway on devices at a device and policy level. We can apply this throughout the business, which is what we want. If we see a threat at some particular level, we can make a decision to go in straightaway and tackle that threat through manual intervention because you can't blindly put your faith into something and expect it to do everything for you. You have to manage it and be proactive at all times. However, the amount of time spent doing the manual intervention is minimized.

It's keeping things quiet, so that's a very good return.

We've seen ROI, absolutely, in more efficient use of my team's time.

We get more value out of our portfolio. We have pretty much seen ROI. When the endpoint service is well connected devices, it covers many important key features,

AMP is worth the money. In recent years, we have spent less time/money and require lesser  human resources for task completion. On the higher level, this has saved the firm the need to hire more security engineers to manage the application, reducing overhead cost.

A discrepancy with  the number of assets per license should be reviewed to apply based on preference or number of endpoints versus ranges.

Compared to other competitors, there's a significant price difference, although different applications tend to focus more on different cybersecurity functionality

It is kind of hard to say what would have happened if you didn't have it. We've got a very stable environment, and it seems to be doing its job. So, I assume we're getting a return on investment.

We have seen ROI, but it's hard to calculate that return on investment in terms of actual dollars because it's more man-hours. Time spent on other projects is possible because of the optimization and performance that we have by utilizing AMP.

AMP for Endpoints simplifies endpoint protection, detection, and response workflows. It continues to decrease the man-hours needed to perform tasks, such as threat hunting and incident response.

It has decreased time to detection by 95 percent. A lot of the time, prior to having AMP, even with our traditional AV protection, we weren't aware of any type of malicious activity until it had an impact on the organization.

We had a 97 percent reduction in time to remediation, because it's almost instantaneous. In the 18 months that we've had AMP, there has not been malicious activity on an endpoint that we weren't able to resolve immediately.

In our organization, Orbital definitely does save time. Anything that we can do in our organization to save time is crucial, as we have a small IT staff. Therefore, we really need to find force multipliers.

For each incident which occurs, whether it's an exploit prevention or malware detected, Orbital is saving us five to eight hours per incident. In one week, it could save eight hours, and then another week, it could save 32 hours. It just depends on the malicious activity for any given week.

We have not seen an ROI.

We have absolutely seen ROI. The way that it is starting to integrate and work with all the other Cisco products, as far as the ease of use, visibility, and being able to respond to incidents. We can know if something bad is potentially happening instantaneously and prevent it from happening. We can go to a device and isolate it before it infects other devices. In our environment, that's millions of dollars saved in a matter of seconds.

The solution has made our team more effective and productive.

The solution has decreased our time to detection because we are getting alerts letting us know that something needs to be looked at. Now that it's integrating with all these other tools, it's automatically submitting files for analysis to determine whether they are dangerous. Up until about two months ago, I would get a bunch of alerts about certain files. For example, I used to get alerts about a machine having a file, then I'd have to fetch the file and submit it for analysis. That stuff is happening automatically now. So, I went from about 100 or so odd alerts a week to around five because everything is now happening on its own.

We are estimating 5 to 10 percent staff productivity increases.

I personally have not seen an ROI.

Time to response is a lot faster. With every incident, at least six to 10 man-hours are saved because the damage has been reduced significantly. Additionally, if I have to work on file restore for six hours, for those six hours, my IT users cannot work on that application. This does not even take into account lost productivity of hundreds of users waiting to get access to the data again who also have to wait for six to 10 hours.

The visibility has increased a lot because all the heavy work is being done in the cloud. Therefore, we see a lower CPU and memory footprint on the endpoints. All the connectors on the endpoints send your information to the cloud where it is being analyzed, then it just gets the information back. There is not a lot of heavy stuff going on with the endpoint compared with the previous solution where you had a lot of work being done on the endpoint. Thus, you're taking away CPU cycles and memory from the applications you wanted to run there.

Our technicians are doing more meaningful tasks. They can just do their threat hunting and incident response without having to find tools that can do the things already built into AMP and Threat Response.

This solution has helped increase staff productivity, e.g., if you get 1000 emails a day and 95 percent of those are garbage, then the savings that you receive from going through those emails is immense.

We have seen a measurable decrease in the mean time to detect or respond to threats by 90 percent, blocking a vast majority of threats. 

We have seen ROI with this solution.