What can your organization achieve with an offensive security platform? According to a new Forrester Consulting study, the IBM Security Randori platform delivered a 303% ROI over 3 years and paid for itself in less than 6 months by helping to mitigate risk exposure, better prioritize risk response decisions and act faster.

About the study

IBM commissioned Forrester to conduct the Total Economic Impact™ (TEI) study by interviewing four clients about the value of their investments in the Randori attack surface management (ASM) and continuous automated red teaming (CART) solutions. The interviewed security leaders shared that by deploying the Randori platform, their organizations were able to detect shadow IT assets, rapidly respond to vulnerabilities like Log4j and redirect time previously spent triaging exposures to more proactive security exercises.

The June 2023 study noted: “Compared to their prior environments, interviewees reported between 50% and approximately 95% reductions in manual effort with Randori’s continuous security monitoring.”

Based on the in-depth client interviews, Forrester constructed a single composite organization that aggregated the representatives’ experiences with using the Randori platform. The composite matured its security to an ASM-focused posture in the first year with IBM Security Randori Recon and augmented its red team capabilities with IBM Security Randori Attack in the second and third years. Many quantifiable benefits were identified, including the following:

  • 90% fewer hours of vulnerability scanning per year
  • 75% labor savings from augmented red team activities
  • 30% reduction in time to triage exposures for remediation
  • 20% decrease in cyber insurance premiums

Learn more

Delve more into the details by downloading The Total Economic Impact Of IBM Security Randori study.


More from Cybersecurity

Spear phishing vs. phishing: what’s the difference?

5 min read - The simple answer: spear phishing is a special type of phishing attack. Phishing is any cyberattack that uses malicious email messages, text messages, or voice calls to trick people into sharing sensitive data (e.g., credit card numbers or social security numbers), downloading malware, visiting malicious websites, sending money to the wrong people, or otherwise themselves, their associates or their employers. Phishing is the most common cybercrime attack vector, or method; 300,479 phishing attacks were reported to the FBI in 2022.…

Data breach prevention: 5 ways attack surface management helps mitigate the risks of costly data breaches

5 min read - Organizations are wrestling with a pressing concern: the speed at which they respond to and contain data breaches falls short of the escalating security threats they face. An effective attack surface management (ASM) solution can change this. According to the Cost of a Data Breach 2023 Report by IBM, the average cost of a data breach reached a record high of USD 4.45 million this year. What’s more, it took 277 days to identify and contain a data breach. With…

Success and recognition of IBM products continues in G2 2023 Fall Reports

2 min read - IBM offerings were featured in more than 1,300 unique G2 reports, earning over 320 Leader badges across various categories. We are grateful to our customers for sharing the positive and constructive feedback needed to achieve these milestones, and we congratulate our tireless IBM team and partners who strive and achieve excellence.   Rankings on G2 reports are based on data provided by real software buyers. As stated by Sara Rossio, Chief Product Officer at G2, “Potential buyers know they can trust these insights…

What is the vulnerability management process?

5 min read - Modern enterprise networks are vast systems of remote and on-premises endpoints, locally installed software, cloud apps, and third-party services. Every one of these assets plays a vital role in business operations—and any of them could contain vulnerabilities that threat actors can use to sow chaos. Organizations rely on the vulnerability management process to head off these cyberthreats before they strike. The vulnerability management process is a continuous process for discovering, prioritizing, and resolving security vulnerabilities across an organization's IT infrastructure. Security vulnerabilities defined…