With the inevitable news that Microsoft Sentinel is transitioning to a new Unified Portal (although not entirely new), it’s essential to clarify this transition to understand Microsoft’s decision. Anyone who has deployed Sentinel is aware that Log Analytics, a crucial component, must also be deployed, as it is a requirement for Sentinel. As a result, the data is not moving; it’s just the method for viewing and manipulating that data. This transition results in a single platform where Microsoft can focus its investments, streamlining operations to enhance managed SOC services and improvements in SOC efficiency.

Is this the best outcome for a provider delivering a SOC-managed services? I am not entirely convinced of this, not in its current format. I’m at a crossroads in my blog; do I turn right and make this a sales pitch, or turn left and focus on the technical aspect? I am taking the middle road: what does a provider need to address in terms of enhanced managed SOC services?

To achieve profitability, providers must strive to deliver exceptional service, embracing the challenges in an oversaturated marketplace as opportunities for growth and excellence. This approach seems simple in theory, but it involves addressing the expectations surrounding SOC-managed services. Providers also face the challenge of bridging the skills gap with skilled professionals, managing rising costs through efficient resource allocation, and handling the increasing number of cybersecurity threats and incidents, each of which requires time and resources to triage.

Combined with business costs, internal security measures, and the risk of being caught in a cyber attack on your clients, many businesses are considering advanced security tools, SOC efficiency, and security orchestration to mitigate these risks. Some providers might move data to a secure, external resting place to analyse data for their clients, which raises both costs and concerns for clients regarding potential threats.

In conclusion, the transition to the Unified Portal in Microsoft Sentinel presents an opportunity for improved SOC performance and response capabilities. However, it is currently falling short for the Provider. Careful consideration of cyber risk owners, digital infrastructure, and evolving threats will be essential for maximising the long-term value of modern SOCs amidst the changes.

‍

Will time tell, or it time running out with the move?