To build or to buy…that is the question

· 2 MIN READ · CLAIRE O'MALLEY · NOV 16, 2023 · TAGS: Analyst report / MDR / Tech tools

Understanding the true blood, sweat, and tears that a DIY detection and response approach requires

Building, crafting, and maintaining a security strategy involves a never-ending string of decisions that will impact resilience far into the future. Chief Information Security Officers (CISOs) and security leaders juggle budgets, headcount, tools, partnerships, contracts, regulations, board expectations, and lots more, and that’s before they’re even called upon to handle an active cybersecurity incident, deal with an emerging vulnerability, implement a new tool, or even oversee normal day-to-day security operations. No pressure, right?

One of the most crucial decisions a security leader will make is whether to build out their own detection and response function or look to an outside managed detection and response (MDR) provider for help. Building and maintaining detection and response is expensive (we talk about this in a recently updated blog post)—but the DIY task involves way more than just money. There’s also the recruiting and retaining aspect where so many organizations solely focus on traditional security skills from a shrinking and limited talent pool. Then, there’s the task of properly integrating security tools so that they provide decisions instead of just information overload. Automated solutions can help, but automating an immature process only risks mistakes happening faster. Plus, incorporating auto-containment features can add even more variables to an already complicated equation. As your organization grows—technology, people, and process wise—your security operations will have to keep up.

In fact, recent research by Enterprise Strategy Group (ESG) found that 52% of organizations recognize that security operations are more difficult now than just two years ago.

Now don’t get us wrong. It’s possible for orgs to fully commit to the DIY approach and do it well. Lots have been very successful in creating world-class security teams and programs. But the juice might not be worth the squeeze for many companies, especially as they consider long-term return on investment (ROI), employee retention, and lack the years needed to implement the tech needed to build a SOC from the ground up.

We wanted to get a third-party expert’s take on the question of building vs. buying to better understand the details. We commissioned ESG to conduct an Economic Validation, which focuses on the quantitative and qualitative benefits that organizations can expect by using Expel MDR rather than building, staffing, and maintaining their own detection and response operations. ESG provides a great overview that outlines each step, financial cost, hours (or years) needed, and mental toll that the DIY task truly requires.

In their own words, here’s how ESG’s analysts ran their research:

ESG conducted in-depth interviews with end users to better understand and quantify how Expel’s MDR has affected their organizations, particularly in comparison with previously deployed and/or experienced solutions. ESG reviewed vendor-created technical documentation, existing case studies, and third-party analyses, as well as leveraging our own expert analyst opinions and knowledge of the industry, markets, and alternative technologies. The qualitative and quantitative findings around time and effort savings were then used as the basis for a simple economic analysis predicting the potential operational cost savings and reduced risk for an organization.

ESG found that Expel delivers some specific savings and benefits to customers, including:

  • Faster time to protection
  • Reduced business risk
  • Increased operational efficiency

Download the Economic Validation report by ESG, Analyzing the Economic Benefits of Expel’s Managed Detection and Response Services, to get detailed breakdowns of the actual benefits that some Expel customers are seeing, along with ESG’s predictions for potential savings and efficiencies.

Of course, if you’d like to talk with us about how Expel MDR can benefit your specific org, drop us a line.