{"id":20830,"date":"2022-12-15T16:11:37","date_gmt":"2022-12-16T00:11:37","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/12\/15\/news-14563\/"},"modified":"2022-12-15T16:11:37","modified_gmt":"2022-12-16T00:11:37","slug":"news-14563","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/12\/15\/news-14563\/","title":{"rendered":"Is an outsourced SOC worth it? Looking at the ROI of MDR"},"content":{"rendered":"<p>In the turbulent world of cybersecurity, one thing is for certain: Threats are evolving in ways that <a href=\"https:\/\/www.malwarebytes.com\/resources\/files\/2021\/04\/malwarebytes-smb-trust-confidence-2021.pdf\">make them harder for organizations<\/a> to predict&mdash;and stop.<\/p>\n<p>For businesses with scarce security staff resources and disconnected, complex toolsets, keeping up with today&rsquo;s cyberthreats is even harder. That&rsquo;s why an outsourced <a href=\"https:\/\/www.malwarebytes.com\/cybersecurity\/business\/what-is-soc-as-a-service\"><strong>Security Operations Center (SOC)<\/strong> <\/a>is a great option for resource-constrained organizations.<\/p>\n<p>A SOC, or team of professionals who monitor and respond to threats for your business, is a staple of <strong><a href=\"https:\/\/www.malwarebytes.com\/cybersecurity\/business\/what-is-mdr\">Managed Detection and Response (MDR)<\/a>&nbsp;<\/strong>services. MDR is an outsourced service which provides organizations with 24&#215;7 attack prevention, detection, and remediation, as well as targeted and risk-based threat hunting.<\/p>\n<p>If you&rsquo;re an organization wanting to reap the benefits of a 24\/7 SOC, then MDR might just be the best bang for their buck. But hold up.<\/p>\n<p>How much can you really save leveraging an outsourced SOC versus building your own in-house? How much ROI can MDR provide over the long-term? And are there any downsides to consider?<\/p>\n<p>In this post, we&rsquo;ll answer each of these questions and more.<\/p>\n<h2>In-house SOC vs outsourced SOC costs<\/h2>\n<h3>In-house SOC costs<\/h3>\n<p>Spoiler alert: building an in-house SOC costs a heck of a lot more than partnering with an MDR provider. There&rsquo;s quite a long (and expensive) checklist of things you&rsquo;ll need to have, including:<\/p>\n<ul>\n<li><strong>Hire a minimum of five, full-time employees <\/strong>to provide 24\/7 coverage.<\/li>\n<li><strong>Identify effective avenues to find, hire, and replenish <\/strong>high-caliber security talent.<\/li>\n<li><strong>Develop an employee loyalty<\/strong> and retention program.<\/li>\n<\/ul>\n<p>If we really get down to the nitty-gritty, there&rsquo;s a slew of other costs and logistical hurdles you&rsquo;ll have to take on:<\/p>\n<ul>\n<li><strong>Purchase, implement, and maintain <\/strong>the hardware and software for your SOC.<\/li>\n<li><strong>Project manage <\/strong>the facility operations and day-to-day functions.<\/li>\n<li><strong>Provide ongoing security training, certifications, and red team exercises <\/strong>to expand staff expertise.<\/li>\n<li><strong>Purchase and manage <\/strong>third-party security intelligence feeds.<\/li>\n<li><strong>Engage periodic outside consultation <\/strong>to assess the caliber of your detection and response services and invest in appropriate items to make any recommended improvements<\/li>\n<\/ul>\n<p><a href=\"https:\/\/rafeeqrehman.com\/2017\/02\/05\/soc_budget_calculator\/\">Some estimates place the capital costs to establish a SOC at close to $1.3 million USD<\/a>&mdash;and annual recurring costs running up almost $1.5 million USD. Not exactly dirt-cheap, to say the least.<\/p>\n<h3>Outsourced SOC costs<\/h3>\n<p>Outsourced SOCs, such as those provided by MDR services, are much more cost-efficient than building out your own.<\/p>\n<p>Pricing for MDR is typically calculated based on the number of assets in your environment, somewhere in the ballpark of<strong> $8-12 USD per device\/log source.<\/strong><\/p>\n<p>Some vendors will look at additional factors for pricing, including number of ingress\/egress points and the daily rate of ingestion for SIEM. Cost will also be influenced by any customer-specific pricing (including any discounts) and the breadth of services contracted (more features, for example).<\/p>\n<p>Assuming the average number of endpoints (servers, employee computers, mobile devices) for a<a href=\"http:\/\/logmeincdn.azureedge.net\/lmimedia\/central\/resources\/pdf\/en\/LogMeIn-Endpoint-Management-Whitepaper.pdf\"> small to mid-sized company is 750<\/a>, <strong>you&rsquo;re looking at dishing out a cool 6K to 9K a month for MDR.<\/strong><\/p>\n<p>All in all, the cost of MDR comes out at around 100K annually&mdash;quite a difference from the 7 figures we talked about with in-house!<\/p>\n<h2>Long-term ROI of MDR<\/h2>\n<p>Sure, when it comes to reaping the benefits of a 24&#215;7 SOC, MDR is cheaper than building out your own&mdash;but that&rsquo;s only one part of the picture. We should also look at the ROI of MDR and break down any savings we can expect over the long-term.