Forward alerts
Managed SIEM, log monitoring, basic MSSP
$1K-$10K/moLog source, data volume, user or retainer
Raw alerts without investigation or containment.
SOC provider pricing
Pricing only makes sense after you know what the provider owns: alerting, investigation, containment, shared SOC work or the full SOC function.
Typical ranges
Provider owns Often sold as Directional range Usually priced by Watch for
Investigate alerts
Managed SIEM, triage service, guided MDR
$3K-$20K/moAsset count, data sources, analyst coverage or retainer
Advice may stop before response action.
Contain threats
MDR, managed EDR, XDR
$5-$30/endpoint/moEndpoint, asset, user, workload or platform add-on
Platform license, cloud coverage and identity coverage may be separate.
Co‑managed SOC
SOC augmentation, managed XDR, managed SIEM plus SOC
$8K-$50K+/moRetainer, tool scope, data volume, runbooks or analyst coverage
Internal team still owns approvals, business context and some remediation.
Full SOC
SOCaaS, managed SOC, broad MSSP
$15K-$100K+/moEnvironment size, telemetry scope, SLAs, regions and response workflow
Full SOC does not always mean full incident response or unlimited remediation.
What changes the quote
Coverage
Endpoint-only MDR prices differently from services that also cover cloud, identity, email, SaaS and network telemetry.
Data
SIEM-backed services can change sharply with ingestion volume, retention period, parsing work and custom data sources.
Response
Containment authority, after-hours escalation, approved playbooks and remediation support are often the real price gap.
Platform
Some quotes bundle the security platform. Others require a separate EDR, SIEM, XDR or cloud-security license.
People
Named analysts, dedicated teams, hunting, detection engineering and SOC tuning move pricing beyond basic monitoring.
Compliance
FedRAMP, data residency, audit evidence, custom reporting and regulated workflows can change scope and contract size.
Common pricing units
Endpoint / asset
MDR, managed EDR, XDR
Check whether servers, cloud workloads and response actions are included.
User
Microsoft-heavy environments, SMB packages
Clarify whether users, identities, mailboxes and endpoints are counted separately.
Data volume
Managed SIEM, log monitoring, SOC platforms
Ask about ingestion, retention, hot storage, parsing and burst fees.
Retainer
Co‑managed SOC, full SOC, enterprise MSSP
Compare included work, not just the monthly number.
Platform plus service
XDR, SIEM, SOC operations platforms
Separate software subscription cost from managed analyst service cost.
Provider pricing signals
41 providers have a public price, market signal or directional pricing note.
Provider Service Response Model Pricing signal
Datadog Security SOCaaS Forward alerts Per-asset, Custom Usage-based pricing per host, per GB ingested, and per security module. Costs vary significantly based on data volume. Mid-market typically pays $5K-$20K/month. Alert Logic MDR Investigate alerts Per-asset, Tiered, Custom SMB $3K-$8K/mo · Mid-market $8K-$20K/mo · Enterprise $20K-$50K/mo AT&T Cybersecurity MSSP Investigate alerts Per-asset, Tiered, Custom $1,695/year (USM Anywhere) Blumira XDR Investigate alerts Per-user, Tiered Free tier available; paid plans publicly listed around $12-$21/user/month Deepwatch MDR Investigate alerts Custom, Tiered Custom enterprise pricing based on environment size and SIEM platform. Average annual contracts around $220K/year. Adlumin MDR Contain threats Tiered, Per-endpoint, Custom Quote-based; indicative range $2K-$15K/month Barracuda Managed XDR MDR Contain threats Per-user, Tiered ~$3-7/user/month Bitdefender MDR MDR Contain threats Per-endpoint, Tiered Around $7-15/endpoint/month Blackpoint Cyber MDR Contain threats Per-endpoint, Tiered ~$8-15/endpoint/month ConnectWise MDR MDR Contain threats Per-endpoint, Tiered, Custom SMB $1K-$3K/mo · Mid-market $3K-$10K/mo Critical Start MDR Contain threats Tiered, Custom Mid-market $10K-$25K/mo · Enterprise $25K-$75K/mo CrowdStrike Falcon Complete MDR Contain