Exclusive International Cyber Expo Offer

Claim your FREE Custom Threat Assessment and 1:1 Vulnerability Workshop  at this years International Cyber Expo.

Cost effective protective monitoring services- Part 2

This is the second article in a three-part series providing advice to organisations seeking managed security monitoring, protective monitoring (PM), and Security Operations Centre (SOC) services.

When Do Protective Monitoring Services Become Expensive?

Protective monitoring services can become costly due to several factors. Understanding these factors can help organisations make informed decisions:

  • Licensing Costs:

Licence models that base pricing on the number of IP addresses, events per second, or gigabytes of storage can escalate costs quickly. Typically, organisations only realise the true expense of these licences after full deployment.

  • Equipment Requirements:

Comprehensive coverage requires more expensive appliances, increased storage, and greater bandwidth. Consequently, these needs drive up warranty, support, and maintenance costs, forcing businesses to continuously purchase new equipment to meet growing demands.

  • Effort Required:

An increase in logs and data inevitably leads to more maintenance and a higher demand for analyst time. Managing the health and monitoring of all equipment becomes a significant task, requiring dedicated operations staff. As a result, costs rise as more analysts are needed when existing correlation rules prove ineffective, which ultimately slows down security operations.

  • Need for Additional Technology:

Log monitoring alone often ensures compliance but does not guarantee security. Protective monitoring solutions that rely solely on log monitoring may lack the ability to identify real security problems. Even when a log alert signals suspicious activity, analysts may struggle without the right tools or situational awareness to diagnose and resolve the issue. Therefore, investing in necessary tools like packet capture, intrusion detection, and analysis systems adds to the expense.

  • Deployment Challenges:

During deployment, organisations often discover they need additional equipment to accommodate specific environmental requirements. For example, these might include multiple security zones or other unforeseen limitations, leading to extra costs for collectors, virtual machines, or physical appliances like network taps.

  • Lack of Situational Awareness:

Many log or threat monitoring systems focus only on IP addresses, without recognising which systems are critical or which users are involved. This narrow view complicates incident identification and makes it harder to respond quickly and effectively.

  • Paying for Unnecessary Tools/Services:

Off-the-shelf solutions often lack the flexibility to adapt to specific needs, leading organisations to pay for tools or services they don’t require. As a result, these one-size-fits-all options can result in inefficiency and unnecessary costs.

How e2e-assure Addresses These Monitoring Services Issues

  • Flexible Licensing Costs: We offer three service levels—Baseline, Enhanced, and Premium—each with different protective monitoring SLAs. This approach allows organisations to select a service level that aligns with their threat tolerance and risk profile. Additionally, our pricing model charges per protected asset, ensuring that you pay only for what truly needs protection. This method avoids duplication and offers flexibility, allowing you to adjust your service level during high-risk periods, such as migrations. Crucially, you’re investing in a service that delivers outcomes, not just a product. Our comprehensive approach combines all necessary technology and service elements for effective protective monitoring and SOC services, thereby simplifying the process and eliminating complex licensing arrangements. Furthermore, we provide fixed pricing for any scale or term, giving you clear insight into the costs of scaling up.
  • Simplified Equipment Requirements: Unlike others, we don’t base charges on storage used or events per second. Instead, we supply all the equipment needed to meet the agreed service level, offering flexibility without extra costs. If specific needs arise, such as extended data retention, we can provide the additional equipment or adapt to customer-provided hosting solutions.
  • Effort Managed by Us: In our service-based model, we handle the effort, removing that burden from you. As a result, this benefits your organisation by eliminating the need to scale resources, provide training, or manage operational tasks. Additionally, our focus is on delivering efficient service, unlike product-based models where suppliers may push for more sales.
  • Comprehensive Technology Included: Our service encompasses much more than basic log monitoring. It includes monitoring for remote and mobile users, integrated endpoint scanning, and targeted threat analysis based on your business priorities. We also provide packet capture, intrusion detection, blacklist monitoring, traffic analysis, and vulnerability scanning. All these capabilities are integrated into our service. If additional technology is required, we offer it at a cost-effective, one-off charge for the device, with no charges for extra virtual machines. Therefore, you get everything you need without worrying about unexpected costs.
  • Flexible Deployment: Our service package includes all necessary equipment, with no extra charges for additional virtual machines. If more technology is needed, we offer it at a very reasonable, one-off cost. Consequently, you maintain control over your expenses.
  • Enhanced Situational Awareness: Our service provides asset identification, classification, and management based on a business-led risk and threat model. This approach ensures protection for your most valuable assets against the most likely threats. As a result, you can focus on what truly matters to your business.
  • Customised Tools and Services: Our services include flexible terms, with threat and risk workshops during onboarding to tailor the service to your specific needs. This approach ensures we focus on what’s important to your organisation, aligning the service with your requirements. Therefore, you receive a service that is designed to fit your unique situation.

Monitoring Services: Real-World Examples

We’ve encountered protective monitoring deployments that halted after a year due to costs rising to ten times the original quote. Additionally, log monitoring solutions have sometimes failed to deliver value, becoming burdensome and expensive instead. Organisations often choose services based on cost per IP address without fully understanding service features or the scope of protection needed. This leads to ineffective, costly services, leaving customers dissatisfied.

We often step in to help customers who have faced these challenges. That’s why we recommend using G-Cloud to procure these services when possible (see our other G-Cloud articles). Whether you use G-Cloud or not, here’s our advice:

  • Create a comparison matrix to evaluate features and prices.
  • Seek flexibility in scaling the service up or down, with service levels that can change monthly or even daily.
  • If possible, narrow your list of potential suppliers to those offering true SOC services. Then, ask these key questions:
    • How will you integrate with and support our existing technology?
    • How will you align with and support our current processes?
    • How will you collaborate with our existing team?
  • Focus on services, not just products, and compare the features and benefits.
  • Prioritise outcomes over technical specs like events per second. Determine which service best meets your objectives.
  • Assess the service scope—is it just log monitoring, or does the supplier offer more, such as triage and incident response?
  • Always choose suppliers with up-to-date Cyber Essentials Plus (CES+) and ISO27001:2013 certifications, ensuring these cover the services being provided.

Next Time…

The final article in this series will explore how e2e-assure has designed its services and fully embraced the ‘as a service’ delivery model. We’ll also provide examples of how organisations of different sizes and security maturities can benefit from our services.

Related Posts

Managed Threat Detection & Response provider, e2e-assure, has partnered with Searchlight Cyber, the dark web intelligence company. This collaboration will ensure the integration of dark

Artificial Intelligence (AI) is rapidly transforming the field of cyber security. On one hand, AI offers powerful tools to enhance our defences, detect threats, and