Evaluating the Costs and Benefits of In-House vs. Outsourced MDR

By Ashley Hernandez, Product Marketing Manager

Estimated Reading Time: 4 minutes

Maturing or evolving security teams eventually face a common dilemma. In their effort to meet growing detection and response challenges, they must decide whether to build new SOC capabilities in-house or outsource some or all of their security operations. Often the speed necessary to secure the environment is at odds with a team’s ability to build or find a solution.

Budget and resource constraints must be evaluated. Current technology investments and resource requirements to onboard new services must be considered. To begin your own cost-benefit analysis for building a team versus an outsourced SOC, consider the following:

DIY Insourcing

Cost, control and staffing are factors to consider when you decide to maintain your own in-house security operations team. The total number of employees will be a direct cost, while recruiting and training will be an indirect cost. Insourcing offers the ability to control and customize all the workflows, processes, and procedures that may be needed. It also means talent stays in-house with career growth opportunities for your staff – potentially creating more willingness for staff to remain in your employ.

On the flip side, DIY insourcing also means certain areas of expertise are subject to the available talent pool, which may or may not be attainable due to the current skills gap. This means that although in theory, you are able to customize workflows and processes as needed, in practice this may be constrained if you lack the skilled talent to perform the work successfully. You are also faced with personnel management issues, turnover, and continuing education.

Managed Detection & Response (MDR) Outsourcing

Choosing to outsource part or all of the SOC is an important decision for companies to make. Outsourced managed detection and response (MDR) services provide your organization’s security team with additional resources and capabilities. MDR includes round-the-clock monitoring, threat hunting, advanced detection, and effective response and mitigation to threats. The most effective MDR providers act as an extension of an organization’s internal team and provide value through technology management (i.e. managed SIEM and firewall) and 24/7/365 alert monitoring, validation, escalation. 

Companies not only need fewer internal staff when outsourcing, but also free up internal staff time to focus on other equally-as-important tasks. Outsourcing reduces direct and indirect personnel costs and also saves companies from having to front all the costs associated with technology infrastructure. 

In addition, outsourcing means your SOC will be up and running fairly quickly, typically within 60 days of contract execution. You will also have access to named personnel that are trained on current best-of-breed technologies.

Companies that outsource some or all of their security operations activities benefit from expanded operational capabilities, such as access to a broader range of skills, knowledge, and experience with security operations center (SOC) analysts and engineers. Businesses enjoy a more comprehensive list of value-added technologies without needing to build and maintain them in-house. Outsourcing also enables your internal team to focus on maturing your security, instead of spending hours identifying the threats.

Finally, there are cost savings associated with an MDR outsourcing, particularly given the current shortage in security staffing. The MDR provider invests in the technology, tools, skills, staff, and operational best practices, creating cost savings for your business.

Estimates suggest that you can use three times fewer internal staff when you outsource, reducing direct and indirect personnel costs. See the chart below for cost differences between insourcing and outsourcing.

FTE’s$1,000,000 +
SIEM, Upgrades, Integrations (ie Ticketing systems)
Cost Comparison$2,200,000+$950,000
1 Based on industry average

Benefits when partnering with an MDR provider:

  •  Reduced personnel costs
  •  Quicker time-to-value
  •  24/7 access to named resources
  •  Technology expertise
  •  Increased ROI of existing security investments

As economic concerns grow, security teams with limited resources look to Deepwatch Managed Security Solutions to optimize budgets, extend coverage, and reduce risk. Organizations concerned about economic uncertainty extend their teams with 24/7/365 coverage and add critical expertise without adding headcount with Deepwatch. Our MDR managed services can save organizations money by reducing software licenses for SIEM and SOAR technology, get more value out of existing investments, and reduce the risk of a costly breach. Deepwatch managed services including EDR, MDR and MXDR cost-effectively address the growing attack surface by filling security gaps so in-house teams can focus on other business objectives.


LinkedIn Twitter YouTube

Subscribe to the Deepwatch Insights Blog