Is there an ROI in Automation & Orchestration?

When I finished college many years ago, I joined Ernst & Young and earned my CPA.  It only took a few busy seasons for me to realize that while public accounting was a great place to start a career, I didn’t enjoy accounting enough to do it every day.  Still, I credit E&Y with teaching me the language of business.

Though I do get excited by new technology and the spirit of innovation, sooner or later I always come back to those E&Y roots.  What’s the business value of the solution?  Admittedly, the answer to this question has not always been crystal clear in the fifteen years that I’ve been in the security industry.  I’ve seen a fair share of friendly debates over how to value the economic impact of a breach that may not actually happen.

As I started to learn more about Phantom, I saw a difference.  In the Security Automation & Orchestration market, the Return on Investment (ROI) is much more tangible.  Automation & orchestration can be a force multiplier to help marshal the power of your existing security point products to achieve in seconds what may normally take hours.  It’s about making security smarter, faster, and stronger, and with Phantom you get the only purpose-built security automation & orchestration platform to do it.

Smarter: The complexities of our IT environments often slow down our teams paralyzing otherwise highly proficient people. Phantom works like an OS to orchestrate security operations from prevention to resolution, ultimately delivering increases in productivity and effectiveness. Codifying your “rules of engagement,” approval authorities, and escalations let your skilled first responders bring to bear all of their experience to make better decisions and act quickly.

Faster: Enterprise security resources are stretched as never-ending attacks test your ability to respond. Phantom helps reduce time to detect and respond through automation. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating the incident response lifecycle. Faster triage, investigation, and recovery, combined with granular control of assets, ensures security at machine speed while maintaining continuity and control.

Stronger: Phantom helps you create a security team and environment that is worth more than the sum of its parts. Consolidation and control make static security systems agile.  Phantom works like “connective tissue” delivering the flexibility to connect in-house and third-party systems into one  integrated platform. While not strictly open source, Phantom is extensible enabling you to create your own Apps & Playbooks or use the ones we’ve created for you.

But what about the ROI, the tangible business value?  One could assert that working smarter, faster, and stronger has a multiplier effect.  Making one person look like two or even three saves money, improves job satisfaction (i.e. retention) and reduces your time to react.  While this qualitative case may satisfy the needs of some, others may look for a quantifiable gain.  Let’s consider a simple example based on a few industry estimates to illustrate the point:

Acme is a mid-sized company with ~1,500 employees.  On average, Acme receives ~127,500 emails per day.  Recent industry research suggests that as many as 0.01% of those emails are phishing attempts which equates to ~13 per day.  If we can further assume that it takes ~45 minutes to address each phish and that the fully loaded cost per employee is $90 per hour, then the cost of this security problem is $300,000+ per year.

Phishing is only of of many security issues addressable with automation & orchestration.  Our Early Access Customers are identifying 50 or more routine security problems ready for Phantom.

What’s on your list to automate & orchestrate?

CP Morey
VP, Products & Marketing
Phantom Cyber

About Phantom:
Phantom automates enterprise security operations. In the face of problematic trends including the dramatic increase and volume of attacks, severe shortages in qualified personnel, growth in the diversity and complexity of IT security environments and unforgiving consumers, investors and regulators holding management to task for breaches, Phantom arms security operations with the automation and orchestration solutions that ready them to defend their company’s business.  Visit to register for Phantom Community Edition, a free version of Phantom.