“I’ve looked at a number of them. Falcon Complete is the most complete security model I’ve seen.“ — CISO, Building Products

What benefits are you seeing for your cybersecurity investments? Are they worth the costs?

It’s a challenging question to answer. Rarely does security result in hard dollars earned. Instead, value must be teased out in terms of what breaches didn’t happen, what money you didn’t have to spend, and the opportunity costs your organization didn’t incur.

Against this backdrop, the costs of cybersecurity are all too real. These include not only the obvious expenses for technology licenses, but also hidden costs, such as the staff needed to maintain and operate the technology, threat hunters to spot hidden attacks, and analysts to monitor and respond. Moving outward, there are costs of downtime for end users, and potential multi-million dollar expenses associated with responding to a critical breach. 

A commissioned study conducted by Forrester Consulting on behalf of CrowdStrike rises to the challenge. In this comprehensive study, titled “The Total Economic Impact™ of CrowdStrike Falcon® Complete,” Forrester peels back the layers and for the first time reveals the full costs and benefits of CrowdStrike’s market-defining approach to managed detection and response (MDR).

Forrester’s research showed that Falcon Complete™, CrowdStrike’s MDR solution, stopped breaches for CrowdStrike customers and delivered more than 400% return on investment (ROI), without any hidden costs. Let’s take a look at Forrester’s TEI methodology, and unpack these results.

“Falcon Complete is hands-down the best product I’ve ever seen. I’ll fight for it.” — Senior Director for Security Operations, Pharmaceuticals

Forrester TEI Methodology

To prepare this study, Forrester interviewed security leaders from a variety of Falcon Complete customers. These organizations represent a cross-section of sizes (from 700 users up to 22,500) and global regions (from North America to Europe and Australia). Each organization had been a Falcon Complete customer for more than one year at the time of the interviews.

These organizations told a common story: enormous amounts of work for their security teams to do, with not enough people to handle it. They recognized that this a highly risky situation, where the team is forced to run at full speed constantly, always with the fear that they’re not doing enough to stop the next breach. With all hands focused on the immediate, urgent mission of handling alerts, the organizations felt trapped, unable to focus on strategic initiatives and improvements.

Forrester then designed a composite “typical” organization based on the data gathered during the interviews, and then built a financial model using real-world interview data to quantify the costs, benefits and ROI of Falcon Complete.

Forrester Quantifies Benefits of Falcon Complete

Through its interviews with this diverse group of Falcon Complete customers, Forrester measured five separate benefits organizations can realize with Falcon Complete:

• Operational Efficiencies and Augmentation. Forrester assessed that Falcon Complete provided the equivalent coverage of an experienced team of 11 FTEs, providing around-the-clock monitoring, response and threat hunting. This was a massive game changer for these organizations — it eliminated alert fatigue and significantly eased the pressure of lean security teams.
• Dramatically Reduced Risk of Breach. Forrester’s analysis showed that the proactive management and tuning delivered by the Falcon Complete team, combined with CrowdStrike’s Breach Prevention Warranty, nearly entirely eliminated the risk of breaches.
• Elimination of Redundant Tools. CrowdStrike provided enhanced protection and performance, and reduced costs by replacing multiple other redundant security tools (and the burden of managing them).
• Reduced Downtime from Security Incidents. Responding to security incidents introduces a burden on overworked IT staff, as well as affected end users. Forrester showed that after Falcon Complete was deployed, organizations experienced far fewer security incidents, dramatically reducing time that IT organizations and users spent coping with threats. Further, the impact of security incidents was greatly reduced by Falcon Complete’s capability to perform full remediation in minutes, rather than relying on cumbersome reimaging or replacement of compromised endpoints.
• Savings on Cyber Insurance. Finally, as reported by multiple interviewees, the unprecedented effectiveness of the CrowdStrike Falcon® platform augmented with the unique expertise of the Falcon Complete team, and backed by CrowdStrike’s Breach Prevention Warranty, can also result in savings related to preferred terms and conditions from their cyber insurance provider.

But That’s Not All …

Beyond the quantified benefits, Forrester also cataloged a variety of unquantified benefits that were described by the security leaders they interviewed.

“The Falcon Complete product and the comfort and security we get allows my team to focus on other large projects.” 

“… allow me to focus on other things … they’ve got my back.”

Falcon Complete freed up critical resources on cybersecurity teams, enabling organizations to focus on strategic priorities rather than the resource-intensive, reactive work of managing endpoint protection and responding to security alerts.

“I am totally confident in their ability to remediate and their ability to respond.”

“… lets me sleep far better at night …”

The interviewed organizations reported feeling uncertain about their defenses, always wondering if they were doing enough to protect their organizations. Forrester reported that Falcon Complete eliminated this uncertainty and allowed the interviewed organizations to achieve confidence and trust in their defenses.

“Actual onboarding was ridiculously easy, and the guys were ridiculously easy to deal with.” 

And they did it all practically overnight. Interviewed organizations reported an average of two weeks from the time they signed up with Falcon Complete to the point where the Falcon platform was fully deployed, configured in accordance with best practices, and fully operating under the watchful eye of the Falcon Complete team.

Zero Breaches, Zero Hidden Costs

“I’m trying to find some downsides to Falcon Complete. I’m just finding it hard to give you another impression.”

Naturally nothing comes for free, and every solution has its costs. Throughout its research, Forrester meticulously tracked the costs incurred by security teams across the entire lifecycle of endpoint protection, including costs associated with:

• Procurement and deployment of the necessary endpoint protection technology
• 24/7/365 global monitoring and management
• 24/7/365 proactive threat hunting
• Monitoring and response to security alerts
• Full remediation and recovery of systems involved in incidents
• Ongoing platform management, maintenance and tuning

By comparing these comprehensive costs against the real-world benefits that organizations realized, Forrester calculated that Falcon Complete delivers what we consider to be an astounding 403% ROI.

More importantly, none of the interviewed organizations reported a single impactful intrusion since partnering with CrowdStrike Falcon® Complete. Falcon Complete delivered predictable security outcomes, at a price far lower than building the capability in house.

No Surprises

We believe Forrester’s research validates what our Falcon Complete team has been saying for years: Endpoint protection is not an oxymoron, and it can come with a reasonable, predictable cost. It requires diligence, focus and finely tuned processes. A quality MDR service can get you there quickly — and let you get back to focusing on what’s critical to your business.

Additional Resources

• Read the Forrester study, “The Total Economic Impact™ of CrowdStrike Falcon® Complete.”
• See a demonstration of Falcon Complete in action.
• Learn more: Read the Falcon Complete white paper.