threats Per-endpoint, Tiered Indicative range around $15-25/endpoint/month, usually on top of Falcon platform licensing Cybereason MDR Contain threats Per-endpoint, Tiered Per-endpoint pricing with tiered service levels. Mid-market organizations typically pay $10K-$25K/month. Cyderes MDR Contain threats Per-user, Tiered, Custom Mid-market $15K-$30K/mo · Enterprise $30K-$80K/mo eSentire MDR Contain threats Per-endpoint, Tiered, Custom ~$15-25/endpoint/month Expel MDR Contain threats Per-asset, Tiered, Custom Mid-market $8K-$20K/mo · Enterprise $20K-$50K/mo Forescout MDR Contain threats Per-asset, Custom Per-asset pricing with custom quotes. Premium positioning — mid-market organizations typically pay $15K-$40K/month. Fortinet FortiGuard MDR MDR Contain threats Per-endpoint, Tiered ~$3-8/endpoint/month Huntress MDR Contain threats Per-endpoint, Per-user, Tiered Published and partner pricing signals around $3-5/endpoint/month LevelBlue MSSP Contain threats Per-asset, Custom Custom per-asset pricing based on environment size and service tier. Mid-market deployments typically run $8K-$25K/month; enterprise engagements range from $25K-$75K/month. Mandiant / Google Security Operations MDR Contain threats Custom Mid-market $20K-$50K/mo · Enterprise $50K-$200K/mo Microsoft Defender Experts XDR Contain threats Per-user, Tiered, Custom Enterprise $30K-$100K+/mo NTT Security MSSP Contain threats Custom, Tiered, Per-asset Mid-market $15K-$30K/mo · Enterprise $30K-$100K/mo Palo Alto Networks Unit 42 MDR Contain threats Per-endpoint, Tiered, Custom ~$80/endpoint/year (Cortex XDR Pro) Proficio MDR Contain threats Custom, Tiered, Per-asset Mid-market $5K-$15K/mo · Enterprise $15K-$40K/mo Rapid7 MDR MDR Contain threats Per-asset, Tiered, Custom ~$17/asset/month Red Canary MDR Contain threats Per-endpoint, Per-user, Per-asset, Tiered ~$100-120/endpoint/year Secureworks XDR Contain threats Per-user, Tiered, Custom Mid-market $10K-$25K/mo · Enterprise $25K-$75K/mo SentinelOne Vigilance MDR Contain threats Per-endpoint, Tiered ~$17-50/endpoint/year (on top of platform license) Sophos MDR MDR Contain threats Per-endpoint, Per-asset, Tiered ~$5-12/endpoint/month Todyl MDR Contain threats Per-user, Tiered, Custom SMB $500-$2K/mo · Mid-market $2K-$6K/mo Trellix XDR Contain threats Per-endpoint, Custom Mid-market $15K-$40K/mo · Enterprise $40K-$150K/mo Trend Micro MDR XDR Contain threats Per-endpoint, Custom Credit-based licensing via Vision One platform. MDR add-on pricing varies by coverage scope. Mid-market deployments typically run $15K-$40K/month; enterprise ranges from $40K-$150K+. Vectra AI MXDR MDR Contain threats Custom Custom pricing based on IP address count and environment scope. A mid-market deployment typically runs $15K-$40K/month; enterprise engagements range from $40K-$150K+. IBM Security MSSP Co‑managed SOC Custom, Tiered, Per-asset Enterprise custom pricing. QRadar on Cloud starts ~$800/month. Full managed services priced per organization. Netsurion Co‑managed SOC Co‑managed SOC Per-asset, Tiered, Custom ~$3,000-$5,000/month ReliaQuest Co‑managed SOC Co‑managed SOC Per-user, Custom, Tiered Enterprise custom pricing. Average engagements around $170K/year. Large enterprises can exceed $1M/year. Trustwave MSSP Co‑managed SOC Per-user, Tiered, Custom Custom enterprise pricing. Typical mid-market engagements range $5K-$20K/month. Government and large enterprise contracts vary. Arctic Wolf SOCaaS Full SOC Per-user, Tiered ~$10/user/month Binary Defense SOCaaS Full SOC Per-endpoint, Tiered, Custom Mid-market $5K-$15K/mo · Enterprise $15K-$40K/mo UnderDefense MDR Full SOC Per-endpoint, Flat-fee Published pricing on website. Flat-fee and per-endpoint options. Most SMBs pay $2K-$5K/month. 
Read prices as scope signals
Public SOC pricing is uneven. Some vendors publish per-user or per-endpoint prices. Others expose marketplace rates, package names, partner signals or customer-reported ranges. Treat the number as a shortlist signal, then confirm the contract scope before comparing providers.