<\/p>\n<p>The two most obvious examples of the ROI of MDR are:<\/p>\n<ol>\n<li><strong>It removes the full-time employee <\/strong>staffing costs of hiring five analysts to run a 24\/7 SOC, and;<\/li>\n<li><strong>It alleviates the capital expenditures <\/strong>of purchasing a SIEM or other security tools.<\/li>\n<\/ol>\n<p>But that&rsquo;s not all. There&rsquo;s several other aspects of cost avoidance with MDR, including:<\/p>\n<ul>\n<li><strong>Reduced risk of data breach<\/strong>: With a team of seasoned professionals monitoring your network 24&#215;7, you&rsquo;re less likely to get hit with a data breach. <strong>In 2022 the <a href=\"https:\/\/www.cyberpilot.io\/cyberpilot-blog\/new-ibm-report-the-real-cost-of-a-data-breach#:~:text=Compared%20to%20the%202021%20report,average%20cost%20is%20%244.35%20million.\">average cost of a data breach was $4.35 million<\/a>.<\/strong><\/li>\n<li><strong>Savings attributed to reduction in security incidents<\/strong>: Infected (and therefore inoperable) devices greatly impacted worker productivity. MDR can reduce worker downtime and reduce necessary IT resources for remediation.<\/li>\n<li><strong><a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2022\/07\/4-ways-businesses-can-save-money-on-cyber-insurance\">Savings on cyber insurance<\/a><\/strong>: Cyber insurers want 24\/7 detection and response in an environment. MDR satisfies this requirement for businesses, saving you potentially tens of thousands of dollars in premiums and other costs annually.<\/li>\n<\/ul>\n<p>All this being said, there is one big factor to consider before jumping into MDR, and it has to do with control.<\/p>\n<p>MDR providers will have access to sensitive network and endpoint data in order to monitor your infrastructure for threats. And although many MDR vendors have ways to secure\/obfuscate that data, some organizations may still be wary of having their data handled by an outside organization.<\/p>\n<h2>When it comes to great security and high ROI, MDR is tough to beat<\/h2>\n<p><a href=\"https:\/\/www.malwarebytes.com\/business\/managed-detection-and-response\">MDR is a cost-efficient way<\/a> to reap the benefits of a 24\/7 SOC for organizations who lack the budget to set one up themselves.<\/p>\n<p>With MDR, organizations have access to a round-the-clock team of experts to threat hunt, stay on top of the latest adversary tools, techniques, and procedures (TTPs), and quickly remediate threats as necessary, among other things.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/try.malwarebytes.com\/mdr-content-hub\/#lp-pom-block-1785\"><span class=\"blue-cta-bttn\" style=\"color: #ffffff;\">Get&nbsp;a deep dive into&nbsp;the Malwarebytes MDR service<\/span><\/a><\/p>\n<p style=\"text-align: left;\">Want to learn more MDR, but not sure where to start? We&rsquo;ve got you covered. Here are list of resources we think you&rsquo;ll find helpful:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2022\/10\/introducing-malwarebytes-managed-detection-and-response-mdr\">Introducing Malwarebytes Managed Detection and Response (MDR)<\/a><\/li>\n<li><a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2022\/12\/how-to-choose-an-mdr-vendor-6-questions-to-ask\">How to choose an MDR vendor: 6 questions to ask<\/a><\/li>\n<li><a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2022\/09\/cyber-threat-hunting-for-smbs-how-mdr-can-help\">Cyber threat hunting for SMBs: How MDR can help&nbsp;<\/a><\/li>\n<li><a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2022\/10\/an-interview-with-cyber-threat-hunter-hiep-hinh\">A cyber threat hunter talks about what he&rsquo;s learned in his 16+ year cybersecurity career<\/a><\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2022\/12\/are-outsourced-soc-services-worth-it-looking-at-the-roi-of-mdr\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/business\" rel=\"category tag\">Business<\/a><\/p>\n<p>How much can you really save leveraging an outsourced SOC versus building your own in-house? How much ROI can MDR provide over the long-term? In this post, we\u2019ll answer each of these questions and more.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2022\/12\/are-outsourced-soc-services-worth-it-looking-at-the-roi-of-mdr\" title=\"Is an outsourced SOC worth it? Looking at the ROI of MDR\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2022\/12\/are-outsourced-soc-services-worth-it-looking-at-the-roi-of-mdr\">Is an outsourced SOC worth it? Looking at the ROI of MDR<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[1001],"class_list":["post-20830","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-business"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20830"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20830\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20830"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}