Skip Navigation
BlackBerry Blog

Build XDR vs. Buy Managed XDR: Assessing Your Options

A growing number of organizations pursuing extended detection and response (XDR) are choosing to buy a managed XDR service instead. They report saving both time and money. Which is the right approach for your organization: Should you build XDR in-house or buy it as a service?

The Cybersecurity Complexity Problem

Today’s threat actors are smart, sophisticated, and persistent. In many cases, they no longer act alone. Instead, they build criminal enterprises that operate as dark mirrors of their targets. Some call this the enterprise model of cybercrime. These organizations have recruiters, developers, and even executive leadership. 

To make matters worse, given the mix of bring-your-own-devices (BYODs), VPNs working beyond the firewall, and specific users that cybercriminals are directly targeting to gain access, your own network is no longer the only thing under attack. 

Across this increasingly vast attack surface, threat actors are constantly probing for vulnerabilities. An oversight where the security responsibilities between vendor and client overlap, a misconfigured personal device, a careless mistake committed by a trusted partner — everything is fair game. And while your security team must fend off every attack, cybercriminals only need to succeed once. 

In addition to challenges from threat actors outside the organization, there is a growing cybersecurity issue within organizations. The complexities introduced by the technology used for securing data sources — such as endpoints, networks, mobile devices, cloud services, SIEM, Identity, and the Internet of things (IoT) — often become overwhelming for IT and cybersecurity teams. 

An organization might have dozens of different point solutions, each tailored to specific threats. This approach quickly becomes unsustainable.

Each new tool makes cybersecurity more complex, costly and challenging to maintain. Collectively, they produce an avalanche of alerts that need to be sorted through in hopes of finding the few that warrant greater investigation. Recent research reveals that 83% of security professionals suffer “alert fatigue” and struggle with managing alerts along with their other priorities. The burden of training grows in this scenario, as well.  

Additional security tools increase the chance that your security stack could become self-defeating as it buckles under its own weight. Organizations can find themselves hampered by integration and compatibility issues, a surprising lack of holistic visibility, and wasted time, as network defenders jump between multiple consoles.

The Cybersecurity Employment Gap

While “tool sprawl” is a significant security roadblock, so is staffing. Small and medium-sized organizations (SMBs) have been hit particularly hard by the cybersecurity talent shortage, and often lack resources to seek out and acquire an in-house team of security experts.

 Here are some key cyber threat defense items that most organizations lack:

  • The necessary expertise to effectively manage and respond to both current and evolving cyberthreats
  • Time and staff to keep up with the growing complexity of their security ecosystem
  •  Budget and resources to address these concerns

How Managed Extended Detection and Response Solves Security Challenges

An increasing number of organizations are considering managed XDR as an approach to simplify and solve many of the cybersecurity challenges they face. Managed XDR typically handles all of the following:

  • Collects threat intelligence from multiple sources and intelligently filters them so a security team receives only relevant, actionable alerts
  • Gives your business access to around-the-clock cybersecurity expertise at a fraction of what it would cost to do this in-house
  • Helps consolidate your security stack into a more unified and effective set of solutions
  • Addresses time and resource shortages by providing expert analysts that act as an extension of your team
  • Reaps the benefits of XDR without the significant staffing required

In-House XDR (Build) vs. Managed XDR (Buy) 

So back to our question: To realize the benefits of XDR, should you build your own XDR solution in-house or purchase managed XDR? The right answer for your organization will likely vary based on staffing, budget, and risk appetite.

The Cost to Build XDR

The chart below, created through a detailed BlackBerry analysis, can be an extremely helpful resource. It compares the cost to subscribe to a managed XDR service and that of creating an in-house XDR team and technology stack.

Detailed analysis from the BlackBerry Managed XDR Buyer's Guide.

Based on an analysis of compensation and other fixed costs, a “minimal XDR build” could cost nearly $900,000 to create. In this scenario, there would be five SOC team members and the dollar amount represents each component, including deployment, product integrations, and employee salaries. The minimal build scenario will leave roles occasionally unstaffed due to sick leave, vacations, holiday schedules, and other absences. This limits costs but increases cyber risk at times, and some organizations may determine this is an unacceptable tradeoff.

On the other end of in-house XDR spectrum, the cost of creating an “optimal XDR build” comes in at roughly $2.2 million. In this scenario, higher staffing levels drive more complete coverage and result in a significantly higher price tag. (See the key in the upper right of the chart for specific staffing details.)

Many organizations would like robust coverage with a team of experts, but building that team and the related technology stack is simply outside of their budget. And the time involved for completing an internal XDR build can be significant. Also, these costs don’t account for baseline security investments like endpoint protection and endpoint management, which serve as a foundation for XDR.

Buying a Managed XDR Solution

Should you buy a managed XDR solution instead? Each organization will approach this question differently. However, subscribing to a managed XDR platform is much more budget-friendly, making it easier to show ROI to business stakeholders.  

In the chart above, you can see the cost is approximately $91,000 for an organization with 1,001 endpoints, and less than $500,000 for enterprise level managed XDR service that covers 5,001 endpoints.

Another reason to consider “buying” a managed XDR solution is that it rapidly improves your security posture, because implementation is much faster than building this approach yourself.

In very short order, your organization can leverage advanced threat detection, endpoint protection, and incident management, with 24x7x365 support delivered by highly experienced security analysts and professionals. The right managed XDR service will provide experts that give you everything you need to implement a mature, effective cybersecurity strategy. And many organizations see their internal security team’s workload decrease dramatically, allowing analysts to spend more time on your most important projects.

Evaluating Managed XDR Solutions

While the case for buying managed XDR services is compelling, evaluating the best service provider for your organization is critical, and it can seem daunting. Where should you start?

In our opinion, narrowing your list down to providers with 24x7x365 coverage is crucial. That way your in-house team gets breaks while your security posture remains strong, with no gaps in coverage.

Beyond that, there are other key considerations, and how you view them will depend on your organization. That is why we’ve created an easy-to-read, highly shareable Managed XDR Buyer’s Guide for your reference.

About CylanceGUARD

CylanceGUARD® is a subscription-based 24x7 managed XDR service that provides actionable intelligence for customers to prevent threats quickly, while minimizing alert fatigue, without requiring additional resources. This service is fully integrated with CylancePROTECT®, CylanceOPTICS®, CylancePERSONA™, CylanceGATEWAY™, and third-party vendors that provide holistic telemetry across all endpoints. This enables highly skilled BlackBerry analysts to threat-hunt through customer environments, prevent major breaches, and help organizations mature their security posture.

Tamarian Del Conte

About Tamarian Del Conte

Tamarian Del Conte is a Senior Product Marketing Manager at BlackBerry.