Skip to main content

How can Softcat’s Managed Sentinel Service support Public Sector organisations?

Softcat recently launched our Managed Sentinel Service. We explore how Public Sector organisations can use Microsoft’s SIEM platform to its full potential.

IT Services

happy man working
Ben Menges

Ben Menges

Public Sector Specialist South Deputy Team Leader

Softcat's relationship with Microsoft goes back to our birth, quite literally! Starting as a software catalogue selling Microsoft licences, Softcat has grown organically, supporting not only new business lines, but also verticals such as Public Sector. Our Public Sector team is made up of over 200 account managers as well as additional dedicated resource, giving us excellent visibility across the public sector.

With over 4500 customers partnering with Softcat to help improve their security solutions, our understanding of customer demand is why we've been able to further specialise in aligning dedicated resource to Public Sector organisations.

We have a huge pool of customers who are currently looking at or using Microsoft Sentinel - but not to its full potential. The lack of headcount and the struggle to retain cyber roles - topped with the number of responsibilities that end up falling to those in cyber, are all reasons why by 2025 we expect 50% of Public Sector organisations to use a Managed Security Service. As one of Microsoft’s largest partners globally, coupled with our oversight across the Public Sector, we are perfectly positioned to support these organisations.

Security threats to the Public Sector

As the landscape of technology and threats continues to change, the Public Sector is under constant pressure to keep environments safe and to remain compliant. Navigating a plethora of incident alerts to identify what actually poses a threat is not only time consuming, but also leaves room for error. The sheer mass of monitoring required (including false positives/non-normalised data), along with the responsibility for making sure genuine incidents aren't missed, creates a high chance of burn-out for IT staff, further posing a risk to any organisation’s goals. Following NCSC guidelines on ‘cloud first’, Public Sector organisations are often now deploying cloud- based solutions to combat these risks.

What is Managed Sentinel?

Microsoft Sentinel (recognised as a leader in the 2022 Gartner Magic Quadrant for security information and event management) is a cloud-based SIEM (security information and event management) solution that can help Public Sector organisations improve their cyber security posture. Sentinel uses Artificial Intelligence (AI) and machine learning (ML) to collect, analyse, and correlate security data from a variety of sources. This allows organisations to quickly detect and respond to threats before they cause damage. Sentinel is scalable, flexible and can be customised to meet the unique nature of any Public Sector organisation. The benefits of our Managed Sentinel Service include:

  • Compliance support: Sentinel can help organisations comply with a variety of security regulations, such as GDPR and HIPAA, DSPT and GovAssure CAF.
  • Threat intelligence: Sentinel provides access to real-time threat intelligence from Microsoft and other leading security vendors. This helps organisations to stay ahead of the latest threats.
  • Incident response: Sentinel can automate many of the tasks involved in incident response, such as triaging alerts and investigating suspicious activity. This frees up security teams to focus on more strategic activities.

What does our Softcat’s Managed Sentinel Service offer Public Sector organisations?

We know Sentinel is a capable, reputable platform. Onboarding it allows for the consolidation of technology, the simplification of contracts for those using Microsoft, and quicker MTTR (mean time to respond) to those using the wider Microsoft Security suite... There are however, still some gaps that need filling, which is where Softcat’s Managed Sentinel Service comes in.

  • The power of integration

Integration between Microsoft Defender for Endpoint, Microsoft Cloud App Security, Azure Active Directory, other Microsoft Security and third party tools provides real-time visibility across an organisation’s entire IT Infrastructure. The integration of cross visibility across these areas utilising the added benefit of Softcat's SOAR (Security Orchestration, Automation, and Response) significantly adds to the functionality of an organisation’s security operations.

  • Streamlining Operations

By automating routine tasks using ML to identify patterns and anomalies, your security team alongside Softcat experts can focus on the most critical threats and respond faster and more effectively, again bettering your MTTR.

  • Incident Response

Softcat's Managed SEIM includes 20 hours of incident response, giving any organisation instant access to expert resource in case of an incident.

What makes Softcat’s Managed Sentinel Service different?

Softcat’s approach to the Managed Sentinel Service is to provide a bespoke solution for your organisation. In addition to our Managed Sentinel Service, you can bolt on additional services giving your organisation access to an enhanced cyber security offering.

As briefly mentioned before, MTTR needs to be a priority, and your time is best spent focusing on things that need your attention entirely. This is why we've invested significantly in the automation side of the platform and why we utilise Swimlane’s Security Operations Automation Platform as part of our service. Using Swimlane’s automation features allows our analysts to focus on more consultative activities to ensure our customers’ environments are running smoothly and are well maintained.

Cost optimisation is critical when it comes to Microsoft Sentinel: running a SEIM 24x7 with the relevant engineers can be costly in salary alone; and that’s before looking at any solution costs. Softcat’s Head of Cyber Services, Paul Solomon recommends a head count of four or five to manage a SEIM appropriately; level 1, 2 and 3 engineers with a regular night shift too. Add the salaries, and the cost of a platform, the cost quickly jumps.

The defining feature of our Managed Sentinel Service is that we can store logs in Microsoft Sentinel and additionally in Azure Data Explorer (ADX), which will help your organisation to optimise on costs. Using ADX alongside Sentinel's log Analytics Workspace is a unique approach that can save a significant amount of cost efficiencies due to ADX being significantly cheaper when it comes to storing logs longer term.

To summarise, Microsoft's Sentinel is an extensive security tool that helps organisations detect, investigate, and respond to security threats quickly and effectively... But Softcat's Managed Sentinel Service allows our customers to use Microsoft Sentinel as the underlying platform for our SOC (Security Operations Centre) service, providing optimised design, cost optimisation, custom content creation and resource considerations. This Softcat service is structured to deliver real value to customers as quickly as possible, making it a valuable addition to your organisation’s security strategy.

If you’d like to find out more about Softcat’s Managed Sentinel Service, please visit this dedicated page on our website.