Azure Sentinel

MDR + MCR

CSP Lighthouse is a Managed Detection and Response (MDR) service and is often combined with our Managed Compliance and Risk (MCR) service Essential Eight Plus

CSP Lighthouse leverages the power of cloud-native logging solution Microsoft Sentinel which is composed of two parts:

  • Security information and event management (SIEM)
  • Security orchestration, automation, and response (SOAR)

Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise. You get a single solution for attack detection, threat visibility, proactive hunting, and threat response. Using our integrated mobile application which can automatically SMS and Phone whoever is on-call; we are able to fully schedule our analytsts around the clock, and ensure high severity alerts never get missed.

This detection and response platform forges a strong alliance with all the integrated security mechanisms, which we help provision, throughout the Microsoft Defender, Cloud App Security, and Microsoft Endpoint Manager (Intune) portals. See our CSP Lighthouse datasheet for more information.

Future of Security

Fortune favors the prepared mind – Louis Pasteur

 

 

The corporate perimeter is becoming obsolete – remote work is becoming the new norm – and threat actors are more sophisticated than ever.

Our mission is to provide proactive threat monitoring and build security controls that help prevent cyberattacks. This modern SOC combined with AI-integrated automation will help your organization build resilience while allowing your team to collaborate and work from anywhere.

One crucial component of this service is that your data never leaves your environment, unlike other MDR’s that ship your data elsewhere to analyze and monitor, CSP manages our partners through strict role delegation and by leveraging Azure Lighthouse. This lets you maintain data sovereignty at all times.

Retaining security alerts long-term is crucial as the average hacker can remain obscure and undetected for around four months. We provide a pro-active threat hunting security team that can respond to, and hunt for, emerging threats as well as implement custom playbooks, automation rules, and important dashboards/reports. Automatic remediation and alert enrichment are vital for combating cyberattacks.

See our full datasheet here or contact us to find out more at lighthouse@cspa.com.au

Defender XDR

Depending on the context we can provision and manage your entire Microsoft XDR platform as well as provide 24/7 support for Sentinel. Microsoft Extended Detection and Response (XDR) covers a host of integrated security products starting with Microsoft 365 Defender; this includes, Microsoft Defender for Cloud Apps (MDCA), Microsoft Defender for Endpoint (MDE), Defender for Office 365 (MDO), Defender for Identities (MDI) and Microsoft Defender for Cloud (MDC).

Cloud Access Security Brokers like Microsoft Defender for Cloud are cloud-based security solutions that provide a new layer of security to enable oversight and control of activities and information across public and custom cloud SaaS apps and IaaS services. MDCA is broken into four key capability areas including, Shadow IT Discovery, Information Protection, Threat Protection, and Compliance, and provides a central control plane for governance and policy enforcement across all your cloud apps and services.

We can set MDCA governance actions for automated response across your entire environment. We can help protect apps like SharePoint or hundreds of other SaaS business apps with real-time policies or create application control by sanctioning and unsanctioning Shadow IT. CSP provides management across all these key areas and review policies and controls continuously based on our With-XDR plan. The below image shows how these different products protect a company from a practical standpoint across the cyberattack “kill-chain”.

Microsoft Sentinel

See and stop threats before they cause harm, with a Security Information & Events Management (SIEM) reinvented for the modern world. Azure Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI) and Automation. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing costs by as much as 48 percent compared to traditional SIEMs. We provide a 24/7 Lighthouse service that will continually guard against emerging threats as well as respond to any detections that arise.

In the world of Azure Sentinel there are two main roles it plays – Security Information and Events Management (SIEM) – as this is a cloud based system it scales much better than a traditional on-premise SIEM and can retain 2+ years of security logs from almost 100 source connectors. The other part of this equation is Security Orchestration Automation & Response (SOAR); this is where the wonders of modern automation/AI really start to show their value. CSP Lighthouse leverages custom ‘playbooks’ that will automatically respond to emerging threats as well as provide key information when it comes to triaging incidents.