Qualys has formally announced the launch of its findings from a study commissioned by IDC to quantify the perceived business value among its customers.
The research, detailed in the IDC White Paper titled The Business Value of Qualys, reports that Qualys customers experience an average annual benefit of US$102,000 per 1,000 internal users, achieving a three-year ROI of 403% with a payback period of just five months.
“The urgency of having a strong cybersecurity posture is well understood. It’s the constant news of cyber breaches that keeps board members and executives up at night. With cyberthreats, the entire business is at stake, and the stakeholders fret about whether their organization’s defences can manage the risk. As a security leader, one of your roles is helping stakeholders understand that risk is under control — or at least in the process of significant reduction,” said Thomas Nuth, Vice President of Product Marketing at Qualys.
“As a cybersecurity leader, you may struggle to help your C-level see the business value of what your team does. Forget ‘speeds and feeds’; key decision-makers are solely focused on The Numbers. While reports from most security tools excel at spewing out numbers, their technology-focused integers rarely address the nuts and bolts of managing corporate finance and business risk. Using business-friendly language is vital for connecting with the leadership, including CFOs, CISOs and CIOs, which is why we commissioned this IDC study.”
The IDC study pinpointed six number-focused metrics to assist security leads in articulating the business value of the Qualys Enterprise TruRisk Platform to their leadership.
ROI
IDC uncovered that Qualys users see an ROI of 403%. This return is realised in two forms: a lower total cost of investment (TCO) from the phasing out of point solutions in favour of the integrated Qualys Enterprise TruRisk Platform and a reduction in manual processes due to the platform’s streamlined workflows and automation.
Payback
The payback period for the Qualys Enterprise TruRisk Platform is a swift five months, attributed to a platform approach that leverages at least three integrated solutions. Such adoption fosters streamlined workflows across IT, security, and compliance departments.
Total value
The total value represents the ROI plus additional qualitative benefits derived from investing in the Qualys Enterprise TruRisk Platform. IDC’s interviews with Qualys customers show a total annual value of $5.1 million, a figure that increases significantly over time as more integrated solutions are adopted.
Staff time efficiency
Operationalizing SecOps with the Qualys Enterprise TruRisk Platform has substantially increased staff time efficiency. Qualys users reported a 24% increase in security team efficiency. Mean time to repair (MTTR) saw up to a 50% improvement with bidirectional integrations of ITSM and CMDB tools. The platform achieved an impressive four-hour mean time to discover (MTTD), which is six times faster than competing platforms, and a less than 24-hour response time for critical CVEs, enabling two-second visibility across hybrid infrastructures.
Risk reduction
According to Qualys customers, risk reduction benefits stem from three primary sources: 65% fewer unplanned application outages, a 66% faster resolution of these outages, and a 24% reduction in non-compliance fines. The platform’s comprehensive visibility and proactive security measures, powered by over 25 threat intelligence sources and Qualys Threat Research, prevent unplanned outages and strengthen supply chain security. The observed 89% improvement in patching efficiency contributes to faster resolution times, while compliance is supported with extensive coverage of MITRE ATT&CK guidance and extensive policy and regulation reporting.
Security staff key performance indicators
The Qualys Enterprise TruRisk Platform has enhanced three key performance indicators for security staff. The staff’s effectiveness in proactively detecting threats increased by 56% due to the platform’s extensive CVE database. A 40% gain in efficiency in threat response and a 37% improvement in patching efficiency were facilitated by the platform’s risk-based prioritisation and automated workflow logic, which includes scripts for closing tickets 60% faster and remediating vulnerabilities in custom first-party software.
Click below to share this article
