Summary
WhiteRook Cyber, an MSP operating a 24/7 Security Operations Centre, transitioned from a Microsoft E5-based security stack to Microsoft Business Premium combined with Guardz. While the initial goal was to simplify security operations and reduce pressure on their SOC team, the move also unlocked meaningful cost efficiencies for clients without compromising protection.
As Managing Director Alex Niazov explains, the shift was easy to position commercially: “We can save you some money and give you a better solution.”
Business Challenge
Screwloose IT had standardised on Microsoft E5 with a Sentinel-based SOC across much of its customer base. Although this provided a comprehensive security foundation, it came with cost and operational complexity. Managing Microsoft’s security stack required constant tuning, rule management and investigation effort, placing strain on the SOC team.
At the same time, the business was looking for ways to scale more efficiently. Analysts were spending too much time on manual triage and incident investigation, limiting their ability to focus on higher-value work.
Beyond cost, there was a broader challenge familiar to many MSPs: limited headspace. With teams already stretched, introducing additional tools or processes had to deliver clear operational benefits, not just incremental improvements.
Maintaining a strong client experience was crucial and email security needed to function effectively in the background without creating friction for end users or Netway’s support team.
Solution
WhiteRook Cyber implemented Guardz as part of its cybersecurity tool stack after evaluating several alternative solutions. The decision was not initially about replacing Microsoft E5, but about finding a more efficient way to support their SOC operations.
Over time, the shift enabled a broader licencing change. Most customers were moved to Microsoft Business Premium (for organisations under 300 users) or E3 (for larger environments), with Guardz layered in to provide detection and response capabilities.
Guardz now sits within the SOC workflow, handling the majority of endpoint and Microsoft-related security activity, while the broader SOC continues to ingest and monitor other data sources. This hybrid approach ensures coverage across the full environment, while reducing reliance on complex Microsoft security tooling.
From an operational perspective, the impact was immediate. Guardz’s automated triage and incident timelines significantly reduced the manual effort required from analysts. Deployment was also straightforward, with Alex describing it as “super simple… connect up, push via RMM and you’re good to go.”
“Guardz just works.”
Result
The most immediate outcome was improved operational efficiency within the SOC. Guardz reduced the need for manual investigation and simplified incident handling, allowing the team to work faster and more effectively.
Rather than piecing together logs manually, the team now receives clear, structured timelines that make sense even to less experienced engineers. “It actually makes sense to anybody… that saves you hours from each breach,” Alex explained.
Tasks that previously required senior engineers can now be handled by junior staff, improving scalability and reducing training overhead.
Commercially, the shift created a more flexible and compelling offering. By combining Business Premium with a bundled SOC service powered by Guardz, WhiteRook Cyber was able to reduce licencing costs while embedding security into a single, easy-to-understand package. In many cases, customers are now paying a similar or lower overall cost than E5 alone, but receiving a fully managed SOC in return.
Customer response has largely been positive. Most clients accepted the change without issue, particularly when the value proposition was clearly communicated. As Alex noted, the conversation was straightforward: “We can save you some money and give you a better solution.”
Future Directions
WhiteRook Cyber plans to continue building around Guardz as a core component of its SOC, while maintaining a broader security framework to cover areas outside its scope. Looking ahead, the focus will be on refining this hybrid model, balancing automation with human oversight, and continuing to scale the approach across their customer base.
"Very happy with Guardz… they’re constantly improving and evolving."