Should you build your own or purchase MDR services — Is Open XDR the answer?
For the last several years, MSP partners have been making a tough decision – should I build cybersecurity within my own business or outsource it? Until a few years ago, the manual nature of SOC technology and cybersecurity talent made it very difficult to build your own service. Today there are many new, more robust solutions available which make the decision to build much easier.
To decide, first look at what you are providing to your customers today. Do you provide high touch personalized support? Do you currently manage their firewalls, mail, and endpoint security? If you currently have staff that provides these types of services, it may make sense to consider building your own.
When we are at conferences, we hear very similar feedback. There are thousands of MDR providers, and as with any type of partner, there are good ones and some not-so-good ones. They have the same challenges you will have: it’s difficult for them to find and enable SOC analysts. We also hear from many partners that the level of service from Manufacturer MDR providers is not what they expected. They will surface serious alerts, probably not as often as you would expect, but the remediation advice is not normally provided.
Another big challenge for MDR providers is that many of them use legacy SIEM technology. We have a partner in Texas who supports around 40 customers. They had three full-time employees managing their SIEM rules and correlating threat intelligence. A next-generation SOC platform will automate these tasks, and you will also get fewer false positives, faster detection times, and faster remediation. SOAR is also a critical feature of the larger MSSP/MDR providers to automate response to commodity threats. With these more powerful tools and automation, you may be able to leverage them to begin your MSSP service.
There is a case to be made for building your own service and using an MSSP for your larger, more mature customers. You could also consider partners that can provide off-hours coverage so your team can provide support during normal business hours. At Stellar Cyber, we support every type of option and MSSP partner. The key is to make sure that you have offers that meet the maturity level and needs of all your customers. Below is a great model to illustrate how you can start with a lower-level 8×5 service for your less mature customers and work your way up to providing advanced services like threat hunting.
With the right platform, you can provide all these services at a single license cost. We have Master MSSP partners that have been certified on the platform that can support you. We also have a 60-day Stellar Cyber Open XDR Jumpstart program to help you organize your team and get everyone the appropriate training to launch your own service. In addition, we are partnering with cybersecurity programs like the Cyberdome at Boise State University to help develop analysts for our partners and customers.
If you have considered this in the past but didn’t do it for whatever reason, now is a great time to start. To learn more about Open XDR, please reach out to me at firstname.lastname@example.org