CSP Lighthouse is our Managed Detection and Response (MDR) service and one of our most comprehensive security offerings for Australian and international clients.
CSP Lighthouse leverages the power of cloud AI and automation from Microsoft Sentinel and Defender E5 solutions. See our CSP Lighthouse datasheet for more information. We provide a flexible offering with add-on services to meet your exact needs.
Future of security
The corporate perimeter is becoming obsolete as remote work increasingly becomes the new normal and the threat landscape more sophisticated than ever.
Our mission is to provide full threat monitoring and response to protect and detect cyberattacks. This modern SOC combined with AI-integrated automation will help your organization build resilience while allowing your culture to remain agile in a mobile and remote-working world.
One crucial component of this service is that your data never leaves your environment, unlike other MSSP’s that ship your data elsewhere to analyze and monitor, CSP manages our partners through very tight role delegation and by leveraging Azure Lighthouse. This ensures data sovereignty, compliance, and integrity.
Retaining security alerts long-term is crucial as the average hacker can remain obscure and undetected for around four months. We provide a pro-active threat hunting security team that can respond to, and hunt for, emerging threats as well as implement custom playbooks, automation rules, and important dashboards/reports. Automatic remediation and alert enrichment are vital for combating cyberattacks.
Depending on the context we can provision and manage your entire Microsoft XDR platform as well as provide 24/7 support for Sentinel. Microsoft Extended Detection and Response (XDR) covers a host of integrated security products starting with Microsoft 365 Defender; this includes, Microsoft Defender for Cloud Apps (MDCA), Microsoft Defender for Endpoint (MDE), Defender for Office 365 (MDO), Defender for Identities (MDI) and Microsoft Defender for Cloud (MDC).
Cloud Access Security Brokers like Microsoft Defender for Cloud are cloud-based security solutions that provide a new layer of security to enable oversight and control of activities and information across public and custom cloud SaaS apps and IaaS services. MDCA is broken into four key capability areas including, Shadow IT Discovery, Information Protection, Threat Protection, and Compliance, and provides a central control plane for governance and policy enforcement across all your cloud apps and services.
We can set MDCA governance actions for automated response across your entire environment. We can help protect apps like SharePoint or hundreds of other SaaS business apps with real-time policies or create application control by sanctioning and unsanctioning Shadow IT. CSP provides management across all these key areas and review policies and controls continuously based on our With-XDR plan. The below image shows how these different products protect a company from a practical standpoint across the cyberattack “kill-chain”.
See and stop threats before they cause harm, with a Security Information & Events Management (SIEM) reinvented for the modern world. Azure Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI) and Automation. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing costs by as much as 48 percent compared to traditional SIEMs. We provide a 24/7 Lighthouse service that will continually guard against emerging threats as well as respond to any detections that arise.
In the world of Azure Sentinel there are two main roles it plays – Security Information and Events Management (SIEM) – as this is a cloud based system it scales much better than a traditional on-premise SIEM and can retain 2+ years of security logs from almost 100 source connectors. The other part of this equation is Security Orchestration Automation & Response (SOAR); this is where the wonders of modern automation/AI really start to show their value. CSP Lighthouse leverages custom ‘playbooks’ that will automatically respond to emerging threats as well as provide key information when it comes to triaging incidents.