In the turbulent world of cybersecurity, one thing is for certain: Threats are evolving in ways that make them harder for organizations to predictβand stop.
For businesses with scarce security staff resources and disconnected, complex toolsets, keeping up with today's cyberthreats is even harder. That's why an outsourced Security Operations Center (SOC) is a great option for resource-constrained organizations.
A SOC, or team of professionals who monitor and respond to threats for your business, is a staple of **Managed Detection and Response (MDR)**services. MDR is an outsourced service which provides organizations with 24x7 attack prevention, detection, and remediation, as well as targeted and risk-based threat hunting.
If you're an organization wanting to reap the benefits of a 24/7 SOC, then MDR might just be the best bang for your buck. But hold up.
How much can you really save leveraging an outsourced SOC versus building your own in-house? How much ROI can MDR provide over the long-term? And are there any downsides to consider?
In this post, we'll answer each of these questions and more.
Spoiler alert: building an in-house SOC costs a heck of a lot more than partnering with an MDR provider. There's quite a long (and expensive) checklist of things you'll need to have, including:
If we really get down to the nitty-gritty, there's a slew of other costs and logistical hurdles you'll have to take on:
Some estimates place the capital costs to establish a SOC at close to $1.3 million USDβand annual recurring costs running up almost $1.5 million USD. Not exactly dirt-cheap, to say the least.
Outsourced SOCs, such as those provided by MDR services, are much more cost-efficient than building out your own.
Pricing for MDR is typically calculated based on the number of assets in your environment, somewhere in the ballpark of** $8-12 USD per device/log source.**
Some vendors will look at additional factors for pricing, including number of ingress/egress points and the daily rate of ingestion for SIEM. Cost will also be influenced by any customer-specific pricing (including any discounts) and the breadth of services contracted (more features, for example).
Assuming the average number of endpoints (servers, employee computers, mobile devices) for a small to mid-sized company is 750, you're looking at dishing out a cool 6K to 9K a month for MDR.
All in all, the cost of MDR comes out at around 100K annuallyβquite a difference from the 7 figures we talked about with in-house!
Sure, when it comes to reaping the benefits of a 24x7 SOC, MDR is cheaper than building out your ownβbut that's only one part of the picture. We should also look at the ROI of MDR and break down any savings we can expect over the long-term.
The two most obvious examples of the ROI of MDR are:
But that's not all. There's several other aspects of cost avoidance with MDR, including:
All this being said, there is one big factor to consider before jumping into MDR, and it has to do with control.
MDR providers will have access to sensitive network and endpoint data in order to monitor your infrastructure for threats. And although many MDR vendors have ways to secure/obfuscate that data, some organizations may still be wary of having their data handled by an outside organization.
MDR is a cost-efficient way to reap the benefits of a 24/7 SOC for organizations who lack the budget to set one up themselves.
With MDR, organizations have access to a round-the-clock team of experts to threat hunt, stay on top of the latest adversary tools, techniques, and procedures (TTPs), and quickly remediate threats as necessary, among other things.
Get a deep dive into the Malwarebytes MDR service
Want to learn more MDR, but not sure where to start? We've got you covered. Here are list of resources we think you'll find helpful: