How to Optimise the Value of Your MDR Service: A Guide to Understanding MDR Pricing Models

13 Feb / 2023

Cyber Security


MDR has long been hailed as a proactive alternative to Security Information and Event Management (SIEM) software. But, with such variety available, choosing a provider can be an enormous task. To narrow down your options, the easiest place to start is looking at your budget.

Each MDR service provider prices differently, but most fall into 1 of the 5 models mentioned below. The benefits of each model vary considerably, so choose the one that will provide the best value for your business and your specific cybersecurity requirements. 

To guide you in making an informed decision, here is an in-depth guide to getting the most value out of your MDR service and choosing the most suitable pricing model for you.

 1. Consumption-Based Model

Providers following the consumption-based pricing model charge based on the amount of data or traffic your organisation needs monitored. This is ideal for cloud-based businesses that work with large quantities of data.

  • Pros: MDR services based on the cloud can slot seamlessly into your containerised infrastructure. The consumption-based model covers all areas of your cloud-based network, so nothing gets missed. You may also appreciate paying for exactly what you use.
  • Cons: When deployed to their full extent, the cost of services based on this pricing model can become extortionate. A surge in traffic leads to a surge in pricing and you might experience bill shock as a result.
  • Optimise: Go for a provider offering a consumption-based pricing model with a cap. Use this model without a cap only if budget is inconsequential or you don’t expect data or traffic levels to fluctuate. Bear in mind that a cap may cause threats to be missed.

2. Project-Based Model

MDR services priced using the project-based model cost a flat fee that is agreed upon upfront. This is typically only part of your security, not a strategy in itself. This is best used for individual projects such as a security audit or incident response.

  • Pros: You know upfront exactly how much you will pay. This is great for businesses with just one or two weaknesses within their on-premises security systems and in-house team. It might also help you define an ideal strategy for your business.
  • Cons: Not comprehensive and generally only covers one area that you need help with.
  • Optimise: Engage for a project if your security team is diverse and robust but wants to outsource one or two key areas. Otherwise, opt for a more comprehensive service.

3. Performance-Based Model

With a performance-based model, you pay based on the level of protection you receive. In this pricing model, you can choose to cover only certain aspects of your environment (for example a number of endpoints) or specific regions of your environment (i.e. remote branches). This is ideal for businesses in high-risk industries or with very specific compliance requirements that only need coverage across certain areas. 

  • Pros: Like the consumption-based model, you only pay for the benefits you receive and you can gain cost efficiencies by not securing areas of the network or infrastructure that are not mission-critical.
  • Cons: There is no clear budget with this model, and it is not necessarily comprehensive. This also leaves areas of your threat attack surface exposed, where a malicious actor can penetrate the environment through one of the unprotected areas and then move through the network laterally. 
  • Optimise: Go for a provider that includes a Security Operations Centre Analyst. Also, set a predefined playbook that assesses the areas that are being protected and ensure that unprotected areas (i.e. on-premises infrastructure) are covered on their own.

4. Subscription-based model

Subscription-based models set pricing per endpoint, per month. An endpoint is usually a laptop or user but could also be another type of workstation or even a server. These are ideal for businesses that need a comprehensive, cost-effective solution.

  • Pros: This model provides unlimited log ingestion and can be customised to suit business needs. Pricing is linear – so is a very affordable option. You will never be charged for security incidents or overtime.
  • Cons: This model may not be ideal for businesses that see endpoints fluctuating significantly or have a large Mergers & Acquisitions business model that needs to integrate endpoints quickly. 
  • Optimise: Ensure remediation is included in your subscription.

5. Hybrid Model

As the name suggests, any pricing structure that uses a combination of the above can be considered hybrid. The advantages and disadvantages vary considerably between providers, and you can use this guide to work out a hybrid plan that suits your business. 


Cythera: full MDR services priced per endpoint

If you are looking for an effective, comprehensive MDR service, partner with a provider that offers a subscription-based pricing model. A partner like Cythera provides customers with flexible commercial options and fixed pricing per endpoint.

Pay your subscription per month and choose from a range of coverage and design options. Cythera always includes virtually unlimited log ingestion, so your price won’t spike just because business does.

Don't wait until it's too late. Protect your business with Cythera's premium Managed Detection & Response service, book in a no-obligation discovery session with our lead cybersecurity expert today.

In exchange for your time, and to thank you for choosing Cythera, we will make a $100 AUD donation on your behalf.
Learn more here

Resources

You may be interested in

The Ugly Side of ISO 27001 Compliance. What Happens if You Get it Wrong?

We’re going to be candid and frank here. ISO 27001 audits, and any cybersecurity compliance audits at all, can be hard to achieve and stressfu…

Read More arrow_forward

The Perfect 10 - Remote Code Execution in Apache Log4j Requiring Emergency Patching

CVE: CVE-2021-44228 CVSS Score: 10 (Critical)What Is Vulnerable?: Apache Log4j Version 2.15-rc1 or prior. (All version prior to 2.15-rc1 are vu…

Read More arrow_forward

The Cythera Approach To Incident Response

We’re increasingly assisting more organisations respond to security incidents and breaches, in every industry vertical. If you need some point…

Read More arrow_forward