August 2nd, 2023
MDR firm saves $100K per year with LimaCharlie
Recon Infosec is a growing managed security services provider run by a team of seasoned cybersecurity experts. After switching from their custom-engineered security stack to the LimaCharlie SecOps Cloud Platform, they achieved an annual cost savings of $100,000, improved their mean detection and response times by 98%, and laid the groundwork for scalable, long-term growth.
All-star security team seeks a better solution
Recon Infosec is not your average managed detection and response (MDR) provider. The firm has an unusually high number of cybersecurity subject-matter experts on the payroll—which allowed it to custom-engineer its own security stack using AWS, Elastic Compute Cloud, Elasticsearch, and various open-source cybersecurity tools.
The result was a powerful, cost-effective MDR offering that put enterprise-tier cybersecurity within reach for small and medium businesses—and led to rapid growth for Recon Infosec.
But as the company began to expand, the challenges of this DIY approach to cybersecurity infrastructure became clear. “There were increasing costs and complexity to maintaining a custom security stack,” says Andrew Cook, VP of Technology and Services at Recon InfoSec. “And even though our homegrown solution was working well, we could see that it wasn’t going to double or triple in scale the way we needed it to.”
The less-apparent costs were also an issue. “There was a huge hidden cost to how we were doing things,” remarks Eric Capuano, Recon Infosec’s CTO and co-founder. “We had this highly skilled orchestration, automation, and DevOps team spending a great deal of their time maintaining infrastructure instead of focusing on direct cybersecurity functions.”
But for Recon Infosec, finding an alternative to its existing security stack was challenging.
They had already achieved substantial cost savings by building on open-source and public cloud solutions. Matching or surpassing this level of cost-effectiveness would not be easy.
In addition, company leadership refused to sacrifice the high standard of security operations they’d achieved with their homegrown stack. As Cook puts it, “We didn’t want to perform ‘as well as’ the competition, and we certainly didn’t want our ability to do security operations constrained by how well some vendor does security.” But that meant they needed a solution that offered extensive control over the underlying infrastructure and tooling—and would mesh with the company’s DevOps approach to cybersecurity.
SecOps Cloud Platform delivers $100K in savings
After considering several options, Recon Infosec found what they were searching for in LimaCharlie.
LimaCharlie is a SecOps Cloud Platform that takes a very different approach to cybersecurity. The platform is based on an advanced Detection, Automation, and Response Engine and delivers 100+ cybersecurity capabilities and integrations. But all of that is offered on-demand as interoperable, cloud-native cybersecurity primitives—and all security data is normalized to a common format in a single hub. The result is a unified, cloud-based SecOps platform that gives cybersecurity teams unparalleled control over their security stack at a fraction of the cost of other vendors.
“There is no one-size-fits-all answer to cybersecurity problems,” explains Christopher Luft, co-founder of LimaCharlie. “That’s why we take this architectural approach: To give teams the control, visibility, and flexibility to customize security solutions in a single, cost-effective, vendor-neutral platform.”
LimaCharlie’s unique model provides several different paths to cost savings:
LimaCharlie allows teams to unify their infrastructure and tooling in a single platform, helping to reduce tool sprawl.
The SecOps Cloud Platform enables data to be brought in from any source and outputted to any destination—a data-routing capability that is, although just one small part of the wider LimaCharlie platform, valuable enough that single-function observability vendors build businesses around it. This capability helps teams reduce spending by sending necessary data only to high-cost tools like Splunk and retaining the rest in a low-cost storage solution of their choosing.
LimaCharlie offers a full year of free telemetry storage. All data is automatically retained for one year in the LimaCharlie cloud in a normalized and searchable format. Data can also be queried directly within LimaCharlie using the powerful, intuitive, and cost-effective LimaCharlie Query Language feature. Together, these features provide yet another way for teams to lower storage costs without losing access to rich telemetry data.
All cybersecurity capabilities in the SecOps Cloud Platform are delivered via an on-demand, pay-per-use pricing model. Teams only pay for what they need—and can scale up or down as required.
Pure usage-based billing options are also available. This helps teams pre-deploy sensors in sleeper mode into client environments for just pennies per month.
Pricing is fully transparent with no contracts, capacity planning, or price modeling—and no unexpected expenses. Pricing predictability enables smarter budgeting and better business decision-making.
After demoing the platform, Recon Infosec made the decision to migrate its entire security stack to LimaCharlie. “I saw the potential immediately,” recalls Capuano. “We would be able to meet every capability we currently had—and instantaneously gain several we’d never had. The LimaCharlie paradigm meant we could finally stop worrying about infrastructure and put all of our energy into cybersecurity operations.”
And even though Recon Infosec had already engineered an extraordinarily cost-effective security stack, switching to LimaCharlie still resulted in substantial cost savings, says Capuano:
“On average, we’re looking at an annual cost savings of approximately $100,000.”
Minutes to milliseconds. Ready to scale.
The savings Recon Infosec achieved by moving to LimaCharlie was impressive. But the company’s leadership says there were other benefits to the migration—both from a purely technical standpoint and also in terms of business operations.
LimaCharlie’s endpoint agent, for example, offers robust, real-time EDR capabilities. Verbose telemetry is streamed from endpoint sensors to the cloud in real time over a semi-persistent TLS connection—allowing for response actions to be taken on the endpoint within 100ms of an event. This, says Capuano, was a game-changer for his company. “Our previous technology was at the cutting edge of open-source capabilities—but our mean time to detect (MTTD) and mean time to respond (MTTR) were still measured in minutes,” he says. “The LimaCharlie agent has improved our MTTD and MTTR by around 98%. That’s massive. We’ve gotten our response times down from minutes to milliseconds.”
In addition, LimaCharlie’s predictable pricing and performant infrastructure have had an impact on Recon Infosec’s business operations. “Our ability to onboard customers quickly and confidently has dramatically increased,” says Cook, “because our ability to scale is no longer limited by our ability to maintain our security infrastructure.”
Looking to the future, Recon Infosec is optimistic about its partnership with LimaCharlie. “There are the cost savings, and we’re gaining new capabilities, and that’s all great,” says Capuano. “But when you add on this seamless, fluid working relationship, it’s like a fairy tale. This is one of the strongest technology partnerships we’ve ever had.”