CybersecurityInfrastructure

BlueVoyant Targets Mature SOCs with AI-Powered SaaS Platform

Analyst 207||Source: GovInfoSecurity
Modern security operations center interior with personnel at sleek workstations.

"What I saw was a brand new, built from scratch, self-service SaaS platform with agentic AI at the heart of it that's not only going to make our employees in our SOC and ROC faster and more effective in defending our customers, but it's also going to provide an opportunity for companies that just want to use the technology standalone and work within their SOC today," John Hernandez said.

John Hernandez's mandate at BlueVoyant

BlueVoyant, the New York-based cybersecurity vendor, has installed John Hernandez as CEO with an explicit directive to shift the company toward a more scalable, technology-first model. Hernandez replaces Jim Rosenthal, who led BlueVoyant since its founding in 2017 and will continue to serve as board chair. Management’s stated aim is to leverage a next-generation SaaS platform to expand BlueVoyant’s addressable market beyond its traditional managed services business.

Agentic AI in BlueVoyant's next-generation SaaS platform

Hernandez describes the new platform as built "from scratch" with "agentic AI" embedded at its core. According to Hernandez, the platform is intended to enhance analyst productivity, automate threat detection and response, and create a more scalable architecture. The company says it is not merely experimenting with AI but is "already operationalizing it within its SOC and service delivery," a step Hernandez says gives BlueVoyant a first-mover advantage in a competitive market.

Expanding beyond managed detection and response into mature, in-house SOCs

Historically, BlueVoyant focused heavily on managed services such as managed detection and response (MDR). Hernandez is positioning the new SaaS offering to attract organizations that operate their own security operations centers (SOCs) and may not have previously seen BlueVoyant as a fit. "What's going to emerge for us now is a customer that doesn't want any SOC or ROC from us," Hernandez said, noting that the standalone platform will enable customers to "use their own people 24/7" while taking advantage of BlueVoyant's technology.

Microsoft partnership, marketplace integration, and product alignment

Hernandez brings a background of building multi-tenant SaaS platforms, including work around Microsoft identity, Entra ID and Active Directory. BlueVoyant is integrating deeply with Microsoft tools and participating in Microsoft's marketplace ecosystem. Hernandez framed that relationship as both technical alignment and "go-to-market leverage," saying Microsoft "sees BlueVoyant as a partner capable of helping clients realize value from complex security investments such as E5 and E7 licenses" and that Microsoft regards BlueVoyant as "a critical arm of our expertise in services and consulting."

How technologists, procurement leaders, and governments should watch this

  • Technologists and security teams: The embedded agentic AI and claims of increased analyst productivity will be the immediate technical hooks to evaluate. Teams that currently operate their own SOCs will test whether the platform’s automation and detection capabilities can be used standalone to "detect, prevent and respond" without managed services.
  • Procurement leaders and affected enterprises: The SaaS, self-service option creates a procurement choice between retaining BlueVoyant’s MDR services or purchasing a standalone platform. Hernandez signals an intent to broaden the customer base to organizations that previously did not consider a services-heavy firm as a vendor.
  • Governments and public-sector buyers: Hernandez cites experience working with governments on identity and ransomware defense, and he highlights BlueVoyant’s capability to "look across the entire supply chain for enterprises and governments." That supply chain visibility, tied to MDR and digital risk protection, is a stated differentiator BlueVoyant intends to press in public-sector engagements.

Scope expansion: supply chain risk and adjacent markets

Beyond MDR and SOC tooling, Hernandez is exploring adjacent markets where the SaaS platform could serve as a foundation. He mentioned deeper engagement within the Microsoft ecosystem, expanded capabilities in supply chain risk, and broader applications of AI-driven security. Hernandez framed the platform as extensible: "How do you embed that agentic AI right into the platform that will help us manage those threats that are coming into those organizations, either through the supply chain or directly through their network or endpoint?"

BlueVoyant’s strategic pivot is concrete: a New York-based services firm led by a CEO with a track record in SaaS and Microsoft-aligned product areas, seeking to convert operational know-how into a multi-tenant, agentic-AI-enabled product that can be sold both as a managed service and as standalone software. Whether this transition will scale as intended, grow revenue through Microsoft marketplace channels, and satisfy customers that prefer in-house SOC operations are the immediate tests ahead. Jim Rosenthal’s move to board chair leaves the company’s institutional experience in place even as Hernandez presses the company toward software-led growth.

https://www.govinfosecurity.com/bluevoyant-prepares-saas-push-under-new-ceo-john-hernandez-a-31604

Agentic AiEmerging ThreatsAI-Powered SaasSOCROCBluevoyantTechnology-First ModelSelf-Service Platform
Related Intelligence

Continue Reading

Close-up of a smartphone's circuit board with blurred background, components out of focus.

BootROM Exploit Targets Millions of iPhones

Millions of iPhones are vulnerable to a newly discovered BootROM exploit, known as "usbliter8", that can't be fixed with software updates because it's embedded in the device's hardware. This means iPhones with A12 and A13 processors will be at risk for the rest of their lifespan.

Analyst 207
Blurred laptop screen on office table surrounded by coworkers.

AI Agents Emerge as Unchecked Identities in Enterprise Security

The equation for enterprise security is no longer simple: with AI agents now connected to critical business services, controlling identities is no longer enough to control risk. These emerging insiders have quietly become privileged - and potentially invisible - attack paths that security and identity programs must urgently address.

Analyst 207
Security analysts work at computer workstations and a large wall screen in a brightly-lit operations center.

AI Shifts Threat Management from Reactive to Proactive Stance

With a sprawling security stack of 40+ tools, enterprise teams are drowning in overlapping alerts and manual handoffs, leaving gaping holes for adversaries to exploit. This disjointed approach leaves teams scrambling to respond to threats, with attackers enjoying a lengthy 43-day window to wreak havoc.

Analyst 207
Windows desktop with Recycle Bin open, showing a file and a confirmation dialog with a partially obscured filename.

Microsoft Updates Trigger Recycle Bin Filename Glitch

Microsoft just revealed a frustrating glitch in the Recycle Bin that displays a confusing filename when you permanently delete an item, showing a cryptic code instead of the file's original name. Luckily, the issue only affects the deletion confirmation dialog and doesn't change the file's name in the Recycle Bin or when it's restored.

Analyst 207