We have been struggling to articulate the differentiators in our service (i.e. the value add we have over our competitors). The white paper really sums it up for us - focus on speeding up incident response and not detection (note; I am not saying e2e ignore detection but rather highlighting that if you have detection and no response then why bother?).
The true value in a protective monitoring/security monitoring/managed security operations centre (SOC) service is the depth and quality of the incident response processes, people and technology.
In particular the ‘IR Maturity model’ is a great concept (see the table/picture on page 2) – if you go with e2e you get ‘Proactive Incident Response’. All the competition seem to be still doing detection only, and they get you, the customer to do the ‘Manual Forensics’!