SOC provider pricing

Pricing only makes sense after you know what the provider owns: alerting, investigation, containment, shared SOC work or running the SOC.

Typical ranges

Provider owns Often sold as Directional range Usually priced by Watch for

Monitor and notify

Managed SIEM, log monitoring, basic MSSP

$1K-$10K/mo

Log source, data volume, user or retainer

Raw alerts without investigation or containment.

Investigate and advise

Managed SIEM, triage service, guided MDR

$3K-$20K/mo

Asset count, data sources, analyst coverage or retainer

Advice may stop before response action.

Contain threats

MDR, managed EDR, XDR

$5-$30/endpoint/mo

Endpoint, asset, user, workload or platform add-on

Platform license, cloud coverage and identity coverage may be separate.

Co-manage the SOC

SOC augmentation, managed XDR, managed SIEM plus SOC

$8K-$50K+/mo

Retainer, tool scope, data volume, runbooks or analyst coverage

Internal team still owns approvals, business context and some remediation.

Run the SOC

SOCaaS, managed SOC, broad MSSP

$15K-$100K+/mo

Environment size, telemetry scope, SLAs, regions and response workflow

Run the SOC does not always mean full incident response or unlimited remediation.

What changes the quote

Coverage

Endpoint-only MDR prices differently from services that also cover cloud, identity, email, SaaS and network telemetry.

Data

SIEM-backed services can change sharply with ingestion volume, retention period, parsing work and custom data sources.

Response

Containment authority, after-hours escalation, approved playbooks and remediation support are often the real price gap.

Platform

Some quotes bundle the security platform. Others require a separate EDR, SIEM, XDR or cloud-security license.

People

Named analysts, dedicated teams, hunting, detection engineering and SOC tuning move pricing beyond basic monitoring.

Compliance

FedRAMP, data residency, audit evidence, custom reporting and regulated workflows can change scope and contract size.

Common pricing units

Endpoint / asset

MDR, managed EDR, XDR

Check whether servers, cloud workloads and response actions are included.

User

Microsoft-heavy environments, SMB packages

Clarify whether users, identities, mailboxes and endpoints are counted separately.

Data volume

Managed SIEM, log monitoring, SOC platforms

Ask about ingestion, retention, hot storage, parsing and burst fees.

Retainer

Co-managed SOC, managed SOC, enterprise MSSP

Compare included work, not just the monthly number.

Platform plus service

XDR, SIEM, SOC operations platforms

Separate software subscription cost from managed analyst service cost.

Provider pricing signals

42 providers have a public price, market signal or directional pricing note.

