A growing number of organizations pursuing extended detection and response (XDR) are choosing to buy a managed XDR service instead. They report saving both time and money. Which is the right approach for your organization: Should you build XDR in-house or buy it as a service?
The Cybersecurity Complexity Problem
Today’s threat actors are smart, sophisticated, and persistent. In many cases, they no longer act alone. Instead, they build criminal enterprises that operate as dark mirrors of their targets. Some call this the enterprise model of cybercrime. These organizations have recruiters, developers, and even executive leadership.
To make matters worse, given the mix of bring-your-own-devices (BYODs), VPNs working beyond the firewall, and specific users that cybercriminals are directly targeting to gain access, your own network is no longer the only thing under attack.
Across this increasingly vast attack surface, threat actors are constantly probing for vulnerabilities. An oversight where the security responsibilities between vendor and client overlap, a misconfigured personal device, a careless mistake committed by a trusted partner — everything is fair game. And while your security team must fend off every attack, cybercriminals only need to succeed once.
In addition to challenges from threat actors outside the organization, there is a growing cybersecurity issue within organizations. The complexities introduced by the technology used for securing data sources — such as endpoints, networks, mobile devices, cloud services, SIEM, Identity, and the Internet of things (IoT) — often become overwhelming for IT and cybersecurity teams.
An organization might have dozens of different point solutions, each tailored to specific threats. This approach quickly becomes unsustainable.
Each new tool makes cybersecurity more complex, costly and challenging to maintain. Collectively, they produce an avalanche of alerts that need to be sorted through in hopes of finding the few that warrant greater investigation. Recent research reveals that 83% of security professionals suffer “alert fatigue” and struggle with managing alerts along with their other priorities. The burden of training grows in this scenario, as well.
Additional security tools increase the chance that your security stack could become self-defeating as it buckles under its own weight. Organizations can find themselves hampered by integration and compatibility issues, a surprising lack of holistic visibility, and wasted time, as network defenders jump between multiple consoles.
The Cybersecurity Employment Gap
While “tool sprawl” is a significant security roadblock, so is staffing. Small and medium-sized organizations (SMBs) have been hit particularly hard by the cybersecurity talent shortage, and often lack resources to seek out and acquire an in-house team of security experts.
Here are some key cyber threat defense items that most organizations lack:
- The necessary expertise to effectively manage and respond to both current and evolving cyberthreats
- Time and staff to keep up with the growing complexity of their security ecosystem
- Budget and resources to address these concerns
How Managed Extended Detection and Response Solves Security Challenges
An increasing number of organizations are considering managed XDR as an approach to simplify and solve many of the cybersecurity challenges they face. Managed XDR typically handles all of the following:
- Collects threat intelligence from multiple sources and intelligently filters them so a security team receives only relevant, actionable alerts
- Gives your business access to around-the-clock cybersecurity expertise at a fraction of what it would cost to do this in-house
- Helps consolidate your security stack into a more unified and effective set of solutions
- Addresses time and resource shortages by providing expert analysts that act as an extension of your team
- Reaps the benefits of XDR without the significant staffing required
In-House XDR (Build) vs. Managed XDR (Buy)
So back to our question: To realize the benefits of XDR, should you build your own XDR solution in-house or purchase managed XDR? The right answer for your organization will likely vary based on staffing, budget, and risk appetite.
The Cost to Build XDR
The chart below, created through a detailed BlackBerry analysis, can be an extremely helpful resource. It compares the cost to subscribe to a managed XDR service and that of creating an in-house XDR team and technology stack.