Report: Exabeam Fusion SIEM delivers 245% ROI

An Independent Consulting Total Economic Impact study has revealed significant improvements in security operations efficiency and effectiveness across a diverse customer base


Exabeam, the leader in Next-gen SIEM and XDR, has announced the results of a commissioned Total Economic Impact™ (TEI) study conducted by Forrester Consulting (NASDAQ: FORR). The study aims at quantifying the potential return on investment for organisations who invest in Exabeam Fusion SIEM. The study found that a composite customer –– based on in-depth interviews with several leading organisations using Fusion SIEM –– achieved a 245% return on investment (ROI) and generated $3.73M in total benefits across a three year period.


Security operations teams are too often overwhelmed by alerts and false positives, operate in react mode, and struggle to detect insider threats. Exabeam provides a cloud-delivered solution with analytics-driven insights to help security teams investigate and resolve threats in record time.


“We believe the Forrester study has validated what we’ve known all along –– Exabeam Fusion SIEM customers experience dramatic gains in security operations efficiencies and significant cost savings and ROI when using Fusion SIEM,” said Pedro Abreu, Chief Operating Officer, Exabeam. “Exabeam is intensely focused on ensuring customers are successful at keeping pace with persistent adversaries increasingly sophisticated attack methods.”


The TEI study provides a framework for organisations to evaluate the potential financial impact of Fusion SIEM. The study examines both traditional and new hybrid work models that impact security operations teams and the organisations they protect.


According to the study, Exabeam Fusion SIEM customers realised significant security operations improvements. Among dozens reported, here are some benefit highlights:


Greater insider threat awareness. The study revealed that, until Exabeam Fusion SEIM was deployed, security teams still focused mostly on external threats and didn’t give enough attention to insiders as a major threat vector. Using Exabeam Fusion SIEM gave these companies greater understanding and visibility into user and entity behaviour, as well as what was normal versus abnormal in their environments. As a result, they were better equipped with the foundational capabilities needed to counteract modern external and insider threats.


Centralised views. After deploying Exabeam Fusion SIEM, Security Operation Center (SOC) teams reported having a centralised view of their ecosystem so they can quickly review and investigate security logs, alerts, and incidents. This greatly reduced false positives and shortened mean time to respond and resolve.


Security team efficiency gains. Before using Exabeam Fusion SIEM, it typically took the composite (typical) organisation 360 minutes to investigate an incident. After deploying Fusion SIEM, it took only five minutes to find a problem and determine the appropriate action to remediate the issue. This particular efficiency gain resulted in a present value savings of approximately $573K over a three-year period.


Alignment with Cloud strategies. While customer interviewees all had varying reasons for choosing a cloud-based SIEM provider like Exabeam, transitioning to the cloud was beneficial for each, and also provided the composite organisation with an additional savings of more than $100K per year.


Highlights from Fusion SIEM Customer Interviews with Forrester Consulting


Fusion SIEM analytics engine drastically reduces incidents, gives hours back


A CISO for a mining firm said, “The [Exabeam] analytic engine takes log sources and correlates them together, assigns risk points for users and assets, and we investigate when they hit a score of over 90 points. After investigating those incidents, we can do threat hunting inside the tool. We used to see up to 100 incidents a day, but the longer we use Exabeam, we’ve seen dramatic drops of about 70% to 75%. I would attribute nearly all of that decrease in the number of incidents to the fact that we have Exabeam running in our environment.”


The CISO continued, “Prior to [deploying Exabeam], you might identify that something doesn’t look quite right. You would go to firewall and active directory logs as well as other systems, combing through those for that person’s name. You’re probably already four or five hours in, without even starting any of the correlation work yet. Exabeam does that all for you with a few clicks to get to an entire timeline of everything they’ve done throughout that day just simply coming from the log files. It literally takes five [or] six hours’ worth of work down to a few minutes.”


Fusion SIEM addresses insider threats and lateral movement


A regional CISO of a holding company said that until they deployed Exabeam, “security” meant mainly stopping website fraud or theft. They elaborated: “We wanted proper security in the corporate IT space. Security involved loading a bunch of software, then set it and forget it. That was security. We were not looking for internal threats or any lateral movement.”


Fusion SIEM is better at scaling performance


According to the head of Global Operations for a financial services organisation cited in the study, “The biggest thing I saw with on-prem SIEMs is capacity management. To run a query against three years’ worth of logs bogs down the system. When you get multiple queries that are running against these infrastructure components, you’re hamstrung by their capabilities. Exabeam does a better job of scaling that performance.”


To read the Forrester Consulting study, The Total Economic Impact™ of Exabeam Fusion SIEM, and learn about the financial modelling that calculated the efficiency improvements, ROI, and cost savings results, click here. To learn more about Exabeam Fusion SIEM, or to request a demo, please visit