In the previous post, we provided a framework to assist you in understanding your security options (based on company size and maturity); and included a list of questions quantifying time and money.
This post will focus on comparing Managed Detection and Response (MDR) with building similar capabilities in-house or outsourcing to an MSSP, and why many companies opt to go with MDR services. When working with customers, its very easy to help them build a business case around why MDR offers the best value for their company. In the current state of the market, many companies need to “do more with less” and this is where the value of MDR comes into play. There are many ways such a business case can be built. In this post, I’ll compare the two most common examples we see: in-house and MSSP.
To put MDR in perspective, think of a SOC-in-a-box: vulnerability management, threat hunting, threat intelligence, log management, incident response, compliance reporting, EDR, 24/7 analysts, compliance auditing, etc. The key point to MDR is doing all the above components, while using best-of-breed technology that is easy to manage and integrate into your environment.
Now, to build the case, imagine each of these features operating within a business environment in the three use-cases; the approximate annual costs are detailed in the chart below (determined based on previous projects). The example is based on a company with 500 endpoints, is presented in US dollars:
Resource |
In-house Costs |
Outsource to MSSP |
IntelliGO MDR |
SIEM |
$50,000 (tool) |
$50,000 (tool) + $72,000 |
Included |
Vulnerability Management |
$3,200 |
$3,200 + $30,000 |
Included |
Threat Intelligence Feeds |
Feed 1 - $24,000/year |
Feed 1 - $24,000 |
Included |
Endpoint Detection & Response |
$17,500 ($35/endpoint/year) |
$30,000/year (licenses + management) |
Included |
Endpoint Security Analyst / Threat Hunter |
$125,000 |
Included (partially) |
Included |
24/7 analysts |
$70,000 x 3 analysts = $210,000 |
Included (level 1) |
Included |
TOTAL |
$429,700 / year |
$227,200 / year |
$48,000-$84,000 |
Note: does not include maintenance, training and supervision for technology; building processes internally (for detection and response) and other ancillary costs; does not include Incident Response or CISO; generally, there is more than one threat intelligence feed that should be included; MDR and MSSP pricing is based on 3-year agreements.
When you look at the above numbers, it may seem obvious why companies opt to go with MDR: Cost. However, there are many other reasons to outsource to an MDR company, such as:
(1) MDR companies have created and streamlined their processes for detection and response of threats; to build this in-house, processes will need to be created for a successful security strategy. MDR companies will also increase security posture by utilizing one console (their tech) for centralized management instead of MSS companies viewing multiple consoles;
(2) MDR companies already have incident responders and a strong IR process (no need to build this in-house); and
(3) no need for integrations as it’s all included in the service (example – with outsourcing to an MSSP, you would want to integrate threat intelligence into the SIEM and EDR). MDR is the best option to revolutionize your security program and will add the most maturity to your environment in the most efficient way.
Of course, the cost of an MSSP will vary depending on which technologies you have them manage - certain configurations could even yield a lower price than our MDR service. Make sure you are comparing apples to apples: ensure the technologies that are being managed by your MSSP include the same functionalities you get with MDR, and that they will yield the same performance/outcomes. The question you must ask is, "what am I sacrificing in terms of performance and security, to reach that lower price?"
Many SMB/SME organizations struggle to build a complete security platform in-house or outsource to an MSSP due to the significant investments required in people, processes and technology. IntelliGO MDR provides the option to companies to find the perfect balance between prevention, detection and response without compromising on the people, process and technology. More importantly, IntelliGO can do all this without you investing a significant amount to increase your security maturity.
To find out more, please reach out for a demonstration of the IntelliGO MDR platform.
Let us know what you thought about this post.
Please comment below.