Is an outsourced SOC worth it? Looking at the ROI of MDR
In the turbulent world of cybersecurity, one thing is for certain: Threats are evolving in ways that make them harder for organizations to predict—and stop.
For businesses with scarce security staff resources and disconnected, complex toolsets, keeping up with today’s cyberthreats is even harder. That’s why an outsourced Security Operations Center (SOC) is a great option for resource-constrained organizations.
A SOC, or team of professionals who monitor and respond to threats for your business, is a staple of Managed Detection and Response (MDR) services. MDR is an outsourced service which provides organizations with 24×7 attack prevention, detection, and remediation, as well as targeted and risk-based threat hunting.
If you’re an organization wanting to reap the benefits of a 24/7 SOC, then MDR might just be the best bang for your buck. But hold up.
How much can you really save leveraging an outsourced SOC versus building your own in-house? How much ROI can MDR provide over the long-term? And are there any downsides to consider?
In this post, we’ll answer each of these questions and more.
In-house SOC vs outsourced SOC costs
In-house SOC costs
Spoiler alert: building an in-house SOC costs a heck of a lot more than partnering with an MDR provider. There’s quite a long (and expensive) checklist of things you’ll need to have, including:
- Hire a minimum of five, full-time employees to provide 24/7 coverage.
- Identify effective avenues to find, hire, and replenish high-caliber security talent.
- Develop an employee loyalty and retention program.
If we really get down to the nitty-gritty, there’s a slew of other costs and logistical hurdles you’ll have to take on:
- Purchase, implement, and maintain the hardware and software for your SOC.
- Project manage the facility operations and day-to-day functions.
- Provide ongoing security training, certifications, and red team exercises to expand staff expertise.
- Purchase and manage third-party security intelligence feeds.
- Engage periodic outside consultation to assess the caliber of your detection and response services and invest in appropriate items to make any recommended improvements
Some estimates place the capital costs to establish a SOC at close to $1.3 million USD—and annual recurring costs running up almost $1.5 million USD. Not exactly dirt-cheap, to say the least.
Outsourced SOC costs
Outsourced SOCs, such as those provided by MDR services, are much more cost-efficient than building out your own.
Pricing for MDR is typically calculated based on the number of assets in your environment, somewhere in the ballpark of $8-12 USD per device/log source.
Some vendors will look at additional factors for pricing, including number of ingress/egress points and the daily rate of ingestion for SIEM. Cost will also be influenced by any customer-specific pricing (including any discounts) and the breadth of services contracted (more features, for example).
Assuming the average number of endpoints (servers, employee computers, mobile devices) for a small to mid-sized company is 750, you’re looking at dishing out a cool 6K to 9K a month for MDR.
All in all, the cost of MDR comes out at around 100K annually—quite a difference from the 7 figures we talked about with in-house!
Long-term ROI of MDR
Sure, when it comes to reaping the benefits of a 24×7 SOC, MDR is cheaper than building out your own—but that’s only one part of the picture. We should also look at the ROI of MDR and break down any savings we can expect over the long-term.
The two most obvious examples of the ROI of MDR are:
- It removes the full-time employee staffing costs of hiring five analysts to run a 24/7 SOC, and;
- It alleviates the capital expenditures of purchasing a SIEM or other security tools.
But that’s not all. There’s several other aspects of cost avoidance with MDR, including:
- Reduced risk of data breach: With a team of seasoned professionals monitoring your network 24×7, you’re less likely to get hit with a data breach. In 2022 the average cost of a data breach was $4.35 million.
- Savings attributed to reduction in security incidents: Infected (and therefore inoperable) devices greatly impacted worker productivity. MDR can reduce worker downtime and reduce necessary IT resources for remediation.
- Savings on cyber insurance: Cyber insurers want 24/7 detection and response in an environment. MDR satisfies this requirement for businesses, saving you potentially tens of thousands of dollars in premiums and other costs annually.
All this being said, there is one big factor to consider before jumping into MDR, and it has to do with control.
MDR providers will have access to sensitive network and endpoint data in order to monitor your infrastructure for threats. And although many MDR vendors have ways to secure/obfuscate that data, some organizations may still be wary of having their data handled by an outside organization.
When it comes to great security and high ROI, MDR is tough to beat
MDR is a cost-efficient way to reap the benefits of a 24/7 SOC for organizations who lack the budget to set one up themselves.
With MDR, organizations have access to a round-the-clock team of experts to threat hunt, stay on top of the latest adversary tools, techniques, and procedures (TTPs), and quickly remediate threats as necessary, among other things.
Malwarebytes MDR is a service that prevents, detects, and responds to ransomware, malware, trojans, rootkits, backdoors, viruses, brute force attacks, and “zero-day” unknown threats so you can avoid business disruption and financial loss.