It saves us from hiring someone to do the same thing. IT is a cost center, so we don't make money. We spend it. But in terms of a return on investment, it's cheaper than hiring an employee and it's providing actionable results about threats like ransomware that could be costly if we don't catch them in time. That's a kind of savings, but it's theoretical. It's not something that was accrued. It's a potential for loss. I would say that there's a return in that sense. 

I don't have a hard number because there wasn't a pre-existing solution to compare it to. But to manage the logs the same way that Netsurion does, we would need someone working at least 40 hours a week. To hire someone at the SOC analyst level, you would have to pay an annual salary of between $70,000 to $100,000. However, paying a full-time analyst 40 hours a week still wouldn't give us 24/7 service like Netsurion.  

It enables us to devote our time to other projects that demand more of our attention. We are saving about an hour a day. 

The fact that I can walk away from this network and know that not only have I got a managed intrusion prevention system with another vendor who is looking at the edge of our network, but now I have a system which looks at the internal devices on our network. So, I have two sets of SOCs looking at what could go wrong. Between those two and our endpoint solution, I am much more comfortable thinking that if one thing misses it than another one will pick it up. So, they are part of that trifecta of products that I would expect to find a bad actor in my network. We have several other security components, but those three large products are really key to our comfort level, with being able to say, "I don't believe there is anything bad going on in my network today. If something bad did start happening, we would see it within a matter of hours, if not minutes."

We were very careful and slow to get into this world because it is fairly expensive, but I do not regret at all being there today. I just did a presentation for our board of directors on what we do for security. That was last night. I got quite a few questions from our board. One of the topics that we discussed was event management and logging. The question that came back to me was, "What else do you need to do in order to be more secure?" So, I felt that they understood what we had done and how we had done it. They were very supportive of any other features that we needed to take advantage of. Sometimes, it is just making sure that the people in management understand the risks and what is going on in the real world. That is how you sell it to them.

It has its value, especially when I can say that it's taken over what I was spending about 50 percent of my time on. Not only has it eliminated the need for me to spend time there, but I can put that time to use elsewhere. It's absolutely well worth it.

I'm not really the money guy or the budget guy, so I couldn't tell you from a dollars and cents standpoint, but return on investment just for my time alone over the last five years has been tremendous. I no longer spend that daily time - I don't want to say "wasted time" - but it used to take me a tremendous amount of time to sit there and try and play catch up on logs, looking for events and trying to track things on my own. That's been massive. That's been tremendous, not only for me but for the company. It's been well worth the money so I can put my time somewhere else.

Since it is a regulatory requirement for us, I don't even track ROI. That said, if I am saving one FTE a week, about 40 hours, if I had to pay somebody 40 hours a week, after a year, this more than covers that cost. In that sense, it's almost a 100% return on investment just for the dollars saved on labor.

The MITRE ATT&CK Framework has affected the time it takes for us to identify and understand sophisticated threats. It has definitely sped things up within the organization. There is just not the in-house expertise to deal with it, understand it, or communicate it to higher ups.

We don't have the eyeballs available to stare and watch for things, or even have the capability of building internal alert systems. So, the managed SOC has been huge for freeing up staff to work on other responsibilities. We are saving on at least one full-time employee. 

I would rate the SOC component of the solution as 10 out of 10. It is needed.

If we were to do this on our own, we would need at least one full-time person in a high salary range, so $80,000 to $150,000. That would be a security analyst at minimum. 

We feel that we're getting a real ROI. Between having the managed services and having the product on-premise, we feel like we're almost getting the managed services for free. They've given us a very good price.

Based on industry standards, it's saving me at least $25,000 to $30,000 a year.

We have been able to save at least one full FTE. The amount we would have to pay that FTE, including benefits, is way more than what we're paying EventTracker for the annual maintenance. It had a positive return on investment almost immediately for us.

In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money.

We have seen time and cost savings. It prevents us from having to hire specialized people for this type of work. We would need to hire six staff members to accommodate the same service.

Our ROI is $160,000 a year before overhead, then adding in the overhead of 30 to 40% with benefits and everything else, it's easily over $200,000 a year.

The value of a SIEM comes when you are able to detect something and avoid a problem. It is part of that larger "insurance policy"-type function. You never see a return on investment on an insurance policy until it comes time to use it. But we get value from it every day. Do I think that the investment in the product is giving us value for the dollars we're spending? Absolutely.

I look at it this way: If I need a truck to do my job every day, and my job is to haul two-by-fours back and forth between two job sites, do I need the Cadillac pickup truck or do I need the truck with the roll-up windows? They both do the job and they both do it really well, but the value is in the one that has the roll-up windows. It's doing what it's supposed to do. It's doing it well and it lets me retain dollars for other purposes. EventTracker is exactly that. It's giving me all of the features and functions that we need to do our jobs, and at a price point that's incredibly attractive. It allows me to save money and put money into other services to help reduce risk.

We have seen ROI in the fact that we had actionable intelligence within six months of deployment.

I haven't measured the ROI. We don't do normal budgets, as we are not that big of a company. We are mid-sized.

We have absolutely seen a return on our investment in EventTracker.

I don't know exact numbers on ROI, but in my mind it saves us a lot of time. I have six or seven reports that I can peruse through each day, quickly and efficiently, instead of having to go out and collect that data manually.

EventTracker has increased the productivity in our organization.