Back to Blog
Company

Why We Built a Public Savings Calculator and Put Our Pricing in the Open

· 7 min read · By Ruchika Sharma

Last week we shipped something unusual for a cybersecurity company: a public savings calculator that lets anyone compare their current SIEM and SOC costs against ours. No gated form. No sales call. No NDA. Just real numbers built on real cost models.

This post explains why we built it, what it reveals about the economics of legacy security, and why we believe transparency is the only honest way to sell to CISOs in 2026.

The Problem With Legacy SIEM Pricing

If you run a SOC today, you already know the pain. Legacy SIEMs charge per gigabyte of data ingested. The more logs your business generates, the more you pay. Not per threat detected. Not per incident resolved. You are billed for the privilege of making your own data searchable.

Here is what that looks like at scale:

  • 500 GB/day at typical rates: $600K+ per year in license fees alone
  • Infrastructure to support it: another 20-30% on top
  • Admin staff to keep it running: 1-2 dedicated FTEs
  • SOC analysts to investigate alerts: 8-15 people for 24/7 coverage

Add it all up and a mid-market organization easily spends $1.5M to $3M per year on security operations. An enterprise at 2-5 TB/day? That number can exceed $10M.

The worst part is not the total. It is that most of this budget goes to infrastructure, not outcomes. You are paying to move and store data, not to catch attackers.

Why Cost Opacity Exists

Legacy vendors have strong incentives to keep pricing opaque. When every deal is a custom quote behind an NDA, buyers lose the ability to comparison-shop. You cannot benchmark your contract against the market because there is no public market to benchmark against.

This opacity serves the vendor, not the buyer. It allows for:

  • Price discrimination: charging different customers wildly different rates for the same product
  • Lock-in leverage: once your data is ingested into a proprietary format, switching costs are enormous
  • Renewal pressure: annual increases of 15-30% are common because the cost of migrating away is higher than the cost of staying
  • Feature gating: basic capabilities like user behavior analytics or extended retention get packaged as premium add-ons

We talked to dozens of CISOs during our design phase. The same frustration came up in nearly every conversation: "I cannot get a straight answer on what this will cost until I am already three months into an evaluation." That is not a sales process. That is a trap.

Our Decision to Build in the Open

When we started Vigilense AI, we made a deliberate choice: if we are going to claim we save customers 50-70% versus legacy stacks, we should prove it publicly, not just in sales decks.

That is why we built the Savings Calculator.

It is not a marketing gimmick with a few sliders and a big green number. It is a real cost model that calculates both sides of the comparison in detail:

  • Legacy side: license fees based on published per-GB rates, infrastructure overhead, admin staffing, SOC analyst headcount (scaled by shift model), SOAR tooling, turnover costs, and training
  • Vigilense side: BYODb platform fees (pass-through cloud costs to your own database), AI SOC platform subscription, compute for AI investigation, and human-in-the-loop staffing for escalated cases

Every assumption is adjustable. If you think our defaults are too generous, change them. The model works with your numbers, not ours.

Three Modes for Three Buying Decisions

Not every organization is ready to replace their entire security stack at once. That is why the calculator supports three modes:

BYODb SIEM

For teams that want to keep their SOC but eliminate ingestion fees. Compare the cost of running detections on your own databases (Snowflake, Elasticsearch, OpenSearch, S3, BigQuery) versus paying a legacy SIEM to re-ingest the same data. This is where the "zero ingestion tax" value proposition is most visible.

AI SOC Analyst

For teams drowning in alert fatigue. Compare the cost of a 24/7 human SOC (staffing, turnover, training, tooling) against an AI analyst that triages 100% of alerts and autonomously resolves 60-90% of them. The remaining investigations are escalated with AI-prepared packages for faster human review.

SOVEREIGN SOC

The full stack: BYODb SIEM + AI SOC Analyst bundled together with a 15% discount. This is where the savings are most dramatic because you eliminate both the ingestion tax and the bulk of manual SOC labor simultaneously.

What the Numbers Actually Show

After running thousands of scenarios during development, here is what we consistently see:

  • At low volumes (1-10 GB/day): savings are modest because fixed platform costs represent a larger share. We are honest about this. We are not the cheapest option for a five-person startup.
  • At mid-market volumes (50-500 GB/day): savings of 45-65% are typical. This is where the BYODb model starts to dominate because your cloud database costs grow slowly while legacy license fees grow linearly.
  • At enterprise scale (1-10 TB/day): savings of 55-75% are common. At this scale, the math becomes overwhelming. A legacy SIEM at 5 TB/day can cost $5-8M per year. The Vigilense equivalent, including AI SOC staffing, typically comes in at $1.5-3M.

The automation rate matters too. The calculator shows a range based on 60-90% autonomous resolution. A mature deployment with well-tuned playbooks and established trust in the AI will trend toward the higher end. A fresh deployment will start closer to 60% and improve over 12-18 months.

Why We Show Everything

Some people have asked why we do not just show the savings number and hide the details. The answer is simple: CISOs are not impressed by a single number. They need to see the work.

The detailed cost breakdown shows every line item on both sides:

  • How many analysts the model assumes for your alert volume
  • What salary bands and benefits multipliers are used
  • How turnover and recruiting costs factor in
  • Exactly what cloud infrastructure costs the BYODb model incurs
  • How AI compute scales with investigation volume
  • What human-in-the-loop staffing looks like post-automation

If something looks wrong, you can adjust it. The goal is not to produce a flattering number. The goal is to produce an accurate one.

The Bigger Point: Pricing Should Reflect Value

The fundamental problem with per-GB pricing is that it has no relationship to security outcomes. An organization that ingests 1 TB/day is not necessarily ten times more secure than one that ingests 100 GB/day. They just generate more data.

We built Vigilense AI around a different principle: you should pay for the security work performed, not the volume of raw material. That means:

  • Zero ingestion fees. Your data stays in your databases. We query it in place. The storage costs are between you and your cloud provider, at commodity rates you already negotiated.
  • Workload-based pricing. Platform fees scale with detections running and investigations handled, not with data volume.
  • Risk-free pilot. We deploy the full SOVEREIGN SOC at our expense. You pay nothing until we prove measurable results. If the numbers do not work, you walk away.

This model only works if the numbers are real. That is why we put them in the open.

Try It Yourself

The Savings Calculator is live now. Enter your data volume, alert count, and staffing assumptions. See exactly what you would pay on both sides. Adjust anything that does not match your reality.

If you want the full picture, the pricing overview explains our outcome-first model, the risk-free pilot, and what is included in every deployment.

And if the numbers speak for themselves, let us talk.

See the numbers for your environment.

Run the Savings Calculator Book a Demo
ZT

Ruchika Sharma

Co-founder & CEO
Experienced operator who has scaled multiple B2B companies from early stage to market leadership. Focused on building businesses that solve real problems for security teams.