The business case for Managed Detection and Response (MDR) Services in small to medium-sized organizations of about 200 to 2,000 employees could not be more compelling than it is right now. This is for two reasons. First, cybersecurity talent is in very short supply and consequently is becoming more expensive to acquire and retain. Secondly, building and managing a Security Operations Center (SOC) with technology, process, and people is cost-prohibitive for such organizations.
As hackers ramp-up their attacks with increasingly sophisticated schemas and tools that are available commercially or for illicit purchase on the dark web, the threat landscape continues to evolve rapidly. Unless your team is 100% dedicated to staying ahead of such developments, your organization will not be able to lower its risk profile. In fact, the risk to your operation will increase as the probability of being breached does. This is a challenge that organizations will continue to face moving forward. You will need all the help you can get. But, where do you turn for help?
Cybersecurity talent is in very short supply; it is an industry crisis. It is estimated there will be as many as 3.5 million unfilled positions in the industry by 2021. As such, it will remain difficult to find cybersecurity talent and be even more difficult to assess their capabilities, knowledge, and skills, once you find them. If you end up hiring them, they will be hard to retain.
On the path to building and operating a SOC, finding qualified cybersecurity talent is just the beginning. If you find them, you need enough of them to operate 24/7/365. They will require facilities, security technology, tools, and threat intelligence feeds to aid in monitoring, detecting threats, and performing incident response. The SOC will need to stay ahead of the curve, all the time, to remain relevant and reduce risk to your organization. Acquisition of tools, and managing their lifecycle, will be integral. You will need to launch a security reduction program and develop measurable KPIs to build a path to cybersecurity maturity…
That is far too many things to consider, let alone invest in. Moreover, cybersecurity is not your core business. But, if your organization is going to do anything less than that, you might as well do nothing.
While it is not impossible for some businesses to build and operate a SOC, it is certainly costly to launch and maintain such an operation. An estimate of building and operating a SOC for a 500-employee company is shown in Table 1 below. Your monthly cost will be over $61k, and your five-year cost will be over $3.5million. It will cost you $122.75 per endpoint, per month. It is expensive to do it on your own!
||Est. Cost for 500 Endpoints/month
|Talent (7 FTEs & Supervisor)
|Technology / Tools
|Total Operational Expenses per month
|Initial one-time setup (labour)
|Total 5-Year Cost (USD)
Both the changing threat landscape and the shortage of talent creates a massive challenge for medium and small organizations, who are facing the same type of threats as large enterprises but without the same resources to address them. To achieve the same outcomes without the large investment in time and money, an organization needs to look at other options. One such option is selecting a capable MDR services provider, one that will take on the task of securing your business, provide detection and incident response services, as well as CISO consulting services – without breaking the bank. MDR Services are a cost-effective alternative to building and operating a SOC to secure your business; it will cost you a lot less than building your own.
Depending on the number of endpoints you have, you should expect MDR Services prices to fall between the cost of one security resource (approximately $8k/month) and that of a full-on security operation ($61k/month as estimated above). As this market is still maturing, some providers may try to entice you with lower introductory prices – but as you will see in the next section, not all MDR services are the same; you get what you pay for.
MDR Services include around-the-clock detection of, and response to, threats, by collecting and analyzing multiple sources of data, utilizing a purpose-built technology stack, capable threat hunters, incident response and CISO consulting services. MDR service providers handle numerous clients across many industries, so they experience a lot more threats than a single organization would. Their only focus is MDR, so they have dedicated cybersecurity teams that are constantly sharpening their skills and expanding awareness of the threat landscape. Such providers, operating at scale, will always be better able to attract and retain cybersecurity talent.
True MDR services are not a commodity for consumption. Any transaction you make must be win-win to lower your risk profile. It’s when providers race to the bottom on price that the quality of the service diminishes. Why should this be, when the business case is already so clear? MDR is not a product you buy and use at your discretion, and so it is important to focus on the value that is being delivered, the outcomes it enables, and the cost relative to doing it yourself. The relationship with your provider is a partnership; they will be an extension of your team. They are there to protect your business from the negative impact of a breach.
Not all MDR services providers are the same
When evaluating providers, you need to realize that not at all MDR services providers are created equal. Most service providers today start by imitating the innovators in the market. They don’t begin with their technology, they simply to sell existing solutions as a service. Buying several security technologies, stitching them together, and calling it an “MDR platform” is a kludge solution. It will fall short of the value that one expects from a purpose-built platform that is centered around threat hunting at scale.
Such a platform, coupled with qualified and experienced cybersecurity talent, and a process that enables detection and near-instant response, is critical to delivering the value that clients expect. It is necessary to reduce risk, prevent breaches and ensure regulatory compliance.
Shortage of cybersecurity talent and costly SOC operations make for a compelling business case to outsource your security needs to an MDR services provider. Not all MDR services providers are the same. Those that have built their technology stack from the ground up, and have capable threat hunters and engineers, can reduce risk to your organization more effectively than imitators. MDR Services are not commodity services, so expect to pay more than an MSSP would charge and less than doing it on your own.