Browse all providers ->
Provider Service Response Model Pricing signal
Datadog Cloud SIEM SOCaaS Monitor and notify Tiered, Custom Published from $5 per 1M analyzed events/month Lumu Defender XDR Monitor and notify Per-asset, Tiered Free tier with paid per-asset plans Alert Logic MDR Investigate and advise Per-asset, Tiered, Custom Quote-based; AWS Marketplace private offer available Armis Managed Threat Service MSSP Investigate and advise Tiered, Custom G-Cloud examples from £134,400 per asset block* BT Managed Sentinel MSSP Investigate and advise Flat-fee, Custom Public G-Cloud price from £6,275 per instance Forescout Assist for Threat Detection & Response MDR Investigate and advise Per-asset, Custom CDW lists a one-year Forescout Assist F/XDR subscription SKU at $11,771.99. Microsoft Defender Experts for Hunting XDR Investigate and advise Custom No public standalone price found. Verizon Managed SIEM MSSP Investigate and advise Per-asset, Custom Quote-based, per serviced SIEM device Arctic Wolf MDR Contain threats Per-user, Tiered, Custom AWS Marketplace MDR Basic: $44K/year for up to 100 users Barracuda Managed XDR XDR Contain threats Per-user, Per-endpoint, Custom Quote-based; official page shows per-user/month model Bitdefender MDR MDR Contain threats Tiered, Custom Quote-based because Bitdefender does not publish MDR list pricing Blackpoint Cyber MDR Contain threats Custom, Tiered Quote-based MSP/channel pricing Blumira XDR Contain threats Per-user, Tiered Detect $12, Respond $16 and Automate $21 per employee/month Critical Start MDR Contain threats Tiered, Custom Quote-based tiered MDR with AWS Marketplace private-offer procurement CrowdStrike Falcon Complete MDR Contain threats Per-endpoint, Tiered, Custom Quote-based. Public pricing research points to ~$25-45/endpoint/month* Dell Managed Detection and Response MDR Contain threats Per-endpoint, Custom Quote-based, per managed endpoint eSentire MDR Contain threats Per-endpoint, Tiered, Custom Quote-based Atlas MDR packages Expel MDR MDR Contain threats Per-asset, Tiered, Custom Quote-based; Expel publishes package tiers but not numeric list pricing. Field Effect MDR MDR Contain threats Per-user, Tiered, Custom Quote-based per-user pricing Huntress MDR Contain threats Per-endpoint, Per-user, Per-asset, Custom Quote-based pricing by endpoint, identity, data source, and learner Kaseya MDR MDR Contain threats Per-endpoint, Per-user, Custom Quote-based, by endpoint and Microsoft 365 coverage Mandiant Managed Defense MDR Contain threats Per-asset, Custom CDW reseller listing shows $53.99 for one subscription license SKU Microsoft Defender Experts for XDR XDR Contain threats Per-user, Custom Sales-led Microsoft pricing with a 1,500-seat Suite minimum Orange Cyberdefense Managed Threat Detection and Response MDR Contain threats Custom Quote-based, private-offer signals Rapid7 Managed Threat Complete MDR Contain threats Per-asset, Tiered, Custom AWS Marketplace lists a 12-month Managed Threat Complete Essential contract from $73,000. Red Canary MDR Contain threats Per-endpoint, Per-user, Per-asset, Tiered, Custom Quote-based. Public reviews mention roughly $100/device/year* SentinelOne Wayfinder MDR MDR Contain threats Per-endpoint, Custom Quote-based Sophos MDR MDR Contain threats Per-user, Per-endpoint, Tiered, Custom AWS Marketplace: $239.64/user/year and $390.72/server/year* Adlumin MDR Co-manage the SOC Tiered, Custom Quote-based; no public list price Binary Defense Co-Management Co-managed SOC Co-manage the SOC Custom Quote-based through direct, partner or AWS Marketplace private offer BlueVoyant MDR Co-managed SOC Co-manage the SOC Per-endpoint, Tiered, Custom AWS Marketplace Splunk MDR listing starts at $73,872 per 12 months Cyderes MDR Co-managed SOC Co-manage the SOC Custom Quote-based subscription by environment size and service level Darktrace Managed Detection and Response MDR Co-manage the SOC Custom No public MDR list price found. Deepwatch Guardian MDR Platform Co-managed SOC Co-manage the SOC Custom Quote-based through direct or marketplace scoping Netsurion Managed Open XDR Co-managed SOC Co-manage the SOC Tiered, Custom Quote-based, with pay-as-you-grow packaging referenced for MSP buyers Ontinue ION MXDR Co-managed SOC Co-manage the SOC Custom Quote-based, licensed per Ontinue Unit Proficio ProSOC MDR Co-managed SOC Co-manage the SOC Custom, Tiered Quote-based direct, partner or marketplace private offer ReliaQuest GreyMatter Co-managed SOC Co-manage the SOC Custom AWS Marketplace lists a 12-month GreyMatter SIEM Integration Plus package at $226,000* Todyl MXDR Co-managed SOC Co-manage the SOC Tiered, Custom Quote-based package pricing Bridewell Security Operations Center SOCaaS Run the SOC Per-user, Per-asset, Custom Indicative G-Cloud references start at £5.25 per user and £3.04 per server per month* Pondurance SOCaaS Run the SOC Custom, Per-asset Quote-based, quick-quote path available SecurityHQ Managed SOC SOCaaS Run the SOC Tiered, Custom G-Cloud examples from £30,664.70 to £297,154 per year*

Read prices as scope signals

Public SOC pricing is uneven. Some vendors publish per-user or per-endpoint prices. Others expose marketplace rates, package names, partner signals or customer-reported ranges. Treat the number as a shortlist signal, then confirm the contract scope before comparing providers.